The White House: Cyber attacks against critical infrastructure are way up
Here’s the White House’s response to Killer Apps’ request for comment on last night’s Wall Street Journal article citing current and former administration officials saying that Iranian hackers have penetrated the networks of U.S. energy firms. Basically, National Security Staff spokeswoman Laura Lucas confirmed that our critical infrastructure, including the energy sector, is under cyber-attack, ...
Here's the White House's response to Killer Apps' request for comment on last night's Wall Street Journal article citing current and former administration officials saying that Iranian hackers have penetrated the networks of U.S. energy firms.
Here’s the White House’s response to Killer Apps’ request for comment on last night’s Wall Street Journal article citing current and former administration officials saying that Iranian hackers have penetrated the networks of U.S. energy firms.
Basically, National Security Staff spokeswoman Laura Lucas confirmed that our critical infrastructure, including the energy sector, is under cyber-attack, with DHS responding to 177 attacks in 2012, and that the administration is hustling to share as much information as possible about cyber-threats with critical-infrastructure providers. Notice the statement below doesn’t confirm or deny the WSJ’s claim that Iranian hackers specifically are responsible.
Each and every day, the United States faces a myriad of threats in cyberspace, from the theft of U.S. intellectual property through cyber intrusions to distributed denial of service attacks against public-facing websites to intrusions against U.S. critical infrastructure companies, including those in the energy sector. We have observed a trend over the last year, exemplified by this recent activity, of malicious actors increasing their focus against critical infrastructure. Secretary Napolitano has noted these trends in hearings before Congress. For example, in March she cited a campaign of intrusions targeting oil and pipeline companies. Last year DHS responded to 177 incidents against industrial control systems up from just nine three years earlier. The U.S. government is, of course, researching attribution and investigating specific events.
We are concerned about all threats to the security of our networks and critical infrastructure and are actively collaborating with our public and private sector partners to detect and mitigate disruptions and attacks against the nation’s critical cyber and communications networks. We are leaning much further forward on providing warning to specific industry and international partners and are working to get ahead of the threat by providing actionable warnings and possible mitigations to all partners. This is part of our effort to implement the President’s executive order. We will continue to share information with companies in our critical infrastructure sectors and are working with many institutions to establish a common understanding of malicious tactics and techniques, share network defense best practices, and provide technical assistance. What is critical is that our partners understand the nature and implications of this activity, evaluate the sufficiency of network defenses, remain vigilant, be prepared to respond and recover when such activity does occur, and work with industry organizations and the government to share information about any observed activity.
The WSJ article comes the same week that Richard Bejtlich, of the cybersecurity firm Mandiant, told Killer Apps that his company is seeing a suspected Iranian presence inside his clients’ networks for the first time. Last fall, we reported that foreign hackers had penetrated the networks of U.S. energy firms in an effort to scout their weaknesses.
"There’s some amount of reconnaissance that is required to infiltrate a large critical-infrastructure network, understand which systems are deployed, and how an attack should be structured to be most effective," Ashar Aziz chief technology officer of cyber security firm FireEye told Killer Apps over coffee this week when asked about foreign hackers infiltrating U.S. power networks. "There’s scout malware and there’s killer malware. I would not be surprised if scout malware has scouted all the vulnerabilities in critical infrastructure" in the United States, he said.
"I’m sure we have done the same thing" to potential U.S. adversaries, added Aziz. "Basically, we’ve got our fingers on the trigger very close to the brain of the [power] grid on the other side, and I would not be surprised if our grid was in the very same situation. If somebody felt threatened and wanted to pull the trigger, it would not be hard for them to do that."
John Reed is a national security reporter for Foreign Policy. He comes to FP after editing Military.com’s publication Defense Tech and working as the associate editor of DoDBuzz. Between 2007 and 2010, he covered major trends in military aviation and the defense industry around the world for Defense News and Inside the Air Force. Before moving to Washington in August 2007, Reed worked in corporate sales and business development for a Swedish IT firm, The Meltwater Group in Mountain View CA, and Philadelphia, PA. Prior to that, he worked as a reporter at the Tracy Press and the Scotts Valley Press-Banner newspapers in California. His first story as a professional reporter involved chasing escaped emus around California’s central valley with Mexican cowboys armed with lassos and local police armed with shotguns. Luckily for the giant birds, the cowboys caught them first and the emus were ok. A New England native, Reed graduated from the University of New Hampshire with a dual degree in international affairs and history.
More from Foreign Policy
No, the World Is Not Multipolar
The idea of emerging power centers is popular but wrong—and could lead to serious policy mistakes.
America Prepares for a Pacific War With China It Doesn’t Want
Embedded with U.S. forces in the Pacific, I saw the dilemmas of deterrence firsthand.
America Can’t Stop China’s Rise
And it should stop trying.
The Morality of Ukraine’s War Is Very Murky
The ethical calculations are less clear than you might think.