Cyberthreat to Critical Infrastructure

If you still believe hackers are after the mainframe, here’s some good news: They’re not. Mainframes have been almost obsolete for over a decade. They are mostly useful for spare parts.
Anyone who worries that ISIS might try to hack into the power grid to cause mass chaos or that air conditioners could be used to create large-scale blackouts is probably right.
High-stakes cybercrime
CNN reports that ISIS has been trying to hack into the U.S. electricity grid with the apparent intention of “turning off or blowing up machines.” They are terrible at it, which is the good news. They lack the technical ability to succeed in this ambitious venture. However, there are some cybercriminals who do have the technology and have demonstrated it in a real-world situation.
The highly coordinated and sophisticated hackers responsible for the blackout that occurred in Ukraine on December 23, 2015, which affected hundreds of thousands of people, was recently confirmed. The malware used to attack computers and shut down control systems was extremely destructive. The attack targeted six large power providers at once. CNN reports that the methods were so effective that “even call centers used for reporting outages were knocked down.”
This could be called “The Starry Night” in cyberattacks. It’s alarming to learn that the attacker responsible for this malicious masterpiece is still at large.
This is a scary possibility, but if you aren’t alarmed, the fact that air conditioners could be used to hack into the power grid might raise some red flags. Wired reports that cybersecurity experts have discovered a way to bypass remote controls of air conditioner units and cause outages during peak energy times.
Customers who agree to have AC units installed by utility companies can receive a discount. This allows the provider to turn off the system when there is too much demand, such as on hot summer evenings. Hackers only need to match the frequency and record commands. Then they can send them. This allows them turn the units on and off. A surge could result if there are too many of them activated during peak summer hours.
Last but not the least, Chatham House, a think tank, identified a serious weakness in some nuclear facilities in October: the inclusion VPNs. This basically means that mission-critical hubs may not be as isolated from the Internet as previously stated. Hackers are smart. Hackers are clever. Give them an inch and they’ll take it all. Remember Stuxnet? A thumb drive and a cleverly designed worm were all that was needed to destroy Iran’s nuclear facilities.
It’s a thrilling time to be a security professional
People used to believe that cybersecurity experts were only responsible for building firewalls and keeping spam from breaking the computer. It is reasonable to wish for simpler times, given the gravity of many cyberthreats mentioned above.
There is a silver lining to this whole mess: cybersecurity has become a lot more interesting. Computer science gurus who thought their skills would be most useful in an enterprise IT environment suddenly see a value proposition that involves protecting the nation’s electricity grid. There’s no telling what chaos could result from a blackout if it happens on a large enough scale.
It is now that you can use your basic computer training to launch you into bigger things. The next step is to pursue more advanced certificates such as network security certification, or CompTIAsecuritycertification. As a thought leader in the Internet-of-Things-type technology that will drive innovation in the smart grid, any type of Cisco network network certification including Cisco wireless certification and Cisco security certification, will also be of extraordinary value to cybersecurity firms.
We are on the verge of a cybersecurity revolution. Contact New Horizons today to become part of the solution.
For our four-day course in EC CCISO, don’t forget to join us from March 14-18! Click here for more information and to register.
More links
Cybersecurity: 2016 will be the year of cybersecurity. Cybercriminals are being thwarted by professionals in this field, who use computer-based training to stay on the cutting edge of technology. It is challenging to work in cybersecurity as hackers constantly update and change their methods in order to gain private data. Cybersecurity experts are needed because of the growing number of cyberattacks. Symantec, a cybersecurity company, has produced a report on cybercrime activity in 2014. It found that businesses were not adequately prepared for cybersecurity needs.