Our Enemies Keep Hacking Our Systems, Not That You’d Know It
The U.S. Department of Homeland Security has advised that hacks into our nation’s critical infrastructure, including our energy sector, are ongoing. I have discussed energy infrastructure threats previously, and it's not a pretty picture. The recent joint Technical Alert from the Department of Homeland Security and the FBI makes several critical points:
“Advanced persistent threat” actions are targeting government entities and organizations in the energy, nuclear, water, aviation, and critical manufacturing sectors. That in itself should make any thinking person very, very concerned.
The Department of Homeland Security assesses the activity as a “multi-stage intrusion campaign.” That is to say, it’s strategic and unlikely to stop.
The target organizations are deliberately chosen.
The campaign is still ongoing.
Threat actors are actively pursuing their ultimate objectives over their long-term campaign. The ultimate objective is “to compromise organizational networks.”
The hackers stole login credentials “repeatedly,” creating counterfeit accounts that impersonated legitimate accounts. They then created administrator accounts to delete evidence of their activity. This is like criminals breaking into a nuclear power plant and setting themselves up as the plant managers and security guards, then deleting the security camera video showing what they did. After they are in control, of course, they can do whatever they want to.
The Technical Alert does not say how many instances of this hacking the FBI and DHS are aware of. Furthermore, it is also full of words like “likely,” “presumed,” “believes,” “appeared,” and the like. Given the gravity of the activity, there is a troubling lack of certainty about what our government appears to know (or is willing to tell us).
They also do not speculate in this Technical Alert about the hackers’ ultimate objectives, other than “to compromise organizational networks” as noted above. But unless you are a 13-year-old who breaks into computer systems for the thrill of it, compromising organizational networks is just a means to an end. Having worked to gain entry to a system and cover up that fact, it wouldn’t make sense that they’ll sit there and do nothing.
Consider:
What we know about past intrusions
The sectors the hackers have targeted
The vulnerabilities of much of our critical infrastructure
Our documented unpreparedness for any sustained electrical failure
The almost complete shift from reliance on mechanical to computer systems in critical infrastructure
The grave consequences of losing control of those systems
The success the “threat actors” have achieved thus far
The risks presented by these hacks are real, and presently seem to be unchallenged. It is therefore difficult to see why these threats have not been given more attention. Part of it may have to do with the fact that the government seems reluctant, in general, to highlight these threats.
Given the grave consequences of these hacks, and the fact that the “threat actors are actively pursuing their ultimate objectives over a long-term campaign,” one would imagine that there would be widespread publicity about this. But that has not happened. Outside of a few isolated articles, not much has been said about this at all. And that’s a problem.
The hacks themselves are bad enough. The lack of appropriate publicity about them is worse. We owe it to ourselves to identify the nature and scope of the threats against us, and react accordingly. Doing so will help make our families, loved ones, and communities as secure as possible.