One of the National Security Agency’s (NSA) highest ranking officials warned Wednesday of a serious threat posed to the nation’s critical infrastructure from potential cyber threats.
Speaking during a keynote address to a cyber security summit in West Point, N.Y., NSA Deputy Director Richard Ledgett warned the U.S. infrastructure is far too dependent on what are called industrial control systems, or ICS.
“There’s no doubt that Chinese military planners understand the importance of industrial control systems and the critical infrastructure they control,” said Ledgett.
ICS programs are pieces of software that control the processes of infrastructure systems like power grids, oil pipelines and water distribution and treatment centers. The problem with ICS, explained Ledgett, is they are not secure and many companies have failed to update them.
“Adversaries are seeing what they can get by compromising those industrial control systems,” said Ledgett. He pointed to a test conducted in 2007 where government researchers conducted a test of the U.S. power grid to check for vulnerabilities. Referred to as the “Aurora Generator Experiment,” the test showed the massive generators which produce much of the electricity in the U.S. could be infiltrated through a cyber attack, causing them to eventually malfunction. Researchers claimed the test showed that should an adversary conduct a larger, coordinated attack on multiple generators, entire regions of the U.S. could lose power for months.
Dr. Mike Lloyd, a cyber security guru with over 20 years experience and the chief technology officer of security company RedSeal, agrees U.S. infrastructure is woefully unprepared for a cyber attack.
“We have a very fragile infrastructure,” said Lloyd during a telephone interview with The Daily Caller News Foundation. “We need to get better at protecting ourselves.”
Lloyd pointed to a 2013 cyber attack on a small New York dam as a recent example of the danger the U.S. faces. A group of Iranian hackers utilized a technique that Lloyd calls “Google dorking” to probe the network that runs the dam’s ICS. The technique is fairly simple: using a Google platform, hackers essentially ping the various “doors” of networks to see which will let you in. Lloyd says the scan sends back millions or even billions of vulnerabilities which the hackers can then test. In the case of the New York dam, it is most likely the hackers targeted a broad swath of U.S. systems and found the dam was particularly poorly secured. Though the probe did not cause any physical damage, Lloyd said that it exposed the weakness of the U.S. infrastructure.
With more and more devices and networks connected to the Internet, the “target surface” for U.S. adversaries becomes larger and larger. Lloyd recognizes this is inevitable and is worth doing to make life easier for Americans, but he also believes we need to prepare our system to withstand a cyber attack and keep going. Based on his experience, most companies, industries and other key facets of the U.S. economy are not prepared to operate while containing a cyber attack.
“America is the tall kid in dodge ball, but we are [also] the easier target,” said Lloyd. “We shouldn’t think about where the cyber ‘Pearl Harbor’ will be.” Instead, Lloyd believes we need to focus on what can be done now to compartmentalize the problem so we can manage future threats.
Send tips to russ@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.
