Loyal visitors to the BF Blog know we’ve expended a lot of pixels in this space detailing the woeful condition of U.S. infrastructure. The consensus among experts, like the American Society of Civil Engineers, is that the U.S. needs to spend at least $2 trillion repairing and upgrading its infrastructure within the next 10 years to remain competitive as an industrial power.
Well, just when you think it can’t get worse—infrastructure-wise—an ominous phenomenon has emerged that can’t be fixed simply by pouring more concrete or spreading more asphalt.
A sobering report in today’s New York Times reveals that the number of hacking incidents involving key infrastructure has increased exponentially since the beginning of 2013. According to the report, which cited a global survey by Dell Security, the number of cyber attacks against industrial control systems increased from 163,228 in January 2013 to 675,186 in January 2014. It seems a safe bet that this disturbing tally will exceed 1 million when the totals for 2015 are added in.
The Times report says that during the past four years hackers have stolen the source code and blueprints for the power grid of the United States and for most of the oil and water pipelines in North America. The cyber fiends also have infiltrated the Dept. of Energy’s networks 150 times.
Thus far, most of these cyber-intrusions appear to be exploratory in nature. But a few have crossed the line and caused physical damage, including an attack last year on a steel mill in Germany in which the hackers reportedly entered the company’s corporate network and used it to access production systems, crippling a blast furnace.
The experts are telling us that, in terms of the long-feared “Cyber Pearl Harbor,” the hacking equivalent of Japanese aircraft carriers already are on the open seas of cyberspace and it’s only a matter of time before a devastating sneak attack unfolds. Even worse, security consultants Applied Control Solutions told the Times that when the attack hits we’ll have a hard time recognizing it as a cyber attack and an even harder time figuring out where it came from.
The potential for disruption and destruction on a mass scale also is increasing as essential systems controlling water, energy and air traffic are more reliant than ever on computerized controls. The menu of possible catastrophic events is a virtual smorgasbord: contaminated water supplies, opened floodgates, exploding oil pipelines, regional blackouts and blinded air traffic control systems, among other disasters.
This is where we’re supposed to reassure you that the good guys are scrambling to get on top of this threat and prevent it from happening, so here goes:
We took a smidgeon of relief from former NSA chief Michael Hayden’s comments about state-sponsored cyber attacks. Hayden told the Times that while many of the recent cyber intrusions into industrial and utility control systems may have involved spies from China or Russia probing for vulnerabilities, a full-scale attack from these global powers is highly unlikely because it would invite retaliation on a similar scale. [As we’ve reported previously in this space, the Pentagon has an active program to develop offensive as well as defensive cyber weapons; since we invented this stuff, presumably our counterpunch would be fearsome].
But what Hayden said next was spine-chilling: what he’s really worried about is an attack from “renegade, lower-tier nation states that have nothing to lose.” This formulation includes the outfit known as ISIS, which has exhibited sophisticated social media skills and is believed to be developing advanced hacking tools.
OK, enough with the scary stuff. Here’s the really good news: the nation’s $1.5-billion cyber security facility, called the Utah Data Center (it’s code name is Bumblehive, and, no, we’re not making that up), recently opened its doors in Bluffdale, UT. The 1.9-million-square-foot center is operated by a coalition of top U.S. intelligence agencies and charged with the responsibility to “monitor, strengthen and protect” America from all digital threats.
If knowing that our new cyberdefense hub is up and running doesn’t fend off the nightmares when you hit the pillow tonight, here’s a cup of hot chocolate: according to the specs released by the NSA, Bumblehive comes equipped with “a three-day, 100-percent power backup capability.”