16 December 2023

Terrifying hacks on critical infrastructure have arrived. America isn’t ready

GORDON G. CHANG

On Nov. 25, an Iran-linked hacker group — with ties to the Iranian state itself — took control of a part of the Municipal Water Authority of Aliquippa, in western Pennsylvania near Pittsburgh. Crews switched to manual systems to deliver water to two towns.

The hackers entered the system through an Israeli-made programmable logic controller, which had been successfully targeted in attacks in Israel in the past couple of months.

The Iranian hackers were able to get in with little effort. Critical infrastructure in the U.S. contains industrial control systems that are known to be easy targets for cyber attackers.

Many of these vital networks are, incredibly, permitted to determine on their own what level of security is appropriate, which means they are essentially unprotected. The Aliquippa attack occurred less than a month after the Environmental Protection Agency rescinded a rule requiring water systems to include cybersecurity testing.

Since the Aliquippa attack, hackers have reportedly breached four other utilities and an aquarium in the U.S., according to one source.

At one time, hackers were focused on espionage and data theft. Now, however, there is another objective: disruption of critical infrastructure.

These “aggressive cyber operations” can not only take down infrastructure but also “induce societal panic,” as Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency, put it in June to the Aspen Institute.

Modern societies are complex and highly dependent on networks. They are, therefore, fragile. America is not nearly as resilient as it was, say, 50 years ago.

Chinese hackers have had their way with American infrastructure networks, reportedly hitting water utilities, major ports and an oil and gas pipeline, to name a few. There are even suggestions that China may have caused the Northeast blackout in 2003 and one in Florida in 2008.

Most analysts are skeptical that Beijing was responsible for the blackouts. Still, in June, Easterly called Chinese cyber-espionage and sabotage an “epoch-defining threat.” Moreover, the 2003 Annual Threat Assessment of the U.S. Intelligence Community states “China almost certainly is capable of launching cyber attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.”

President Biden reportedly did not raise the cyberattack issue when he met Chinese ruler Xi Jinping last month.

The threat to infrastructure is already causing damage. For instance, in May 2021 a Russian group hit the Colonial Pipeline network, creating gas shortages on the East Coast and disrupting airline operations. The company paid the hackers 75 Bitcoin, nearly $5 million at the time, as a ransom.

Furthermore, ransomware attacks disrupted hospitals in Texas, New Jersey, New Mexico and Oklahoma last month, and some of them had to divert ambulances from emergency rooms due to the attacks. So far this year, there have been 317 publicly reported ransomware attacks against healthcare facilities.

Attacks on infrastructure can be expected in the early stages of a war. In Washington, there is debate over whether the United States should defend Taiwan from Chinese invasion. The discussion may be irrelevant because Chinese military doctrine could be to hit the United States in the first moments of a war, whether America is a combatant or not.

Why would China do that? The Chinese military knows that for an invasion of Taiwan to be successful, its navy and air force will have to establish a blockade of that island nation. For a blockade to be successful, it will have to encompass sovereign Japanese territory, for instance, the island of Yonaguni, which is just off the east coast of Taiwan’s main island. The blockading of Japanese territory will bring America into the war because the U.S. has a mutual defense treaty with Japan.

This situation requires Washington to heed Easterly’s words from the Def Con hacker conference in August:

“I hope that people are taking seriously a pretty stark warning about the potential for China to use their very formidable capabilities in the event of a conflict in the Taiwan Straits to go after our critical infrastructure.”

Despite all the cyberattacks that have occurred, America has left itself vulnerable, because many Americans think their society is at peace.

The world, however, is rocked by war in Ukraine, insurgencies that look like wars in North Africa, and war in Gaza. To make matters worse, bad actors in South America and Asia are threatening neighbors. China, which has declared a “people’s war” on America, is behind much of this turbulence.

“Time is not our friend in this quest,” David Pekoske, director of the U.S. Transportation Security Administration which oversees the security of pipelines, ports, railways and aviation, told the Def Con conference. “We need to move very, very quickly.”

“We need to be ready now.”

There is something else Americans must keep in mind. As Easterly said, “It’s going to be very, very difficult for us to prevent disruptions from happening.”

It will be difficult, especially when America is not ready, and its enemies know that.

No comments: