Critical Infrastructure, hackers targeted public utility SCADA

Cyber attacks could pose a potentially huge risk to US critical infrastructure, state-sponsored hackers and cyber criminals are increasing their activity.

Governments are even more alarmed by the possibility of cyber attacks against critical infrastructure, hackers could pose a potentially huge risk to the helpless population.

In a recent US Government exercise, a team of hackers has caused an electrical generator’s motor self-destruction with a cyber attack, it is an alarming circumstance that could be real soon.

The attackers accessed computer network at American public utility causing the destructive arrest of the electrical generator’s motor, The Department of Homeland Security hasn’t provided further information on company hit by the attack, the affected system neither the type of utility targeted by the cyber attack.

A recent report published by The Federal Government’s Track Record onCybersecurity and Critical Infrastructure, provides a scaring picture on the nation’s defense situation.

Over 48,000 successfully cyber attacks breached the US defense, they were caused  by the failure to employ very basic security measures, weak passwords, unpatched software and inadequate controls are the principal causes of the incidents observed in US government infrastructure.

An official revealed to the CNN the Department of Homeland Security worked with the company to repel the hack and no operations were disrupted, but the risks for such type of offensives is concrete.

Telecomunication systems, satellite systems, water-treatment plants, energy production plants, or a power station could be targeted by cyber attacks that could knock out their control systems.

“When you look at this particular utility, multiply that by many orders of magnitude and, yes, have you taken a substation out, which we don’t have here, that would have massive disruption in a community and potentially in a much broader region,” Frank Cilluffo, Cybersecurity Initiative Director at George Washington University said.

Let’s remember that this type of threat that can wreak havoc on a country, it can cause a massive power-outage.

“I mean the sugar daddy of all, the most critical of our critical infrastructure, is electric, and energy and our grid. Because everything else to one extent or another, is dependent upon that,” Cilluffo said.

If you think that this is a sci-fi scenario you are wrong, last summer the Comment Crew group of hackers has been identified during an attack to a fake US control system of a water facility. The researchers deployed a honeypot to collect evidence on the attackers that resulted linked to the popular group of Chinese hackers also described by the Mandiant Intelligence firm in the APT1 report.

Security expert Frank Cilluffo declared that foreign state-sponsored hackers and alleged terrorists are continuously probing critical infrastructure and the probability of a cyber attack is not negligible.

Foreign state-hackers have necessary knowledge and cyber capabilities to hit US infrastructure with a cyber attack.

“My biggest concern is actually an insider threat: someone who works for a particular company and then can share information with those on the outside to get more precise in their targeting,” Cilluffo said.

Cilluffo expressed all his concerns on the impossibility of the government to stop all these attacks, he also remarked that it is necessary a joint effort between government entities and private companies to mitigate the cyber threats.

Homeland security officials stated that last year US experts responded to 256 ‘cyber-incident’ reports to critical infrastructure , more than half of them in the energy sector, and I fear that in the next months the situation could worsen.

(Security Affairs –  Critical infrastructure, hacking)