Critical Infrastructure: A New Cyberthreat Vector



For anyone who still thinks that hackers are going after the mainframe, there's good news afoot: They're not. In fact, mainframes have been borderline obsolete for about a decade now. At this point, they're mostly good for spare parts.

Anyone who is concerned that ISIS might be trying to wiggle their way into the power grid to create mass chaos, or that air conditioners can be used to create a large-scale blackout, on the other hand, is very much on to something.

High-stakes cybercrime

ISIS has in fact been attempting to hack into the U.S. power grid with the apparent intent to "turn off or blow up machines," according to CNN. The good news is that they're really bad at it. They don't have the technological wherewithal at present to actually succeed in this wildly ambitious endeavor. The bad news, however, is that some cybercriminals do, and they recently proved it in a real-world scenario.

A blackout in Ukraine on Dec. 23, 2015 that affected hundreds of thousands of people was recently confirmed to be the work of highly coordinated, sophisticated hackers. The attack leveraged nasty malware that wreaked havoc on computers and knocked out control systems. The attack was orchestrated to target six big power providers simultaneously. The methods were so effective, that "even the call centers used to report outages were knocked out," per CNN.

One might call this "The Starry Night" of cyberattacks. Frighteningly, whoever's responsible for the malicious masterpiece is still out there.

If you're not thoroughly alarmed by this, then perhaps the fact that air conditioners can be used to hack the power grid will raise a few red flags. According to Wired, cybersecurity experts have identified a way in which remote controls of air conditioning units can be overridden, and used to cause an outage during peak energy times.

Some utility companies will offer a discount to customers who agree to have devices installed on AC units that allow the provider to shut off the system when demand for energy is high, for example on hot summer evenings. The communication occurs via radio waves, which means hackers need only match the frequency, monitor and record commands, and then send those commands. This allows them to turn units on and off. Activating enough of them during peak summer hours could precipitate a surge capable of causing a large-scale blackout.

Last but not least, it's worth noting that in October, think tank Chatham House identified a serious Achilles' heel in some nuclear facilities: the inclusion of VPNs. Basically, this means that these mission-critical hubs are not as siloed off from the Internet as previously indicated. Hackers are clever. Give them an inch, and they'll take a mile. Remember Stuxnet? With little more than a thumb drive and a cleverly crafted worm, a nuclear facility in Iran had a fifth of its nuclear centrifuges destroyed.

A thrilling time to be a cybersecurity professional

Once upon a time, people were under the impression that cybersecurity experts' main job was to build firewalls and keep spam from breaking the computer. Given the gravity of many of cyberthreats outlined above, it would be reasonable to express nostalgia for a simpler time.

But if there's a silver lining to all of this, it's that the cybersecurity field just got a whole lot more interesting. Computer science gurus who always thought their skills would be best applied in an enterprise IT setting suddenly have a value proposition that entails protecting the nation's power grid. Should a blackout occur at a large enough scale, there's no telling what manner of chaos could ensue.

If there were ever a time to use that basic computer training as a springboard to bigger things, it would be now. The next step is to pursue more advanced certificates such as network security certification, or CompTIA security certification. As a thought leader in the Internet-of-Things-type technology that will drive innovation in the smart grid, any type of Cisco network network certification including Cisco wireless certification and Cisco security certification, will also be of extraordinary value to cybersecurity firms.

A cybersecurity sea change is at hand. Become part of the solution: Contact New Horizons today.

Don't forget to join us March 14 - March 18 for our four day course in EC CCISO! For more details and to register, click here.

More links

Will 2016 Be the Year of Cybersecurity?There are few jobs as cool and as necessary as those within the cybersecurity realm. Professionals in this field are working on the cutting-edge of technology, using highly-refined computer based training to keep cybercriminals at bay. Working in cybersecurity is consistently challenging as hackers are constantly updating and changing their techniques in order to gain access to private data.

Join the New Generation of Information Security LeadersThe CCISO (Certified Chief Information Security Officer) is an industry-leading program that recognizes the real-world experience necessary to succeed at the highest level of information security

Growing Number of Cyberattacks Shows Need for Cybersecurity ExpertsThe stats about 2014 cybercrime are here, and they aren't pretty. Symantec, a cybersecurity firm, has compiled a report detailing cybercrime activity in 2014. What it found was that businesses were woefully unprepared when it came to their cybersecurity needs.

Feb 2016

By: Terry Mott