When the Department of Homeland Security and F.B.I. revealed in June that cyber attackers penetrated the Wolf Creek nuclear facility, it was the latest in a string of recent hacks against critical infrastructure targets. It was followed just ten days later by the news of the (allegedly) Russian attack on Ireland’s energy network. The upsurge of attacks against industrial targets this year was a true escalation with potentially disastrous real-world implications.
I have spent my career, first in an elite unit of the Israeli army, then leading the malware research efforts at Check Point and now as CEO ofcybersecurity company, defending and securing critical infrastructure. So, of all people, I feel the severity of the potential threat. Yet despite the gravity of these cyber attacks, I find myself asking whether things are really that bad, or is it just hype?
The answer is yes and no.
Yes, there’s no denying that attacks on the digital systems that control our physical critical infrastructure are scary. And the recent attacks like those facilitated by CrashOverride and Petya/NotPetya are deserving of the red flags they raised. Critical infrastructure, after all, is the bone and muscle of our society. When the millions of moving pieces that comprise our critical infrastructure don’t work seamlessly together, civilization can easily grind to a halt.
Yet if we’re brutally honest, no. No, the attacks we’ve seen thus far — as alarming as they may be — have not yet inflicted real damage. Existing failsafe mechanisms have successfully mitigated physical damage from these hacks. For example, in the Petya/NotPetya attacks, manual monitoring effectively compensated for infected computers at the Chernobyl nuclear plant. In a previous attack on a water treatment facility, it was manual failsafe that prevented a mass poisoning.
So, although the current attack modus operandi does pose a serious threat to systems and people alike, it’s just a threat at this stage. Digital threats don’t bring about the end of the world… until they cause massive and concrete physical damage.
Here’s how it gets worse
What worries me is what happens when hackers attack not just the digital systems that support physical infrastructure, but the actual physical systems themselves?
What happens when cyber attackers cause real-world damage, as heinous as any suicide bomber? What happens when hackers realize that they don’t necessarily need NSA-created vulnerabilities — because there’s an Achilles heel in the entire critical infrastructure ecosphere?
I’m talking about data. There isn’t a physical system today that doesn’t rely on data for crucial decision-making. When the data that supports decision-making in critical infrastructure is purposely and maliciously corrupted, things get messy. Existing cybersecurity solutions are designed to address overt ‘storm-the-castle-gates’ attacks, as well as subtler, ‘man-on-the-inside’ APTs. Nobody is looking at the data itself.
Data: The Achilles heel
Decision-making at industrial and infrastructure facilities is based almost entirely on data from thousands of sensors. These sensors range from legacy devices to brand-new IoT monitors. Yet all remain notoriously vulnerable to cyber-manipulation, either through direct sensor access or hijacking of data as it moves from sensors to the control room.
How does this look in real life? Let’s say that you’re a hacker looking to cause an explosion at a power plant. You likely have two overriding concerns: 1) causing maximum damage, and 2) not getting caught, or at least not being detected too quickly.
It’s no simple task to breach the network of your average power plant. Yet, any security professional’s operating assumption is that every network can be breached. And once the attacker infiltrates the network, they’re going to look for an undetectable (and ideally forensically untraceable) way to cause the explosion. They’re not going to plaster Shadow Brokers slogans across the screen of every controller then trigger the plant’s proverbial ‘self-destruct’ mechanism — this would be way too overt.
What sophisticated attackers can do is, for example, find the data stream from wired or IoT temperature or vibration sensors deep inside one of the turbines. If the ICS or SCADA system controlling the turbine thinks that the internal temperature is significantly lower than it actually is, then the turbine’s cooling system won’t turn on, the turbine will overheat and then… well, you don’t have to be a fan of disaster movies to get the picture. And despite the disastrous results of this type of attack, it’s really hard to tell — both in real time and ex-post facto — whether the disaster was due to attack, human error or malfunction.
The Doomsday weapon: Truth
So if I’m honest, the end of the world may yet come, and it may well be the result of cyber-tampering. However, the good news is that as we enter 2018, data manipulation of the type described above is totally avoidable — contingent on two key factors: awareness and technology.
Once the threat of manipulated critical infrastructure data is on the radar (awareness), we can start rethinking the way we validate data health (technology). The awareness of the danger, as we’ve seen from top-tier journalists and policy gatekeepers alike, is already here.
What’s needed next is the right technology to create trust that we, and the computer systems that control the bedrock of our civilization, are making decisions based on accurate data. In the end, data truth and integrity may, in fact, be the ultimate weapon in preventing the end of the world.