There is an interesting (and a bit frightening) article in the Ottawa Citizen, reprinted from Bloomberg News, headlined: “Russian cyber hackers are attacking U.S. energy grid and manufacturing sectors, FBI warns.”
“Russian hackers are conducting a broad assault on the U.S. electric grid, water processing plants, air transportation facilities and other targets ” the Bloomberg report says, “in rolling attacks on some of the country’s most sensitive infrastructure, U.S. government officials said Thursday … [and] … The announcement was the first official confirmation that Russian hackers have taken aim at facilities on which hundreds of millions of Americans depend for basic services. Bloomberg News reported in July that Russian hackers had breached more than a dozen power plants in seven states, an aggressive campaign that has since expanded to dozens of states, according to a person familiar with the investigation.” This was, once, just the stuff of speculative fiction and sci-fi movies but, veteran journalist Ted Koppel wrote a whole, also speculative, “non-fiction” book about it in 2015.
““Since at least March 2016, Russian government cyber actors” have targeted “government entities and multiple U.S. critical infrastructure sectors,” including those of energy, nuclear, water and aviation,” the article says “according to an alert issued Thursday by the Department of Homeland Security and Federal Bureau of Investigation … [and] … Critical manufacturing sectors and commercial facilities also have been targeted by the ongoing “multi-stage intrusion campaign by Russian government cyber actors … [further] … Cyber-attacks are “literally happening hundreds of thousands of times a day,” Energy Secretary Rick Perry told lawmakers during a hearing Thursday. “The warfare that goes on in the cyberspace is real, it’s serious, and we must lead the world.”“
And it’s not just the USA. The Sunday Times reports that similar threats are being identified in Great Britain.
… which consists of a lot more than just power generation facilities and all of which is, I suggest, very vulnerable to cyber-attack, is a matter than should be of great concern.
In a few cases the very age of the control systems in some critical infrastructure facilities makes them relatively hard to attack ~ some do not have modern, interconnected, digital controls … they still use old, stand alone, analog system control and management systems that are, relatively, immune to cyber-attack. But, most often most modern facilities, especially in the continental electrical power grid, are all connected together, through digital communications networks, that are, themselves, the “unlocked door” through which the hackers sneak. Many of us remember the great Northeast blackout of 2003 which were traced to some fairly minor deficiencies in operations and procedures in the state of Ohio that, quickly, “cascaded” throughout all the connected networks. If a minor, accidental glitch in a small town in Ohio could plunge a huge area of North America, including Toronto and the Golden Horseshoe, into darkness, imagine what a really well planned attack might do!
This is a threat that our government (Ralph Goodale is the responsible minister, through his Public Safety department) and our industry need to address together. It makes good engineering and business sense to coordinate things, using digital communications, like our electrical power grid, our oil and natural gas pipelines, our rail lines and air traffic and, soon, our autonomous (self driving) passenger vehicle ‘networks,’ too ~ and they will need complex networks. But all those networks provide “unlocked doors” through which unfriendly intruders can pass.
Part of the solution might lie in expanding the mandate of Canada’s Communications Security Establishment (CSE) so that it goes beyond the Government of Canada and law enforcement and security agencies. CSE seems a likely agency to also help provinces and the private sector to secure their networks. Of course, an expanded mandate is not much help unless resources are provided, too … but adding a few dozen experts and a few million dollars to CSE might be a prudent and valuable first step down the road to national and continental cyber-security.
The threat, it seems to me, is real and imminent and Russian … it’s time to start preparing our defences, before it’s to late.