The Software That Controls our Infrastructure is Vulnerable to Attack
The world has once again been reminded that the threat of cyber attacks on critical infrastructure systems remains very real. Last month, Britain’s defense secretary, Gavin Williamson, iterated that Russia held the potential for wide disruption and “thousands of deaths” through such attacks. His announcement was the latest indication of increased chatter regarding attacks on critical infrastructure, such as power grids and other systems, by Russia and other nation-states.
Unfortunately, it appears that the general populace either wishes to ignore the warnings or has bought into a sanitized and nonthreatening version of such attacks based on the version found in Hollywood.
Is the world becoming desensitized to cyber attacks?
Television has shown us examples of our own government using nonkinetic warfare, shutting down power in specific regions to demonstrate our strength and resolve. On screen, elected officials stare grimly at satellite images as large areas glowing from electric light slowly grow dark.
This is not a new idea. I grew up with war and espionage movies that always included a “cut the power” part of the mission. That is because disruption of infrastructure is a key element of sound military strategy. Except in these movies, someone had to physically disrupt the power—someone had to be on-site. What is new is the ability to cut the power from a safe distance with the stroke of a key or the click of a mouse. No bombs, no missiles, no exotic kinetic devices.
Hollywood has painted an image of infrastructure attacks that are bothersome but ultimately benign. In these simulated dramatized attacks, a security breach functions as a remote on/off switch. Turn the switch back to “on,” and all is restored to how it was before the attack. We are inconvenienced for sure, but there are no lasting effects. While this is certainly a possibility in the real world, there also exists the possibility for long-lasting damage to the infrastructure.
Related: Learn More at SecurityWeek’s ICS Cyber Security Conference
Let’s step away from Hollywood for a moment and consider a real-life scenario of a far less benign attack.
What does a real infrastructure attack look like?
In 2009, the Sayano-Shushenskaya hydroelectric plant, near Sayanogorsk in Khakassia, Russia, was destroyed, providing a taste of what an infrastructure attack could accomplish. To be clear, this disaster was not caused by a cyber attack, but given that the root cause was traced to a software failure, it provides insight into the havoc such an attack could cause. There was a human cost as well, as 75 people perished in the event.
In the morning of Aug. 17, the 900-plus-ton rotor of the number 2 turbine of Sayano-Shushenskaya tore from its moorings and rose into the main turbine room. The combined force of that much metal spinning at a high rate and the torrent of water that followed ripped through the ceiling of the turbine room and cut a wide path of destruction. Pictures taken after the accident show what looks like the effects of a bomb blast.
The failure of the plant cut power to a large geographic region, and the inhabitants were affected for years while the plant was repaired. This was no momentary shutdown of power for dramatic effect—this was a real, long-term interruption in infrastructure.
Turbine 2 had a long history of vibration issues, and special regulating software had been employed to help regulate the problems. An investigation into the disaster showed that this software was not properly functioning at the time of the event. The failure of the regulating software and accumulated metal fatigue eventually combined to create the chain of events that crippled the facility.
Initially, there was concern that the software failure may have come at the hands of an outside agent, but ultimately it was traced to a series of communication issues across multiple plants.
The fact that this event was not caused by an outside agent does not blunt the lesson to be taken away: A strategically placed cyber attack could create long-term disruption to critical infrastructure by infiltrating key command and control software.
Is the software controlling our critical infrastructure really that vulnerable?
Need more proof that cyber attacks are not artificially constrained to being remote kill switches? Remember Stuxnet, the famous attack on the Iranian nuclear program? The attack targeted programmable logic controllers on the centrifuges being used to process nuclear material. By infiltrating these controllers, the attackers were able to force the centrifuges to spin beyond their operating limits, causing vibrations (where have I heard that word before?) that would ultimately tear the devices apart. It is believed that over 1,000 centrifuges were destroyed in the attack.
We now know that someone can infiltrate a car and turn off critical systems, such as the brakes. It is not a leap to believe that the same thing could happen to an element of our critical infrastructure. It is also not a reach to see that infiltration of strategic systems and software could create consequences that go beyond a temporary blackout.
It is time to take the security of our critical infrastructure seriously. The software that controls our infrastructure is vulnerable to attack, and the potential results are far more destructive and pervasive than even science fiction would have us believe.
Related: Learn More at SecurityWeek’s ICS Cyber Security Conference
