Jenna Lee and I continue our discussion around BlackEnergy, how the attack in Ukraine happened and what DHS is doing about it.
Talking Points For BlackEnergy Followup
1. Not a mention of cybersecurity in last nights State Of The Union – not one word. The silence on cybersecurity is deafening. If a power plant was blown up by terrorists and caused the same outage, there would be retaliation. Apparently if you can accomplish the same thing without firing a single bullet, there’s little to no consequence.
2. As suspected, spear phishing appears to be the tactic of choice through a Microsoft Word document. I just recently interviewed the world’s most famous hacker – Kevin Mitnick – about this same tactic. My intro says spear phishing is probably the biggest threat today. (This was a product launch for Cloudmark – a company that built a solution focused precisely on spear phishing).
3. The fact that DHS is helping investigate tells us the nature of the threat – it’s real and it’s here in the US. DHS will be studying the computers and logs just like a crime scene – trying to figure out how the attack happened, how it spread, how it avoided detection, etc.
4. This attack also combined additional tactics – like a denial of service attack against the call center for the energy utility to prevent customers from alerting them to the outage. This prolonged the attack and increased the damage and time to recover from it. This is a level of coordination and sophistication that is becoming more common in these hybrid attacks – a cyber attack with a denial of service attack.
5. Our systems are no better protected than Ukraine’s. Our critical infrastructure will be the targets of attackers – it’s not ‘IF’ but ‘WHEN’. Isaac Ben-Israel, a retired Major General of the Israeli Air Force said “If you want to hit a country severely you hit its power and water supplies. Cyber technology can do this without shooting a single bullet.”