Cyberwarfare threat against energy infrastructure remains poorly understood


Shutterstock photo

The Stuxnet virus - most likely created and deployed by U.S. intelligence services - represented a new phase of warfare, in which malicious code could physically and dramatically affect and destroy the functioning of real-world targets. The success or failure of Stuxnet is hard to gauge - it probably achieved its goal of destroying key enrichment equipment at Iran's Natanz enrichment plan by breaking its supervisory control and data acquisition systems - but it undoubtedly set a precedent that will be repeated.

The web is vast, and the U.S. is not the only country with the resources and technology to create electronic warfare packages delivered by malicious code. The Financial Times reports  that a specialized section of the Department of Homeland Security has warned of an existing threat to the U.S. natural gas infrastructure. The Industrial Control Systems Cyber Emergency Response Team described a high-level campaign consisting of multiple attempted digital attacks on pipeline operators.

Most of the data about the precise nature of the attack remains secret, thanks to the national security implications and the ongoing investigation. ICSC-ERT did describe the use of a relatively basic social hacking technique called spear-phishing, which tries to lure the weakest link of any security organization - its people - with a combination of social media data-gathering and fake emails which in turn lead to virus-bearing links.

"These intrusions are reconnaissance. But we don't know if they are trying to get into the pipeline control system, or into company information," said Cathy Landry, the Director of Communications of the Interstate Natural Gas Association of America. 

Hacking into the command-and-control systems of the U.S. natural gas pipeline network represents a technical challenge similar to the one faced by Stuxnet's designers. What differentiated the latter attack from other major hacking incidents is the leap from infecting and reprogramming software to using that control in a way which results in physical, real-world consequences. Of course, there's no particular evidence which points to this - hacking into the pipeline system in order to sabotage it is just one possibility, alongside industrial espionage, commodities trading fraud or simply bored hackers seeking a headline-worthy diversion.

"Pipelines are an ideal target for hacking," James Lewis, a senior fellow and director at the Center for Strategic and International Studies told Politico .

Security officials always need to consider the possibility that China, widely considered to be in the highest echelon of cyberwarfare sophistication and expertise, could be involved. A major information-gathering hacking attack on the US-China Economic and Security Review Commission earlier this year probably originated from China, the Guardian  reported. Along with the United States, China appears to be leading the charge in terms of the militarization of the internet, a process which in truth began years before most people were paying attention to incidents like Stuxnet.

Whether or not the attempted hacking of the pipeline operators was an attempt at industrial sabotage, there's no question that governments and corporations need to consider their cybersecurity efforts as absolutely mission-critical in an age where several thousand lines of code can destroy major industrial facilities. 

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

This article appears in: News Headlines , Commodities , Technology , US Markets
Referenced Stocks:

More from Daniel Pereira



Daniel Pereira

Find a Credit Card

Select a credit card product by:
Select an offer:
Data Provided by