Cyberwar Threats and Critical Infrastructure Vulnerabilities

Thursday, May 31, 2012



Security authorities are growing increasingly concerned regarding widespread vulnerabilities in the systems that govern the nation's critical infrastructure, particularly those in the energy sector.

"The attackers are getting more skilled and we are increasing the vulnerability... We are putting more systems out there which are attackable," said energy security specialist Justin Lowe.

In a recent report from Carnegie Mellon's CyLab, the energy and utilities sector ranked lowest in IT governance and security in comparison to other industries.

The study, titled “The Governance of Enterprise Security: CyLab 2012 Report”, found that cyber security as a priority was lowest among those organizatons who administer aspects of critical infrastructure, leaving the nation susceptible to strategic cyber attacks aimed at disrupting production and distribution.

"It is believed that would be part of any form of warfare - that they would take out private sector infrastructures as part of knocking out a country," said the University of London's Paul Dorey, who formerly managed BP's digital security.

A broad spectrum of potential attackers may be interested in disrupting these systems, from politically motivated protestors to terrorists and rogue nations.

"Targeted attacks are increasing dramatically. It could be state sponsored or it could be just hacktivists or it could be a cyber criminal organisation. But we know the number one target is government institutions and the second is manufacturing, including oil and gas," said Symantec's Bulent Teksoz.

The recently discovered virus dubbed "Flame" is being widely compared to the infamous Stuxnet and Duqu infections, and has been detected in high concentrations in Iran, and to a lesser extent in Israel, Palestine, Sudan and Syria.

Symantec's analysis of the malware showed that some of the files employed were implicated in the recent attacks on Iran's oil production networks, according to the security provider's report.

"The complexity of the [Flame] code within this threat is at par with that seen in Stuxnet and Duqu, arguably the two most complex pieces of malware we have analyzed to date. As with the previous two threats, this code was not likely to have been written by a single individual but by an organized, well-funded group of people working to a clear set of directives. Certain file names associated with the threat are identical to those described in an incident involving the Iranian Oil Ministry," Symantec stated.

Stuxnet was a highly sophisticated designer-virus that infected systems which provided operations control for Iranian production networks, and was probably produced to stifle Iran's nuclear weapons program.

Stuxnet targeted Siemens Programmable Logic Controllers (PLCs), are thought to have caused severe damage to Iranian uranium enrichment facilities and reportedly set back the nation's nuclear program by as much as several years.

Flame is most likely an intelligence gathering tool most similar to the Duqu virus, which displayed many similarities to Stuxnet, though it was not designed to deliver a payload.

Stuxnet is largely considered to be a game changer in the world of information security, as the infection did not merely cause problems with the tainted systems, but affected kinetic damage to the equipment those systems controlled.

"Stuxnet really showed people you could do this, that is the problem. I cannot imagine any major government agency not developing an offensive capability... That is one of the risks, that we are weaponizing our entire energy industry, or leaving weapons inside it, just in case," said ICS security exert Eric Byres.

The modular nature of the design behind Stuxnet, Duqu and Flame could mean that variations of the virus tailored to target critical components of sother ystems could already be in development.

"Stuxnet does provide a delivery vehicle, for non state actors to use, that is a direct threat to critical infrastructure... They have to go and develop their own warhead but you have given them a cruise missile... It's perfectly possible that Stuxnet could be adapted for cyber terrorism purposes and that is a real concern," said the Austrian Institute for International Affairs' Alexander Klimburg.


Possibly Related Articles:
SCADA Utilities Attacks Stuxnet Headlines Network Security Infrastructure Industrial Control Systems DUQU Flame W32.Flamer
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.