January 29, 2010

Critical Infrastructure At High Risk Of Cyberattack

A new survey of operators of power plants and other critical infrastructure finds that more than half have had their computer networks hacked.  In many cases, foreign governments were the suspected culprits, according to the report prepared by security software maker McAfee and the Center for Strategic and International Studies in Washington.

The survey of 600 executives and technology managers from infrastructure operators in 14 countries found that 54 percent said they had suffered a "stealthy infiltration" of their networks.  In such cases, cybercriminals can install malicious software that can steal data, spy on e-mails or conduct even more nefarious actions such as remotely controlling equipment.

The survey, released Thursday, offers a rare view at the damage cybercriminals can inflict on critical institutions such as power grids, water and sewage systems, and oil and gas facilities. Manipulating these vital systems can cause significant consequences, such as power outages, floods, sewage spills and oil leaks.

The report, which did not name the respondents or disclose specific details about what happened in the attacks, comes amid growing concerns about state-sponsored hacking and threats to critical infrastructure.

Last April, officials with the federal government said that spies had hacked into the U.S. electric grid and left behind programs that would let the perpetrators disrupt service.

The intrusions were only discovered after power companies allowed the government to audit their systems.

The fact that utilities are increasingly using conventional, non-proprietary software and connecting parts of their operations via the Internet only adds to the risk of cyberattacks.

Indeed, 54 percent of the survey's respondents said they had experienced a large-scale "denial-of-service" attack, in which a network was taken out of service as a result of being flooded with phony Internet traffic.  Of those who experienced such an attack, 65 percent said the incidents had affected their operations, with the damage ranging from minor service interruptions to sustained harm and critical breakdowns.

Nearly 60 percent of respondents said they believed that representatives of foreign governments were involved in the attacks.

Disturbingly, many intruders have apparently done something harmful with the access they gained to these critical networks.  Extortion is one common tactic, with hackers demanding money to end or agree not to conduct an attack.  Power, oil and gas sectors were among the most frequently targeted.

Identifying culprits can be extremely difficult since sophisticated cyberattacks are typically routed through multiple layers of infected computers to conceal the original source.  However, experts can often gain clues about the attackers' country of origin by examining the language and other clues found in the malicious software's programming, the report said.


On the Net: