http://www.gao.gov/new.items/d05434.pdf
The Pentagon and CIA were well aware of the implications such an attack could have on the USA, and set about developing hardened networks to resist attempts to seize control of military and government systems.
However, private industry and publicly funded utilities have always lagged in hardening their infrastructure. It wasn't until after the Department of Homeland Security was formed that such items as detailed maps of the nations fuel pipelines were classified secret, and removed from the internet. Today such maps are still available, but in general terms, without the details required to perpetrate something bad. And if the latest news is accurate, then there are still major weaknesses in securing the power grid. Most utilities use computer controls in what is defined as a SCADA system, which stands for Supervisory Control And Data Acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or a facility, like a power plant. This is the danger of what was reported in the news, the infiltrator could commandeer the system, giving commands to power down turbines, open dam spill gates, etc, disrupting the flow of electrical energy, water, and fuels.
So this weeks announcement that Russian and Chinese hackers had infiltrated the electric grids is nothing surprising to me, in fact that seems like old news.
The Chinese military have established whole units specifically dedicated to using cyber technology as a warfare tool, with the strategy laid out in a book written by two Peoples Liberation Army colonels in the late 1990's!
In an article in DefenseTech.org web site, China's Cyber Forces, it is stated "China has a significant cyber weapons and intelligence infrastructure in place today. What is alarming is not only do they have the intent, but they have the money. Beijing has the world's second or third largest defense budget depending on where you look for the numbers. Their military budget has been on the rise at 10 percent or more a year for over a decade. This, as well as the attacks, are evidenced by their cyber operational ability to scan, acquire nodes for their growing botnet as well as the continued sophisticated assaults on defense information systems in the US, Germany, UK and India. In addition, in April 2007, Sami Saydjari, who has worked on cyber defense systems for the Pentagon since the 1980s, told Congress: "The situation is grave, with nation-states such as China developing serious offensive capabilities."
It wasn't that long ago that news of phony Cisco routers was discovered by the FBI - In 2008 the major IT security news was "Under a section titled “The Threat,” the FBI described the effort [Operation Cisco Raider] as “IT subversion/supply chain attack” that could “cause immediate or premature system failure during usage.”
The counterfeit equipment also could be used to “gain access to otherwise secure systems” and to “weaken cryptographic systems.”
Knowing this has made me wonder (often, and angrily) why the US Government approved the sale by IBM of their PC and laptop manufacturing to Lenovo of China in 2004.
"This acquisition will allow Chinese industry to make significant inroads on its path to globalization," Lenovo chairman Liu Chuanzhi said at a news conference. "It has changed the structure of the global PC manufacturing business."
Lenovo will take over IBM's desktop PC business, including research, development and manufacturing for $1.25 billion in cash and shares, while IBM will retain a 18.9 percent stake, Liu said."
Considering all of this, there may well be a "trojan horse" in every computer and networking component from China. That was the case in at least some of the fake routers. (Note to self, never buy a Chinese made computer)
What part of trade with China is good? Is there a computer that doesn't have a part from China? Lead in baby formula?? It's really no secret what they want from this country. We have all these world leaders rushing toward Globalization............and they all want to be the leader!! It would be funny if it weren't so scary.
ReplyDeleteI remember when you could not sell any computer components to China, unless it was so obsolete that it no longer mattered.
ReplyDeleteAs for the power grids, make them closed systems. Everything doesn't need to be connected to the bleeding internet.
So you had one of those high paying jobs, or still do.
It didn't pay that high, and it was too much pressure...not from the IT part, dealing with pennypinching executives. I left after proposing network hardening by additional firewalls, Intrusion detection and prevention, and segmenting the network. Now I consult people on what to do, and if they chose to do so, great. if not, its all in my report..."..client determined further safeguards were not in line with current business plan, will reassess in future..."
ReplyDelete