United States ill-prepared for skyrocketing cyberattacks against critical infrastructure

United States ill-prepared for skyrocketing cyberattacks against critical infrastructure
Cyberattacks against the United States’ critical infrastructure are increasing, but even the Department of Homeland Security is reporting that the country is ill-prepared to respond.

America’s cyberdefense situation is in need of improvement, according at least to a newsletter published by the Homeland Security Department’s Industrial Control Systems Cyber Emergency Response Team, the ICS-CERT Monitor [PDF].

In the late-2012 edition of the Monitor, cyber experts working for the United States government confirm that as attacks waged against America’s essential sectors are on the rise, the number of qualified personnel able to respond is hardly adequate.

Between October 1, 2011 and September of last year, ICE-CERT claims to have received and responded to 198 cyber incidents as reported by asset owners and industry partners. In an analysis of the report by CNN, they report that the figure for Fiscal Year 2012 is 52 percent larger than the year before.

Elsewhere in the Monitor, ICE-CERT quotes noted security expert Alan Paller as saying that there are no more than 20 individuals in the entire country that could counter a substantial attack against the States’ cyber infrastructure.

“Paller believes there are only 18 to 20 people in the whole country qualified to protect the nation’s infrastructure from a concerted cyberattack,” the Monitor says, quoting from a Wall Street Journal article published in November.

“That’s an incredible small number of people considering the hundreds of thousands of engineers working in the private, public and military sectors,” says the Journal.

Of those nearly 200 incidents reported to DHS, several resulted in successful break-ins. In one example given of a power generation facility in the US, the Monitor says DHS employees identified malware installed on their systems that were so sophisticated that they posed the possibility of a very real disaster to the plant’s control environment.

“Detailed analysis was conducted as these workstations had no backups, and an ineffective of failed cleanup would have significantly impaired their operations,” the report reads.

While The Monitor neglects to name individual companies that found malware and other attempted cyber-intrusions, the DHS says that the nation’s energy, water, communications and transportation sectors were all subject to attack during the last year. Also at risk, the Monitor reports, is America’s nuclear infrastructure, where at least 6 incidents were identified during a 12-month span.

Compared to recent years, the cyberassaults waged during 2012 demonstrate an alarming trend. While ICS-CERT identified 198 incidents last year, in 2009 that number was only nine.

"I believe that people will not truly get this until they see the physical implications of a cyberattack," former FBI cybercrime official Shawn Henry said last year, as quoted by CNN. "We knew about Osama bin Laden in the early '90s. After 9/11, it was a worldwide name. I believe that type of thing can and will happen in the cyber environment."

Leading figures in Washington have warned just as much, equating an eventual assault on the United States’ cyber-grid as being on par with national tragedies of historic proportions. In October, Defense Secretary Leon Panetta said the country was at risk of facing a “Cyber Pearl Harbor.” In December, former National Security Agency Director Mike McConnel said a “Cyber 9/11” should be imminent.

"We have had our 9/11 warning. Are we going to wait for the cyber equivalent of the collapse of the World Trade Centers?" McConnell told Financial Times in an interview published last month.

"All of a sudden, the power doesn't work, there's no way you can get money, you can't get out of town, you can't get online, and banking, as a function to make the world work, starts to not be reliable," McConnell said. "Now, that is a cyber-Pearl Harbor, and it is achievable."

In the latest edition of The Monitor, the DHS acknowledges that one particular power company in the US was infected with a virus as recently as this October that damaged the facility’s turbine control system and around 10 computers connected to it. By the time the country’s cyber-experts identified and treated the issue, the facility suffered from three weeks of setbacks. In another instance noted in the report, a team of DHS researchers found 98,000 organizations within the United States that had Internet-facing devices that could easily be hijacked by hackers.

Cyberattacks against the United States’ energy sector accounted for 40 percent of all reported incidents last year, with the water sector targeted in around 30 separate attacks, the Monitor reports.

Only one banking or financial institution contacted the DHS about a possible cyberattack last year, but skyrocketing numbers suggest that assaults are likely to increase in Fiscal Year 2013. Just in the last few months, Bank of America, Citigroup, Wells Fargo and Capital One have all been targeted by computer criminals.

"These attacks are representative of the longest persistent cyberattack on an industry sector in history – in fact, nearly every major commercial bank has been affected," Carl Herberger, vice president of security solutions at Radware, tells CSO Online.

Anti-American hackers from Iran are believed responsible for the renewed series of attacks aimed at the computer of US banks, according to Washington sources. On Friday, the Washington Post reported that the National Security Agency has been approached by a number of US banks in hopes that they will be able to protect them against the increasingly sophisticated cyberattacks waged at the American financial sector.