Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage

For further information on SCADAs, please see the following Global Geopolitics entries that were ahead of the curve:

Red Dragon Rising: Communist China’s Military Threat to America” from 1999 is a highly recommended read. The United States is in more vulnerable than most people know, and longer than most people would have thought.

Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.

From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.

The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.

The confluence of these factors –  along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.

“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.

“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.Continue reading

Exclusive: U.S. nuclear lab removes Chinese tech over security fears

A leading U.S. nuclear weapons laboratory recently discovered its computer systems contained some Chinese-made network switches and replaced at least two components because of national security concerns, a document shows.

The discovery raises questions about procurement practices by U.S. departments responsible for national security. The U.S. government and Congress have raised concerns about Huawei and its alleged ties to the Chinese military and government. The company, the world’s second-largest telecommunications equipment maker, denies its products pose any security risk or that the Chinese military influences its business. Continue reading

China fake parts ‘used in US military equipment’

Vast numbers of counterfeit Chinese electronic parts are being used in US military equipment, a key Senate committee has reported.

A year-long probe found 1,800 cases of fake parts in US military aircraft, the Senate Armed Services Committee said.

More than 70% of an estimated one million suspect parts were traced back to China, the report said.

It blamed weaknesses in the US supply chain, and China’s failure to curb the counterfeit market.

The failure of a key part could pose safety and national security risks and lead to higher costs for the Pentagon, the committee said.

US servicemen rely on a variety of “small, incredibly sophisticated electronic components” found in night vision systems, radios and GPS devices and the failure of a single part could put a soldier at risk, the report said.

It highlighted suspect counterfeit parts in SH-60B helicopters used by the Navy, in C-130J and C-27J cargo planes and in the Navy’s P-8A Poseidon plane.

After China, the UK and Canada were found to be the next-largest source countries for fake parts.

Rather than acknowledging the problem and moving aggressively to shut down counterfeiters, the Chinese government has tried to avoid scrutiny”

‘Avoiding scrutiny’

The committee criticised China for failing to shut down counterfeit manufacturers and said that committee staff wanting to travel to China for the investigation had not been granted visas.

“Counterfeit electronic parts are sold openly in public markets in China,” the report said.

“Rather than acknowledging the problem and moving aggressively to shut down counterfeiters, the Chinese government has tried to avoid scrutiny,” it added.

But the report said that use of Department of Defense programmes such as the Government-Industry Data Exchange Program (GIDEP), designed to log suspected fake parts, were “woefully lacking”.

Between 2009 and 2010 the GIDEP only received 217 reports relating to suspected fake counterfeit components, the majority of which were filed by just six companies, it said. Only 13 reports came from government agencies.

Full article: China fake parts ‘used in US military equipment’ (BBC)

Richard Clarke: All U.S. Electronics From China Could Be Infected

 

Well, it’s been pretty obvious for a while now that China’s been hacking into some  of America’s most important businesses and government agencies and stealing reams of data. We’ve heard countless reports about Pentagon info being stolen orabout critical data on the F-35 Joint Strike Fighter being plucked from defense contractors networks — with China being the main suspect.

Here’s what Clarke Recently told Smithsonian Magazine:

“My greatest fear,” Clarke says, “is that, rather than having a cyber-Pearl Harbor event, we will instead have this death of a thousand cuts. Where we lose our competitiveness by having all of our research and development stolen by the Chinese. And we never really see the single event that makes us do something about it. That it’s always just below our pain threshold. That company after company in the United States spends millions, hundreds of millions, in some cases billions of dollars on R&D and that information goes free to China.…After a while you can’t compete.”

But Clarke’s concerns reach beyond the cost of lost intellectual property. He foresees the loss of military power. Say there was another confrontation, such as the one in 1996 when President Clinton rushed two carrier battle fleets to the Taiwan Strait to warn China against an invasion of Taiwan. Clarke, who says there have been war games on precisely such a revived confrontation, now believes that we might be forced to give up playing such a role for fear that our carrier group defenses could be blinded and paralyzed by Chinese cyber intervention. (He cites a recent war game published in an influential military strategy journal called Orbis titled “How the U.S. Lost the Naval War of 2015.”)

Full article: Richard Clarke: All U.S. Electronics From China Could Be Infected (Defense Tech)