It’s high season for frights, most of them fictional, thankfully. But there’s 1 big threat out there that poses a great danger to us — terrorists with computers.
Take these real-life examples:
- Caitlin Durkovich, the assistant secretary for infrastructure protection at the Department of Homeland Security, this month told attendees of the annual Grid Security Conference in Philadelphia of attempts by the terrorist group ISIS to hack into the American electrical power grid.
- And last year Russian hackers successfully installed malware on the computers of energy companies.
Such an attack could have widespread implications, from failed transportation networks to damaged personal finances.
A June 2015 study by the Congressional Research Service, which provides policy and legal analysis to U.S. lawmakers, specifically identified some of the malware already being used against American energy companies and highlighted the threat to “take down control systems that operate U.S. power grids, water systems and other critical infrastructure.”
Indeed, as power companies become more connected to the Internet, the problem grows increasingly serious. Already, according to the study, “the increasing frequency of cyber intrusions on industrial control systems of critical infrastructure is a trend of concern to the electric utility industry.”
“As the grid is modernized and the Smart Grid is deployed, new intelligent technologies utilizing 2-way communications and other digital advantages are being optimized by Internet connectivity,” Richard J. Campbell, the study’s author, wrote. “While these advances will improve the efficiency and performance of the grid, they also will increase its vulnerability to potential cyberattacks…. New devices (like smart meters) and increasing points of access (such as renewable electricity facilities) introduce new additional areas through which a potential cyberattack may be launched at the grid.”
Although ISIS does not currently have the hacking capabilities to cause major damage to our infrastructure, the availability of the malware programs capable of achieving this goal may well soon be available on the black market for purchase. While countries such as Russia, China or even Iran — which all have the computer capabilities to wreak havoc — have appeared to hesitate to deploy malware in this manner against the United States out of a fear of retaliation, that type of concern may not be present with ISIS.
So what should we be doing?
The same Congressional Research Service study also suggested power companies shift from a defensive mode when assessing cybersecurity threats to an “intrusion detection” model because attackers may gain access to critical systems years before they are detected.
In addition, the study urged energy companies to more openly share information with each other and commit more financial resources to cybersecurity. Finally, the study suggested a greater emphasis be made on identifying attackers rather than merely responding to attacks that have already occurred.
Steve Weisman is a lawyer, a professor at Bentley University in Waltham, Massachusetts, author of “Identity Theft Alert” and editor of the blog scamicide.com.