Cybersecurity

Infrastructure cyber intrusion: A cautionary tale

gloved hands

The Department of Homeland Security revealed the details of cyber incursions at two critical infrastructure providers to remind power, water and electricity companies that they need to pay closer attention to their control systems.

In its latest "ICS-CERT Monitor" report, the Industrial Control Systems Cyber Emergency Response Team said that in the past few months, it had assessed the potential damage done by cyber intruders that had burrowed into control systems at two critical infrastructure providers.

Although the team typically does not provide much detail in its reporting of critical infrastructure attacks, it made an exception to provide a cautionary tale for those responsible for securing critical infrastructure networks.

The group noted that cyberattackers can identify and target ICS devices more easily now because of an increasing body of knowledge detailing ICS-specific terminology. Given the public availability of that information and the reach of powerful search tools such as Shodan and Google, the threshold for finding vulnerable systems is lower than ever, the report states.

The team did not name the two infrastructure providers but said one was a public utility that was compromised when "a sophisticated threat actor" accessed its control network via Internet-facing hosts that had been secured with only a simple password. The intruder used brute-force techniques to find that password.

After the intrusion was discovered, ICS-CERT was asked to analyze what had happened. The report states that the systems were exposed to numerous security threats and that intruders had used the unlocked door before. The team recommended redesigning the system.

In the second attack detailed in the report, an intruder used a cellular modem to access a control system server via supervisory control and data acquisition protocols. The unprotected system operated a mechanical device that at the time of the compromise was disconnected for scheduled maintenance. According to the report, the team determined that the "threat actor" likely had access to the system over an extended period of time, though the actor made no attempt to manipulate it.

ICS-CERT said both incidents point to the increasing need for critical infrastructure providers to keep up with perimeter security, remote access authentication and security monitoring capabilities to prevent adversaries from discovering and targeting vulnerable control systems and devices.

In addition to the detailed breach narratives, ICS-CERT reported that from January to March, it performed 20 security assessments for water, power and transportation providers, and nuclear facilities. Those assessments are typically performed at the request of providers after they have found evidence of a possible intrusion or experienced a cyberattack.

About the Author

Mark Rockwell is a staff writer at FCW.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, tele.com magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at mrockwell@fcw.com or follow him on Twitter at @MRockwell4.


FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Wed, Jun 18, 2014

Why are supervisory control and data automation (SCADA) networks even **ON** the Internet in the first place? Before the internet these things were linked together with leased lines and other private communications channels. I fear I already know the reason: cost. It's ridiculous. True, even air gapped networks can be vulnerabile (just ask Iran) - but that kind of a compromise is far less likely than the casual hacking that can come from a poorly secured machine accessible by literally the world. The mind boggles that this is even an acceptable bets practice...

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group