Cybercriminals are becoming more ambitious. Where once they were content to commit acts of espionage against large corporations or molest small, poorly defended businesses, they are now seeking access to the United States’ core infrastructure. The number of attacks being directed at the country’s electrical grid, pipelines and security installations is increasing at an alarming rate.
Utility companies are now facing, on average, 10,000 cyberattacks every month, according to a report released by U.S. Congressmen Ed Markey and Henry Waxman. The report, titled Electric Grid Vulnerability, is based on survey results obtained from 160 different utility providers.
Markey and Waxman’s report suggests that around 10 percent of the installations that make up the nation’s critical infrastructure are coming under daily attack from various kinds of cyber-threats. Not every attack is capable of crippling an installation or affecting its operations, but they are all damaging. As Markey and Waxman’s report makes clear, these attacks are causing considerable economic impact. Collectively, cyberattacks on the U.S. electric grid cost the country between $119 billion and $188 billion per year. A single attack can cause losses in excess of $10 billion.
Power, Water Systems on Alert
The nation’s electrical grid isn’t alone in being targeted by cybercriminals. A recent report by the U.S. Department of Homeland Security makes it clear that America’s power, water, and nuclear systems are being preyed on by cybercriminals. According to the report, the number of attacks reported to the Department’s cybersecurity response team grew by more than 50 percent in 2012. The energy sector was the most intensively targeted, with 82 reported attacks; the water industry reported 29; the chemical industry was the victim of seven; and, perhaps most worrying, nuclear power plants reported that they were targeted by six attacks.
The Department’s report highlighted some of the recent successes cybercriminals have had against America’s infrastructure. Hackers recently gained access to the security system of a natural gas pipeline company and “exfiltrated” data about its control system. The report stated blandly that this data “could facilitate remote unauthorized operations.” Nuclear targets were, according to the report, successfully breached. Again, the report’s authors dully described something potentially terrifying: “These organizations reported that their enterprise networks were compromised and in some cases, exfiltration of data occurred.” In other words, hackers were able to gain access to information about nuclear power plants and their control systems.
U.S. Cyber-Security is Lacking
Given these disclosures, it is perhaps unsurprising that security experts are not confident in the United States’ ability to ward off attacks on its critical infrastructure and its energy sector. Gen. Keith B. Alexander, the Director of the National Security Agency and the Commander of the United States Cyber Command, told reporters in 2012 that he had observed a 17-fold increase in cyberattacks on America’s infrastructure between 2009 and 2011. He stated that he was worried by the nation’s blasé attitude toward these attacks, saying that, on a scale of 1 to 10, American readiness for a large-scale cyberattack languishes at “around a 3.” Sadly, it does not appear that much has been done to improve that rating.
America’s infrastructure is in peril, menaced by hackers, criminal organizations, and nations intent on doing harm to our citizens and interests. We need to start taking these threats seriously, devoting resources to security technologies and personnel who can defend us against them, and investing in our infrastructure, the foundation of our prosperity.
If your business needs additional IT security support, please call (703) 946-4922 or contact us online to schedule a consultation.
