Despite the fact that cyber-attacks occur with greater frequency and intensity around the world, many either go unreported or are under-reported, leaving the public with a false sense of security about the threat they pose and the lives and property they impact. While governments, businesses and individuals are all being targeted on an exponential basis, infrastructure is becoming a target of choice among both individual and state-sponsored cyber-attackers, who recognize the value of disrupting what were previously thought of as impenetrable security systems. This has served to demonstrate just how vulnerable businesses, cities and countries have become, and the growing importance of achieving global risk agility in the face of such a threat.
As an example of the growing vulnerability of critical infrastructure, in December 2015 a presumed Russian cyber-attacker successfully seized control of the Prykarpattyaoblenergo Control Center (PCC) in the Ivano-Frankivsk region of Western Ukraine, leaving 230,000 without power for up to 6 hours. This marked the first time that a cyber weapon was successfully used against a nation’s power grid. The attackers were skilled strategists who carefully planned their assault over many months, first doing reconnaissance to study the networks and siphon operator credentials, then launching a synchronized assault in a well-choreographed dance. The control systems in Ukraine were surprisingly more secure than some in the U.S., since they were well-segmented from the control center business networks with robust firewalls (Wired, 3/3/16), emphasizing just how vulnerable power systems are globally.
The PCC operated a common form of industrial control system known as a supervisory control and data acquisition system, which allows for remote controlling and monitoring of industrial processes — in this case the distribution of electricity. The attackers overwrote firmware on critical devices at 16 substations, leaving them unresponsive to any remote commands from operators (Wired, 3/3/16), effectively leaving plant operators blind. It now seems clear, given the degree of sophistication of the intrusion, that the attackers could have rendered the system permanently inoperable.