Online Attacks on Infrastructure Are Increasing at a Worrying Pace

Over the last four years, foreign hackers have stolen source code and blueprints to the oil and water pipelines and power grid of the United States and have infiltrated the Department of Energy’s networks 150 times.

So what’s stopping them from shutting us down?

The phrase “cyber-Pearl Harbor” first appeared in the 1990s. For the last 20 years, policy makers have predicted catastrophic situations in which hackers blow up oil pipelines, contaminate the water supply, open the nation’s floodgates and send airplanes on collision courses by hacking air traffic control systems.

“They could, for example, derail passenger trains or, even more dangerous, derail trains loaded with lethal chemicals,” former Defense Secretary Leon E. Panetta warned in 2012. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

It is getting harder to write off such predictions as fearmongering. The number of attacks against industrial control systems more than doubled to 675,186 in January 2014 from 163,228 in January 2013, according to Dell Security — most of those in the United States, Britain and Finland.

And in many cases, outages at airports and financial exchanges — like a computer outage that took down computers at airports across the country late Wednesday, including Kennedy International Airport in New York and Logan Airport in Boston — are never tied to hacks.

But it’s clear hackers are trying.

The Department of Homeland Security last year announced that it was investigating an attack against 1,000 energy companies across Europe and North America. In 2012, 23 gas pipeline companies were hacked by online spies, according to a Homeland Security report. Private investigators later linked the attack to China.

Last year, in a disclosure overshadowed by the news of the attack on Sony, a German federal agency said that in an attack at an unnamed steel mill, hackers had managed to jump from the company’s corporate network to its production systems, causing significant damage to a blast furnace.

And in an extensive attack at Telvent, an information technology and industrial automation company now owned by Schneider Electric, Chinese hackers made off with its product source code and blueprints to facilities operated by its customers, which include 60 percent of the pipeline operators in North America.

For now, dire predictions of destructive online attacks on American targets ignore the fact that the actors with the ability to cause the gravest harm to America’s critical infrastructure — China and Russia and allies like Israel and Britain — are sufficiently deterred from doing so by fear of retaliation or because of longstanding trade and diplomatic relationships. And attacks by those aggressively trying to get such a capability — Iran, North Korea and Islamic militant groups — are still several years off.

Read more: Online Attacks on Infrastructure Are Increasing at a Worrying Pace

See Also

Is data safety/security really a myth and will it stay that way?