In November, Admiral Michael Rogers spoke to the House Select Intelligence Committee on Cybersecurity. Rogers, the National Security Agency (NSA) Director & U.S. Cyber Command Commander, spoke on the vulnerability of U.S. infrastructure to cyberattacks due to the proliferation of network technologies which are relied upon for that infrastructure’s functioning. Sectors of the economy vulnerable to cyber attacks run the gamut, from energy to oil and gas to government to aviation. In his assessment, no major part of the interconnected global economic system is not vulnerable to cyber attacks.
While this hearing focused mainly on the threat that foreign nation states pose to the U.S., the topic of non-government groups committing catastrophic attacks on infrastructure was brought up as well. In comparing the cyber threat to the nuclear threat of the Cold War era, it has been determined that the cyber threat is a much greater risk because of the ease with which groups with few resources can gain the tools necessary to commit potent attacks, whereas obtaining nuclear weapons is much more difficult.
Main points:
- Foreign powers (China, Iran, and Russia) have the capability to inflict damage on critical U.S. infrastructure through cyber attacks
- Primary concern is this nation state threat
- Secondary threat is gangs/ groups (nation states have been using these groups to execute probing as well as attacks, in order to obscure their own fingerprints)
- Types of attacks used:
- Distributed denial of service (DDoS); not a sophisticated attack, but can do a lot of damage in large scale/ high velocity attacks
- Sophisticated viruses (Iran)
- Trojan horse malware (Russia)
- Main targets to worry about:
- Energy sector (foreign powers have been probing for weaknesses and have gained access to control systems, which could allow nation states / groups to shut down those systems)
- Financial systems / institutions (major threat)
- Oil and gas infrastructure
- Water distribution and filtration systems
- Government
- Aviation
- Attacks can be segmented to perform different kinds of things (cut off power transmissions to specific sectors, turn off specific generators and turbines, etc.)
Watch the full hearing to learn more about cyber vulnerabilities of infrastructure.