Are U.S. chemical plants ready for cyberattacks?

A top cybersecurity official at the Department of Homeland Security said the coordinated cyberattack on the Ukrainian power grid last year should be a wake-up call for critical infrastructure providers in the U.S.

"Every CEO should ask their IT and control systems if you're protected" against a coordinated cyber assault like the one that happened in Ukraine last December, said Andy Ozment, assistant secretary for cybersecurity and communications at DHS, during the Chemical Sector Security Summit on July 21.

Even though DHS officials have said there is no evidence of similar activity in the U.S., they have been increasingly concerned about the event, and the department sent forensics teams to Ukraine to assess how invaders got into the system and took control.

The attack, which hit regional electricity distribution companies, left more than a quarter of a million people without electricity for days and wiped data from company computers. Officials have called it the first known instance of a cyberattack taking out a power grid.

In his remarks to chemical-sector executives, Ozment said the implications of the attack reach beyond the electrical grid and deep into other critical infrastructure arenas.

"If you haven't taken notice of that, you should," he said, adding that any company that runs control systems could be vulnerable to a similar attack. "It is the template to defend against."

According to Ozment, the Ukraine power grid had "average" security precautions and had not lagged behind in its security measures. He said the attack showed an intricate knowledge of the choke points on control system networks, and the hackers destroyed interfaces between IT and industrial control systems, preventing companies from using the latter systems.

The attack was sudden and complete, he said, and electric company employees saw their computers taken over in front of them, with mouse click commands hijacked for attack purposes. Some employees recorded the action on video, he added.

DHS widened its warning about the attack in March. Ozment and Greg Touhill, deputy assistant secretary of cybersecurity and communications, said at the time that the department had stepped up its briefings with U.S. critical infrastructure providers.

In February, DHS issued a detailed report on the incident on its Industrial Control Systems Cyber Emergency Response Team website. According to the report, the electronic assaults came within half an hour of each other, hit multiple central and regional locations around the country, used remote administration tools at the operating system level, and attacked control system software via a virtual private network connection.

Ozment said a classified version of DHS' findings is available to infrastructure providers through its secure portal.