Russia has been accused of so many things recently, it’s easy to lose track.
This week the Department of Homeland Security (DHS) added cyber-intrusion and surveillance of the US critical infrastructure sector to the growing list of accusations – in a move that might have been missed by commentators had it not come packaged with sanctions connected to alleged interference in elections.
Posted as an alert on US-CERT, this one matters. Anxiety about the probing of the energy grid goes back years but this is the first time the US has formally accused another country, Russia, of being behind such incidents.
Until now, the public alerts have been coy about attribution. Not this time:
Since at least March 2016, Russian government cyber actors targeted government entities and multiple US critical infrastructure sectors, including the energy, nuclear, commercial facilities, water, aviation, and critical manufacturing sectors.
Although it didn’t appear that any disruption had taken place this time, the incident pointed to menacing intent:
DHS and FBI characterize this activity as a multi-stage intrusion campaign by Russian government cyber actors who targeted small commercial facilities’ networks where they staged malware, conducted spear phishing, and gained remote access into energy sector networks.
Coming only weeks after the US and its Five-Eyes allies joined forces to condemn Russia for last year’s global NotPetya malware attack, the report looks like another signal of a changed strategy.
Only days before, the UK Defence Secretary Gavin Williamson warned that Russia’s attitude to the UK might include wanting to:
Damage its economy, rip its infrastructure apart, actually cause thousands and thousands and thousands of deaths.
Attack reports traditionally include technical detail but without naming names. Now, it’s as if the US and UK have decided to play Russia at its own game of information war, exposing them in as much detail as possible.
What used to be the Russian defence of plausible deniability has morphed remarkably quickly into an even stranger form, that of implausible deniability, a world where Russia plays the role of default culprit.
The strangeness of this isn’t that fewer believe Russia’s denials but that it’s sometimes as if the Russian Government takes perverse satisfaction from notoriety, like a movie gun-slinger proudly showing off wanted posters naming the high price on his head.
Exposing a country’s bad behaviour is about playing the long game, exposing a pattern that includes two alleged cyberattacks on Ukraine’s energy sector in 2014 and 2015 that led to power outages.
For the first time, it’s being suggested that the US and UK might contemplate cyber-retaliation in kind, which seems unlikely given that the US simply has more to lose compared to a Russian economy that is smaller than some US states.
But there is another way of understanding alleged Russian cyber-incursions against the US and others – everyone is vulnerable. The internet’s inter-connectedness has become the ultimate leveller, perhaps more so than any conventional military weapon.
Cyberattacks on infrastructure show us how everyone can be hurt – the US, the UK, of course, but also ordinary Russians too.
Anonymous Coward
I’m not attributing blame, nor taking sides, but if the West is so worried, what is all this critical infrastructure doing connected to the public internet?
I understand it simply isn’t plausible to filter IP traffic so it only comes from known friendly nations. Even if you could do that, IP spoofing is not very difficult. Having any kind of critical infrastructure connected to the public internet, as opposed a locked down, private network, does seem short sighted to put it mildly.
These attacks have been happening for over three years. How long will it take to learn the lesson? Take your infrastructure OFF THE INTERNET!
I mean, seriously, what are you waiting for?
Bart
“For the first time, it’s being suggested that the US and UK might contemplate cyber-retaliation in kind…”
As if we haven’t pinged their systems to uncover vulnerabilities. I will, however, agree that the Russians are likely behind the recent bad weather throughout Europe.
Bryan
what is all this critical infrastructure doing connected to the public internet?
Ease of use and speed. Average Joe believes he’s too busy for the nuisance of good security. It’s why politicians have five staffers with their domain passwords and five others to tweet for them and why millions still use passwords like 5678 on things like a bank account–or at least as simple as the login UI will allow.
Paradoxically very few people will leave their front door unlocked because digging for your keys while carrying groceries is cumbersome. Yet somehow the digital realm is still as imaginary as Neo and Trinity.
In the ongoing war between security and convenience… security rarely wins.
Wilbur
I believe it is about eliminating jobs and saving personnel expenses. Government rules, regulations, mandates, taxes etc make it very expensive to maintain a human work force, so companies are implementing as much automatic data collection and control as possible. Connecting a facility to the Internet allows gauges to be read, valves and switches to be operated and control systems to be monitored all without having a trained (expensive) technician on site or on call. Why did my local Public Utility District go to the expense of replacing my electric meter with a “smart meter” that sends data signals back over the power line? So they could lay off the meter readers; that saved them not only payroll costs but vehicle fuel and maintenance costs. The government loves it because now they can monitor my electricity use in 15 minute increments rather than 30 day billing cycles.
ken jenner
why is it on the connected to the public internet?
do they work from home ?
if you don’t need it take it off less is best.
4caster
Public utilities should use a private INTRANET.