The number of cyberattacks targeting critical infrastructures increased from 245 episodes in 2014 to 295 episodes in 2015, or 20 percent year over year, according to a 2015 report by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
Cybercrime by the Numbers
The frequency of cyberattacks and the costs associated with cyber incidents are growing at an alarming rate. For instance, according to a 2014 survey, 97 percent and 76 percent of companies surveyed reported having been victims of a malware attack and a web attack, respectively. This is perhaps unsurprising considering that cybercriminals created 317 million pieces of malware in 2014 alone, which works out to about 1 million pieces of malware created every day that year. Moreover, cybercriminals have not spared government agencies, either. In fact, cyber incidents targeting US government agencies grew 10 percent between 2014 and 2015 to stand at 77,000. These incidents ranged from security breaches to data theft.
The Threat of Cybercrime to Physical Infrastructure (Utilities)
The US energy sector reported 79 cyber incidents in 2015 alone, which was the highest number of incidents among all sectors of the economy during that period, according to ICS-CERT. Moreover, the 2015 Global State of Information Security Survey revealed that the number of cyberattacks targeting utility and power companies globally increased sixfold between 2014 and 2015. In 2013, for instance, Iranian hackers used a cellular modem to breach the cybersecurity of a 20-foot-tall dam located near New York City. About two years later, on December 23, 2015, Russian hackers used a malware called BlackEnergy (BE) to disrupt the services of the Ukrainian power companies, causing massive blackouts that affected about 225,000 consumers. The outages lasted up to six hours in some parts of the country.
It is worth noting that cyberattacks are becoming increasingly sophisticated and coordinated in nature. For instance, over 50 percent of the 245 threats reported to ICS-CERT in 2014 involved either advanced persistent threats or sophisticated actors.
Virtual Infrastructure – The Internet
To launch a virtual infrastructure cyberattack, hackers first need to gain access to an Internet-enabled device such as a server or router. For instance, cybersecurity experts revealed that, in 2014, hackers infiltrated 300,000 routers in small businesses and homes across Europe and Asia, allowing them to manipulate users’ web access. Two years later, in October 2016, hackers used Internet-enabled devices, including digital cameras and DVR players, to infect the servers of Dyn, an Internet performance management company owned by Oracle Corporation, causing a distributed denial of service (DDoS) attack. The attack overwhelmed Dyn’s digital infrastructure, eventually causing it to collapse. This led to an Internet outage in some parts of the United States, with popular websites, including Twitter, Netflix, Reddit and CNN, going offline. A month later, in November 2016, about 900,000 customers of Deutsche Telekom, a German telecommunications company headquartered in Bonn, lost Internet access when German hackers launched a cyberattack on the company’s routers.
How Technology Can Compromise the Physical Infrastructure
Granted, new technologies such as digital industrial control systems (ICS) and supervisory control and data acquisition (SCADA) systems improve productivity and efficiency at the workplace. However, such systems can also compromise cybersecurity because hackers can use the technology that allows remote access to equipment and control systems for utilities to carry out a cyberattack. For instance, SCADA systems are particularly vulnerable to cyberattacks because they are typically older and less secure, and their security vulnerabilities are generally difficult to fix. This means that hackers are more likely to target these systems online. Furthermore, remote digital communication networking results in the interconnection of the infrastructure system, meaning that an attack in one location can potentially affect the entire system.
Cyberattacks and the Internet of Things (IoT)
The Internet of things allows Internet-enabled objects and devices to communicate with each other. According to various sources, there were 5 billion IoT devices in 2015, and some companies expect this figure to rise to 50 billion by 2020, including 6.1 billion smartphones and 250 million cars. Unfortunately, hackers can carry out cyberattacks using an IoT object or device. Recent research by ForeScout, a security company, says that some IoT devices are so vulnerable that they can be hacked in minutes. Moreover, hackers can infiltrate even innocuous devices such as web cameras and use them to launch DDoS attacks. In fact, web cameras were some of the devices used during the October 2016 DDoS attack on Dyn. It is worth noting that a cyberattack can also induce physical harm to an IoT system, such as causing devices to overheat or malfunction.
Economic Cost of Infrastructure Attacks
The US power grid infrastructure has experienced 15 cyber incidents since 2000. What’s more, studies show that an attack on the East Coast grid could cost the US economy anything from $250 billion to $1 trillion, with a single large industrial facility losing up to $1 million per day. At this point, it is worth noting that the East Coast accounts for about one-third of the US economy. Additionally, over 90 million people in 15 states would experience power outages. The insurance industry estimates that a viral cyberattack on the electricity grid would cost insurers anything from $21.4 to $71.1 billion. Additionally, the cost of cyberattacks on oil and gas facilities could reach $2 billion by 2018, according to a major insurance company.
Advanced Persistent Threats (APT)
In addition to malwares, cybercriminals also use advanced persistent threats (APT) to infiltrate a computer network. An APT attack entails an unauthorized person gaining access to and remaining in a network with the aim of stealing high-value data such as financial, infrastructure and defense data. It is worth noting that ATP attacks accounted for 55 percent of all the cyber incidents investigated by ICS-CERT in 2014, with 30 percent of those attacks targeting infrastructures in the energy sector.
An Internet attack could cause an Internet outage, leading to significant economic loss. In the United States, for instance, the Internet accounts for 6 percent of the nation’s economy. Unfortunately, Internet blackouts are relatively common. More specifically, there were 81 Internet outages globally between July 2015 and June 2016, with each outage wiping out $2.4 billion from the global GDP. India and Saudi Arabia lost $1 billion and $465 million, respectively, because of these blackouts.
Securing Physical and Digital Infrastructures
Information security professionals should create prevention, defense and response plans aimed at protecting the country’s critical infrastructures. The defense plan should be able to detect threats early and include a multilayer solution for dealing with such cyberthreats. The response plan, on the other hand, should be able to protect infrastructures by isolating and containing the threat. Fortunately, the Pentagon has several agencies tasked with maintaining the safety and integrity of the country’s critical infrastructures. These agencies include the Defense Advanced Research Projects Agency (DARPA) and the Department of Homeland Security.
Cyber incidents targeting critical infrastructures in America are becoming increasingly common. One of the major factors responsible for this increase is the adoption of new technologies such as ICS and IoT that connect these infrastructures to the Internet. Fortunately, cybersecurity experts can help protect these infrastructures from hackers by creating effective prevention, defense and response plans.
As the nation’s oldest private military college, Norwich University has been a leader in innovative education since 1819. Through its online programs, Norwich delivers relevant and applicable curricula that allow its students to make a positive impact on their places of work and their communities.
At Norwich University, we extend a tradition of values-based education, where structured, disciplined, and rigorous studies create a challenging and rewarding experience. Online programs, such as the Master of Science in Cybersecurity, have made our comprehensive curriculum available to more students than ever before.
Norwich University has been designated as a Center for Academic Excellence in Cyber Defense Education by the National Security Agency and Department of Homeland Security. Through your program, you can choose from five concentrations that are uniquely designed to provide an in-depth examination of policies, procedures, and overall structure of a cybersecurity program.