Hacking the grid: How cyber criminals can gain access to critical infrastructure

Share this…

Many people don’t truly understand the extent to which computers control in the modern world. Everything from stoplights at busy intersections to power plants have automated systems, and for good reason. These programs allow for a level of efficiency and effectiveness that human employees simply can’t provide.

However, this convenience comes at a cost. There hasn’t been a system designed that’s completely impenetrable, and this is especially true of the programs guiding the world’s critical infrastructure. Institutions such as power stations are a major attack vector for hackers with the expertise necessary to break into them, and loss of control over them could be disastrous.

Why would a hacker want to go after critical infrastructure?

Before going into the specifics of who’s been affected by these kinds of attacks, it’s important to realize why hackers would decide to go after critical infrastructure facilities. According to the 2013 Data Breach Investigations Report from Verizon,  75 percent of digital bandits commit their crimes for money. However, those going after a country’s critical infrastructure aren’t your typical hackers.

While holding something like a power station hostage would certainly cause a lot of issues for energy consumers, such an attack would draw too much attention from the authorities for the perpetrator to actually make off with the money. A hacker wanting to make money would have a much better time going after a hospital or financial institution.

No, the individuals involved in these attacks are very often motivated by loftier goals, such as destabilization of a region. Most hacks levied against these kinds of facilities are therefore politically motivated. Shutting down an area’s power supply causes panic and anger from the populace, which is the perfect cover for other nefarious actions. What’s more, it also erodes the public’s trust in their government.


What do cyber criminals do to get in?

Trend Micro researchers have found that these individuals are generally looking for human-machine interface solutions. These systems are the center of a facilities operations, and given hackers a wide range of options of what to do.

In order to gain access to these solutions, Trend Micro has found that hackers generally like to exploit memory corruption vulnerabilities. These situations make up around 20 percent of observed problems, and can take the form of attacks such as stack-based buffer overflows or even out-of-bounds reads and writes.

Another major attack vector is the simple mismanagement of important credentials. Trend Micro has time and again seen companies lose control of critical administratively login data, thereby enabling the hacker to do pretty much whatever he desires.

Regardless of how the individual gets in, the end-goal is usually the same here. When a government or cyber criminal collective decide to go after a piece of a country’s critical infrastructure, they’re generally looking to shut down operations.

Stuxnet is a scary example of what can happen

Although it wasn’t technically levied against an institution that could be considered part of the “critical infrastructure,” Stuxnet is a perfect example of how foreign actors can wreak havoc on a major facility. Wired’s Kim Zetter even went so far as to call this worm “the world’s first digital weapon.”

At its most basic, Stuxnet was a piece of malware that was somehow introduced to an Iranian uranium enrichment plant. It was discovered in January 2010, but not before it damaged the facility’s centrifuges by accessing and altering the computer program that controlled them.

This was a major wakeup call – or at least it should have been – for those who utilized computerized solutions within critical infrastructure institutions. Hackers were no longer relegated to the digital world, only able to cause financial damage. No, now they could cause physical, real-world destruction with a few lines of highly advanced code.

What’s more, Stuxnet was also a lesson about the current state of international digital affairs. While no one has found any hard evidence, most experts believe this attack to have originated from either the U.S., Israel or a combination of these forces. Not only are hackers now able to cause damage to physical structures, but they’re also politically motivated.

Ukraine lost power as a result of a hacker

Moving outside of a history lesson, attacks on critical infrastructure facilities have become a very real threat since the days of Stuxnet. One of the most relevant recent incidents involved the hacking of Ukraine’s power grid. According to a separate article for Wired by Zetter, the whole incident began on December 23, 2015, when a hacker gained access to a computer program that controlled the circuit breakers at the Prykarpattyaoblenergo energy control center.

The hacker continued to knock out power to region after region, until somewhere around 230,000 people lost their supply of electricity. On top of that, the criminal even went so far as to cut power to the control station itself, forcing employees to work toward getting their own energy back before they could help everyone else.

Zetter reported that this was the first confirmed cyber attack to successfully cut off a power company’s ability to supply energy. Again, like Stuxnet, no one has come forward to claim responsibility for this particular incident. However, Ukraine has since blamed Russia, as the two countries aren’t currently on the best terms due to Russia’s annexation of Crimea.

As it stands, it doesn’t look like this particular attack was meant to actually accomplish anything other than shutting off Ukraine’s power supply. The fact that the actor behind this plot hasn’t come forward also points to the fact that this probably wasn’t done for sport, either. A good guess would be that this was done in order to expose current vulnerabilities by a foreign nation with an investment in the ability to utilize these weaknesses against Ukraine in the future.

Israel deals with these attacks all the time

Although the attack on Ukraine’s power infrastructure is certainly disconcerting, there are many other countries dealing with the same kinds of hacks. Perhaps the best example of this is Israel. This middle eastern country has been subject to all manner of physical attacks, so it would make sense that it also has to constantly fight off digital ones. The Israeli newspaper Haaretz quoted one professor Isaac Ben Israel, the director of Tel Aviv University’s Blavatnik Interdisciplinary Cyber Research Center, as to the extent of the current problem.

“We discover between 200,000 and 2 million hacking attempts every day in Israel on critical infrastructure such as water, electricity and railroads, but they are well-protected,” Israel said.

Clearly, this issue is getting seriously out of hand. Having to deal with up to 2 million attacks on a daily basis is simply an astronomical feat, and it would be impossible to block all of those. It’s the sad reality behind modern cyber security: The victim has to win every time, but the hacker only has to win once.

While this is a big enough problem for companies that may lose a lot of money due to an attack, the stakes are raised even further when discussing the critical infrastructure of an entire country. The number of nefarious actions foreign actors can take when a country’s energy grid is down is uncountable, and they all end poorly for the average citizen.

This threat needs to be taken more seriously

Years ago, the best way to defend a country’s critical infrastructure was to beef up physical security. The only way a terrorist or foreign entity could destroy the power grid would be to cause chaos and destruction through bombs and guns. While these weapons certainly aren’t easy to defend against, they involve a full-on invasion or a single actor somehow making it through walls, guards and razor wire.

This simply isn’t the case anymore. A team with enough knowledge and the proper guidance and funding from an entire sovereign nation can knock out power to hundreds of thousands of people without having to fire a single bullet.

While this is certainly a scary thought, paralyzing fear or full-scale panic isn’t the answer. Rather, officials need to start viewing facilities such as power plants as attack targets. Even something as traditionally non-essential as an internet provider could very easily find itself in the crosshairs of a hacker.

The internet allows for the rapid distribution of information, and causing a panic would be a lot easier if the populace didn’t know what was going on. Having a list of possible targets is the best place to start in terms of preparing for an attack that could cripple the country’s infrastructure.

On top of that, administrators of these facilities need to develop disaster recovery solutions for the possibility of a cyber attack that disables their ability to provide their essential service. Employees do much better in an emergency when they know what’s expected of them, and drilling these workers according to your plan could help decrease downtime. What’s more, disaster recovery solutions focused on cyber attacks can help you determine which systems need to be brought back first in order to cut down on the amount of panic resulting from customers who are going without something as essential as electricity.