Thursday, November 21, 2024

Cyber attacks on critical US infrastructure keep happening. How worried should we be?

Must read

play

A wicked storm knocks out the largest gasoline pipeline in the country, stretching from Texas to New York. Nearly 17,000 gas stations go dry, turning pit stops into parking lots as panicked Americans try to fuel up before attendants tape off yet another empty pump.

It’s a familiar tale of infrastructure buckling under extreme weather, but this storm blew in from the east without a drop of water or a gust of wind when Russian hackers crippled the Colonial Gas Pipeline.

The 2021 Colonial attack, which affected nearly half of all fuel consumed on the East Coast, was just a taste of things to come, U.S. cyberwarriors say, as foreign governments and gangs working under their protection steal into the nervous system of the American economy, ready to shut it down in the event of a conflict.

“It’s a free-for-all,” said Colin P. Clarke, director of research at the Soufan Group, a global intelligence consultancy. “It’s a constant barrage and assault of various types of hacking attempts, offensive cyber operations and others that are trying to go after the public sector, the private sector, and everything in between.”

More: Russian smear of Tim Walz hits internet ahead of US election

Earlier this year, Chinese hackers breached Verizon, AT&T and other telecoms in an effort to understand how the companies cooperate with authorities to track criminals, officials suspect.

“It’s no secret foreign adversaries – like communist China – seek to undermine our people and nation through the use of sophisticated and dangerous cyberattacks,” said Rep. Bob Latta R-Ohio, chair of the House Subcommittee on Communications and Technology.

Recent months have seen a steady drumbeat of high-profile cyber attacks. While most have created only minor distractions, the incursions have become more brazen, experts say.

Adversaries like China and Russia have created a sprawling network of hackers and software that have infiltrated America’s infrastructure to be activated in the case of significant geopolitical conflict.

More: JBS, Colonial Pipeline ransomware attacks are just a fraction of what US is up against, DOJ official warns CEOs

While hacking is as old as the internet itself, the contest has evolved into a key front, Clarke said. “It’s just another theater, that’s the way I look at it,” he said. “There’s air, land, sea, space and cyber.”

That cyber front is heating up.

As conflicts boil over in the Middle East and Ukraine, there has been a jump in cyber attacks on critical infrastructure, said Courtney Adante, president of security risk advisory at Teneo.

“The reality is that a potential attack against water systems, dams, bridges, energy, is a real threat, it’s a real risk,” Adante said. “My concern is that the public just isn’t paying enough attention.”

A constant game of cyber-brinkmanship

A campaign by a group of Chinese hackers nicknamed “Salt Typhoon,” which infiltrated major U.S. telecoms companies has roiled Capitol Hill since it was first disclosed this month.

The hack, first reported by the Wall Street Journal, allegedly targeted Verizon, AT&T and other telecoms, though details haven’t been disclosed.    

After the Salt Typhoon hack was revealed, leaders of the House Energy and Commerce Committee warned Verizon, AT&T and Lumen Technologies that “the integrity of your networks is paramount.” 

“It is vital that cybersecurity protocols are enhanced to better protect Americans’ data against increasingly sophisticated attacks,” they wrote, “especially from our foreign adversaries.”

More: Cyberattack targeting Georgia’s absentee ballot website was thwarted, state officials say

U.S. officials told The Washington Post they suspected state-sponsored actors were probing how law enforcement and the telecoms companies partner to wiretap and track foreign targets –  namely Chinese agents.

The Department of Homeland Security declined to comment.

Like other recent attacks, the Salt Typhoon campaign appears to have been thwarted without major disruption to consumers. But experts and officials warn that sowing immediate chaos is often not the game plan. 

Rather, the goal of most cyber warfare is instead probing an adversary’s systems to cause a disruption when it’s needed, said Craig Shue, who chairs the computer science department at Worcester Polytechnic Institute.

