A fairly new addition to the roster of weapons we have conceived of to harm one another, cyberattacks are becoming more and more common as technology progresses. We are all familiar with internet trolls and bots that are used to sway opinion or otherwise create chaos, but cyberattacks are not something that the average person has on their mind. This is something that, soon enough, could easily change.
You may be aware of the Stuxnet malware that surfaced back in 2010. The target in this case was Iran, specifically their nuclear program, and it was devastating. Almost a fifth of the country’s nuclear centrifuges were destroyed, and over 200,000 computers infected. There has been no admission of guilt, but it is widely thought that the the malware and attack were the doings of the US, Israel and the UK. Fast forward to January 10th of this year, and the cybersecurity firm Dragos released a new report, titled “The North American Electric Cyber Threat Perspective”. It serves as a summary of their projections of the cybersecurity landscape for 2020. While it has not been widely reported, it shows a quite harrowing threat to the US. And again, even though there has been no admissions or findings in regards to the culprits behind the scenes, one can safely assume who to suspect.
In these attacks, the main targets usually are companies managing key infrastructure, such as oil and gas, specifically attacking their ICS networks (Industrial Control Systems). According to the report, 11 of the 30 groups Dragos tracks have shown that their interest has turned mainly to the national power grid, by expanding their operations and targeting energy assets as a whole. It names two groups, called Magnallium and Xenotime, that are examples of this growing trend, while a third, Parasite, has taken to exploiting VPNs (Virtual Private Networks) in order to gain access to the ICS.
Xenotime has had their time in the spotlight before, causing waves when they attacked oil and gas facilities in Saudi Arabia in 2017. They did this using malware dubbed Triton, made for an assault on what is called Tritonex, the SIS (Safety Instrumented System) of Schneider Electric. It was intended that this would influence the emergency shutdown controllers of these facilities and, while it was eventually identified, this was only because the attackers themselves made a mistake and were detected. Otherwise, the consequences could have been much more dire, including harm coming to the workers, and facility production becoming impossible. It was also unique in that it was the first time anything like this had been discovered, though it initially went undetected by the company that was the victim and, in all likelihood, could have remained that way. It is a glaring sign of what is on the horizon, with attacks such as these becoming more and more sophisticated and common.
Because of this, the outlook for the future is quite grim. While these companies have spent much time, money and effort on cybersecurity, the enemy they face is also well-funded, well-equipped and well-trained. They clearly have enough resources at their disposal to confidently carry out these attacks, with increasing measure. Dragos has warned that all countries are at risk from these threats. We can assume ourselves that, of course, some are more of a target than others, but the ability to make any country a target is clear when they manage to carry out successful attacks in a country that has the resources to defend itself, like the US.
But in spite of this, the response will naturally be to build up a greater defence. Right now, the US Department of Energy is pouring millions of dollars into research for better technology with which to tackle this problem and protect their systems. The mood of the US cybersecurity industry seems to be one of fairly cautious optimism, believing that, despite the growing pressure to repel attacks, new technology is being developed all the time, that will quite easily adapt and stand strong. They emphasise how any attacks like this are very difficult and tedious to carry out, while also being dangerous to the one enacting them. This is mainly for geopolitical reasons, when something like this is most likely being done by another nation, or funded by one.
While the entities these groups are targeting are private companies, the aftermath of their disruption will be felt by many. The critical aspects of our society that depend on energy that are in danger, such as medical centres and food production, will be unable to guarantee their absolute continuity at all times, soon enough. Because so much of most aspect of our lives depends on technology now, there is the implication that none of this will simply stop at affecting power grids. Government institutions like the police and the fire service – even traffic light systems – are not safe. The idea that so much can be controlled by a small amount of people is not a pleasant one.
Many of the coordinators are using their attacks to plant ransomware, however, which as the name implies, is used to extort money from a company or government. These are also projected to increase. One of many recent examples of this is Johnson City, Tennessee, which saw itself almost taken hostage in a sense, with the attackers demanding money in return for control again. Relief came a few days later, when a new back up server for the city was put in place, though this still cost the city $215,000. This is a fraction of the millions that could have easily have been demanded, but the city was lucky, this time. They have not made themselves immune from future attacks. Even if they did pay the culprits, it does not guarantee they would be left alone in the future. Something similar also happened to the NHS in the UK in 2017, when ransomware called WannaCry found it’s way throughout their systems. The reason behind this was due to most of the machines running on Windows XP, an outdated OS, by this point. Many public services make use of this older software, so they are unfortunately easily vulnerable to attack.
The point can be made, of course, that these attacks focus on the US. The state has a long history of making enemies of other countries, so it is hardly surprising. But we cannot all breathe a collective sigh of relief. Every country is at risk of this inflicted discord, whether they be from government-associated entities, or independent groups that wish only to cause chaos. There have only been a few examples given here, but the list is long, and ever-increasing. All this is an indicator, a taste, of what is to come. Warfare is one of the most adaptable industries, mostly due to its massive funding and continued support. As our lives become more entwined with the technology we so covet, the implications of what could and can be accessed and controlled, down to our very selves, don’t give a vision of a safe future.
Image credit: 3Mikey5000