Thursday, April 09, 2009

Analysis of Report on Power Grid Intrusions

After publishing a post on The Wall Street Journal article concerning intrusions into the US electrical grid, I re-read the report and noticed a discrepancy in comments by various "government officials". The story first states (I've added the emphasis):
"The intruders haven't sought to damage the power grid or other key infrastructure..."
but then reports that:
"Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."
The article goes on to state:
"Officials cautioned that the motivation of the cyberspies wasn't well understood, and they don't see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt."

With the caveat that the article provides no real data to perform an accurate risk assessment, these statements, as reported, are worrying to say the least. If software really has been planted that can "destroy infrastructure components" then my professional opinion is that:
  1. Damage has occurred - If a system is penetrated to the extent that software has been installed that disrupts operations, the system has been damaged. The integrity and operational capacity of the system is compromised. In a large complex network, it is very difficult to regain control when this level of compromise has taken place.

  2. There is immediate danger - As long as systems are compromised with malicious software, the motive of the intruders is unclear and the vulnerabilities and entry points of the intruders remain, then there is an immediate danger. The companies owning these systems are not in control.

U.S. Electrical Grid Intrusions

Does China have "Exploit Factories" to Discover Vulnerabilities?

The identification and exploitation of vulnerabilities in software is a never ending job for cyber criminals. Strategy Page looks at the possibility of what I would call "exploit factories" in China:
"China, for example, obtains these ZDEs [Zero Day Exploits] the same way they have become the place where software manufacturers go to get their software (especially game software) tested cheaply, and thoroughly. In China, you can fill up a large hall hundreds of bright, but otherwise unemployed, Chinese guys, equip them with PCs, and instructions on what to do to test software. Offer bonuses for those who find flaws, and off you go. Finding ZDEs is basically the same drill, except it takes a week or so of on-the-job training to familiarize your searchers with the testing and searching tools (some of them available at hacking sites) used to dig around in software for flaws."

The article goes on to discuss the potential link to the military and use in cyber warfare:
"The extent and effectiveness of this Internet based crime has military implications, because the same tools used by criminal hackers, are employed by Cyber War specialists."

The Secret Menace

Wednesday, April 08, 2009

U.S. Electrical Grid Intrusions

The Wall Street Journal reheated the debate of infrastructure vulnerability with an article concerning intrusions into and mapping of the U.S. electrical grid. The report points to China and Russia as the source, but provides almost no details beyond the generalized comments of anonymous sources to substantiate the claims.

One interesting note is the lack of detection of the intrusions by the companies themselves:

"Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

"Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."

Of course, the story is spawning many other reports and analysis including the suggestion that the power grid should be disconnected from the Internet:
"The onetime Counter Terrorism Czar, who famously criticized the Bush Administration for doing little to combat al Qaeda early in his first term before 9/11, chided the Obama Administration for not moving fast enough to decide upon the best defense strategy to counter cyber attacks on key infrastructure.

"One thing you can do is disconnect the power grid control system from the internet," Clarke said. "There's no reason for it to be connected."
This could be said of many critical systems. One such system that is rarely discussed is emergency communications including 911 systems that have slowly been connecting to the Internet despite security issues.

Electricity Grid in U.S. Penetrated By Spies
Disconnect electrical grid from Internet, former terror czar Clarke warns

Monday, April 06, 2009

Indian Political Party Calls for Cyber Warfare Preparations

New Zealand based website Scoop ran an article of escalating calls by political parties in India that advocate offensive nuclear and cyber warfare capabilities:
"We took note of the nuclear saber-rattling in these columns earlier ("India's Right Wing Wants Nuclear War," December 18, 2008). The chief of the Rashtriya Swayamsevak Sangh (National Volunteers' Association), patriarch of the "parivar" as the far-right "family" is popularly known, proclaimed nuclear war as the final solution to the problem of terrorism. Kuppahalli Sitaramayya Sudarshan, no less the f├╝hrer of the far right despite his relatively low profile, thought nothing of this growing into a nuclear Third World War against terrorism. His Nazi-like logic was that such a war of extreme nationalism would cleanse the world as well. "
This had been followed by calls from India's Bharatiya Janata Party (BJP) to create a cyber warfare program with both defensive and offensive capabilities:
"The party spells out its policy on the subject in a document, released some days back, titled "BJP"s IT Vision." Calling for "an integrated National Cyber Security Plan, covering all aspects of external defense and internal security," the document also stresses the need for "an independent Digital Security Agency."

"This agency, it is declared, will be "responsible for cyber warfare, cyber counter-terrorism and cyber security of national digital assets."


"The document itself, however, leaves little doubt that the wording about an agency for cyber warfare was deliberate. Before issuing this call, the BJP emphasizes the need for building both "defensive and offensive capabilities for electronic warfare."
The threat of cyber war was then addressed by the current Indian government:
"On March 26, Cabinet Secretary K M Chandrasekhar said in New Delhi: "Cyber attacks and cyber terrorism are the new looming threats on the horizon. There could be attacks on critical infrastructure such as telecommunications, power distribution, transportation, financial services, essential public utility services and others." He did not name China as the enemy in this regard, but tied the threats to terrorism.

"China, however, was to figure prominently in a series of reports on cyber threats since then. On March 28, an unidentified high military officer was reported to have told well-known daily The Hindustan Times that, according to army intelligence, Beijing was planning an "information war" impliedly as a prelude to a major conflict by 2017."

India: After Nuclear War Far Right Wants Cyber War