Check out the SCADA tags to see more information on how systems can be compromised and diverted or shut down.
Critical U.S. infrastructures are being penetrated by foreign states in preparation for devastating future cyber attacks designed to cripple electrical power, communications and financial networks, the commander of the U.S. Cyber Command told Congress on Thursday.
Adm. Mike Rogers, Cybercom chief and director of the National Security Agency, said foreign states have broken into the networks that control industrial systems for a range of what the U.S. government considers 16 critical infrastructures, ranging from electrical power, water, telecommunications and financial systems.
“We have seen instances where we’re observing intrusions into industrial control systems,” Rogers told the House Permanent Select Committee on Intelligence.
“We clearly are seeing instances where nation-states, groups and individuals are aggressively looking at acquiring that capability,” Rogers said.
“What we think we’re seeing is reconnaissance by many of those actors in an attempt to insure they understand our systems so that they can then, if they choose to, exploit the vulnerabilities within those control systems.”
The DHS Industrial Control System-Cyber Emergency Response Team stated in a notice to the private sector that it has uncovered “a sophisticated malware campaign that has compromised numerous industrial control systems environments using a variant of the BlackEnergy malware.”
BlackEnergy is a software that security researchers say has been used by Russian government cyber attackers.
Rogers said controls systems are “fundamental to how we work most of our infrastructure across this nation.”
“They are foundational to almost every networked aspect of our life, from our water to our power to our financial segment to the aviation industry just as examples,” he said.
Rogers said one trend in escalating cyber attacks over the next year is the danger that hackers will penetrate industry control systems.
“It’s among the things that concern me the most because this will be truly destructive if someone decides that’s what they want to do,” he said.
Rogers declined to specify the nation states that are mapping U.S. networks but acknowledged that Russia and China are among them.
For example, an attack on electrical power control systems could order power turbines to stop operating thus cutting off electricity. “I mean, it enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens,” he said.
Recent cyber attacks against critical infrastructure “leads me to believe it is only a matter of the ‘when,’ not the ‘if’ that we are going to see something traumatic.”
Full article: U.S. Electrical, Financial Networks Mapped for Future Cyber Attacks (Washington Free Beacon)