Probing attacks, of which there thousands every year, are virtual spying missions, searching for weaknesses to exploit when the time is right, Shue said.

FBI warning: Chinese hackers are preparing to ‘wreak havoc’ on infrastructure

“Some of these adversaries are embedded in the networks they are attacking for prolonged periods of time,” Shue said. “They’ll do reconnaissance, they will identify what the normal pattern of the network looks like.”

When hackers find their cover is blown, or if they sense the net is closing, they retreat, Shue said.  

“If they see signs that the defenders might have caught on to them, then they say ‘There is no more opportunity for subtlety, so let’s launch the attack and have our chaos,’” Shue said. 

While the attacks rarely reach public notice, the Colonial Pipeline hack in 2021 provides a taste of the real harm cyberwarriors can cause.

More: A Russian invasion could reach farther than Ukraine. How a cyberattack could affect you.

Russian hackers forced Colonial to shut down 5,500 miles of pipeline serving 50 million people for five days, causing shortages at 16,200 gas stations along the East Coast and widespread consumer anxiety before the company paid a $5 million ransom to regain access to its computers.

And for every hacking effort that is uncovered and examined publicly, there are more that go undisclosed, Clarke and other experts said. The end goal, Clarke said, is not simply disrupting life for Americans, but to play a more serious role in possible future conflicts.

It’s an ever-evolving brinksmanship between foreign hackers and those tasked with rooting them out.

And it’s unclear who’s winning.

Is America prepared for a worst-case-hacking scenario?

Cyber warfare between the U.S. and its adversaries has reached a state akin to the “Mutually Assured Destruction” doctrine first reached between the U.S. and the Soviet Union in the 1980s over the use of nuclear weapons, experts told USA TODAY.

Each side can say to the other, “‘Hey, we can make things pretty uncomfortable for your population if you go through with this,’” Clarke said. 

Just as foreign countries have their cyber spies and software inside America’s critical infrastructure, American hackers and security agencies have not been idle, said Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies.

“It’s fair to say that the Chinese, the Russians, believe we’re doing it,” Lewis said. “So whether we’re doing it or not doesn’t matter, because they think we’re doing it.” 

Snapchat gotcha: How the Feds monitor social media and other communications

And the U.S. does certainly seem to be engaged in its own cyber attacks. Last year, for example, more than a decade after fugitive whistleblower Edward Snowden accused the National Security Agency of hacking into the servers of the Chinese telecoms firm Huawei, Beijing officially acknowledged the breach.

Chinese hacking attacks have been more openly aggressive, but because these attacks take place in cyberspace, they’re not considered overt acts of war, Lewis said. 

That line is increasingly blurry.

“If I went to the port in San Francisco and I put sea mines there, it’s not like they’re exploding − it’s not an attack − but everyone would regard that as a hostile act,” Lewis said. “And this is kind of the cyber equivalent of putting a mine in your opponent’s harbor.”

Attacks on utilities like the American Water Works Company, Verizon and other telecoms are just the most recent examples of a significant uptick. 

Hackers hit American Water in early October, according to a Securities and Exchange Commission filing

The utility had to pause billing for millions of customers, drawing a warning from the Environmental Protection Agency. Water delivery systems were not affected. 

“Cyberattacks represent one of the most significant threats to our Nation’s water and wastewater utilities and to the communities, business, hospitals, and other critical infrastructure sectors,” EPA spokesperson Dominique Joseph said after the American Water breach.

An EPA review this year found 70% of U.S. water companies were vulnerable to attack.

Authorities still haven’t identified who was behind the American Water breach, which come as foreign hackers increasingly go after private, rather than government, targets.

An estimated 89% of critical infrastructure in the U.S. is controlled by private companies, said Adante, the security risk consultant. 

“ Why are we not talking about this more?” Adante said. “I worry about the critical infrastructure event, where there’s an attack on power grids, water systems — where human lives are at stake.”

Latest article