Jenna and I discuss the recent first ever success attack using the BlackEnergy malware. BlackEnergy has also infected a lot of the US critical infrastructure.
Talking Points for BlackEnergy
1. If this doesn’t send a wakeup call to the industry and government, then nothing will. The lack of a national discussion around cybersecurity by presidential candidates led to an upcoming OpEd in TheHill.com I wrote at the urging of Bob Cusak. Will be out tomorrow or Next Tuesday. Only one candidate – both R and D – has a written plan for cybersecurity. That means the other 15 (at last count) – don’t. One of the reasons I created the site CyberDecision2016.com and the Presidential Cybersecurity Questionnaire. To date not a single candidate has completed the PCQ. One candidate flatly refused to fill it out.
2. One area of big concern is how much of BlackEnergy was developed, learned from Stuxnet. When we spoke before, my big concern was the work of a Russian anti-virus company who helped the Iranians detect and remove Stuxnet worm and Flame virus from the systems controlling their centrifuges. Now a Russian group – Sandworm – is using very similar techniques to attack control systems in critical infrastructure.
3. In 2012, Saudi Armco was the vicim of a cyber attack by malware called Shaman. Similar to the Ukrainian attack, Shaman wiped the hard drives of over 30,000 computers. http://www.infosecurity-magazine.com/news/saudi-aramco-cyber-attacks-a-wake-up-call-says/
4. Our own critical infrastructure is severely infected with the BlackEnergy malware. The Department of Homeland Security issued a bulletin over a year ago describing a “destructive Trojan horse malware program called “BlackEnergy” that has compromised much of our national critical infrastructure.” BlackEnergy is clearly linked to a Russian cyber-espionage group called ‘Sandworm’, and was earlier discovered in European energy and telecommunications companies.
5. We are now just learning of the breach by Iranian hackers, who took credit for the cyberattack against the Bowman Avenue Dam in Rye, NY, an attack that happened in 2013. The group, SOBH Cyber Jihad, claims to have accessed the control systems. The DHS report says the attackers also accessed and read files, including user names and passwords. Nothing damaged – yet. EndFragmentEndFragment
6. In a very damaging attack in December of 2014, a report, issued by Germany’s Federal Office for Information Security (BSI), indicated attackers gained access to a steel mill belonging to ThyssenKrupp and then went into systems controlling plant equipment. The attackers disrupted control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive” damage.
7. It will get worse – and I do mean far worse – before it remotely gets better. Our critical infrastructure is aging so fast; the chances of a catastrophic failure or attack are probably equal.