The cyber threats keeping DoD officials awake right now

What threat to the banks, utility companies, and telecommunications companies that make up the "critical online infrastructure" of the United States worries one of the Pentagon’s top cyber officials more than almost any other? You might think it is a strategic, Stuxnet on steroids-style cyber attack designed by a rival nation with deep pockets and ...

By , a former national security reporter for Foreign Policy.
shodanhq.com
shodanhq.com
shodanhq.com

What threat to the banks, utility companies, and telecommunications companies that make up the "critical online infrastructure" of the United States worries one of the Pentagon’s top cyber officials more than almost any other?

You might think it is a strategic, Stuxnet on steroids-style cyber attack designed by a rival nation with deep pockets and lots of engineers to cripple American industry. While state-sponsored attacks remain a big threat to large corporations and the U.S. government, the cyber tools available to average hackers are increasing in potency at an alarming rate. The proliferation of tools allowing anyone to easily detect where a device connects to the Internet, combined with growing ability of private hackers to discover previously unknown vulnerabilities inherent in computer systems (called zero day exploits), now poses a large threat, according to Eric Rosenbach, deputy assistant secretary of defense for cyber policy.

"It’s this combination of a program, which is essentially a Google-like browser on the Internet right now that allows you to scan for vulnerabilities in the industrial control systems in the U.S. and around the world, . . . that combined with the phenomena of these black market zero day exploits and malware tools that makes me extremely nervous," said Rosenbach during a Sept. 4 interview with Killer Apps, during which we also discussed the automation of cyber defense and the holy grail of cyber security.  "Because then it’s not just a nation-state that wants to harm the U.S., but it could be a rogue group or some crazy individual that wants to leave their mark on history. The perspective on the vulnerabilities is there [for anyone to see], and some of the tools that you need to do it are there too. I think that is what worries us the most."

The program Rosenbach referred to is called Shodan; its website describes it as a search engine that allows users to find any device connected to the Internet — whether that’s a server, the controls of a power plant, or even a refrigerator.

Columbia University professor Abraham Wagner, who specializes on how technology has impacted national security, points out that there are already reports of hackers using Shodan to find weak spots in the programs, known as Supervisory Control and Data Acquisition (SCADA) systems, which control everything from an office building’s air-conditioning to the speed at which a uranium-enrichment centrifuge in a nuclear plant spins.

"Tools like this certainly make hacking easier," wrote Wagner in a Sept. 13 email to Killer Apps. "The vulnerable systems are still in serious need of major security upgrades, and we are still in a ‘transitional’ period where nobody seems willing to undertake the level of effort that is required. There is still an operative mentality that states it must be somebody else’s problem to do it."

While basic cyber hygiene — such as using tough-to-crack passwords and regularly updating a computer and network’s security settings — can thwart many attacks, Rosenbach doesn’t think that private companies will take action until they have suffered too many costly cyber attacks, or the government can work with them to implement cyber security standards. The latter however, remains a tough nut to crack. In August, Republican senators shot down the latest attempt to legislate minimum cybersecurity standards for companies involved in maintaining critical infrastructure.

John Reed is a former national security reporter for Foreign Policy.

More from Foreign Policy

Children are hooked up to IV drips on the stairs at a children's hospital in Beijing.
Children are hooked up to IV drips on the stairs at a children's hospital in Beijing.

Chinese Hospitals Are Housing Another Deadly Outbreak

Authorities are covering up the spread of antibiotic-resistant pneumonia.

Henry Kissinger during an interview in Washington in August 1980.
Henry Kissinger during an interview in Washington in August 1980.

Henry Kissinger, Colossus on the World Stage

The late statesman was a master of realpolitik—whom some regarded as a war criminal.

A Ukrainian soldier in helmet and fatigues holds a cell phone and looks up at the night sky as an explosion lights up the horizon behind him.
A Ukrainian soldier in helmet and fatigues holds a cell phone and looks up at the night sky as an explosion lights up the horizon behind him.

The West’s False Choice in Ukraine

The crossroads is not between war and compromise, but between victory and defeat.

Illustrated portraits of Reps. MIke Gallagher, right, and Raja Krishnamoorthi
Illustrated portraits of Reps. MIke Gallagher, right, and Raja Krishnamoorthi

The Masterminds

Washington wants to get tough on China, and the leaders of the House China Committee are in the driver’s seat.