When it comes to critical infrastructure, there are few more essential than electricity generation and distribution. Without electricity, nothing else works. According to a report from cybersecurity firm Dragos, groups have shown that they have the capability to impact power operations and network connectivity detrimentally. "Electric utilities remain at risk for a disruptive – and potentially destructive – cyberattack due to the political and economic impact such an event may cause,” the firm wrote in its report North American Electric Cyber Threat Perspective.
"At this time, Dragos has observed adversary activity targeting utility enterprise networks, which may enable initial intrusion and reconnaissance at those entity sites. The data gathered and access achieved could facilitate preliminary steps for a potentially disruptive event within the OT environment. Dragos has also observed adversary reconnaissance inside ICS networks," the report continued.
The report concluded that while there hasn’t been a destructive cyberattack in North America, such attacks launched by capable adversaries have occurred in other geographies, such as Europe and with adjustments such attacks are possible within North America, Dragos believes.
Such disruptive attacks would require a lot of time and effort to be successful, and Dragos believes that the defenders of ICS networks still have the edge over attackers.
Key Findings from the report include:
While North America has not experienced a disruption, the number of known successful ICS attacks is rising, and the risk is high that such an attack happens within North America, Dragos concluded. The Dragos report focused on several adversaries that currently have their sights set on compromising the critical infrastructure.
According to Dragos, of the adversarial groups, the firm is observing over 60% of them are targeting the North American electric sector. Further, as threats to industrial control systems are expanding more broadly into North American utilities, they are also growing in menace.
Dragos tracked activity in one group, XENOTIME, which they described as “the most dangerous and capable activity group.” According to their analysis, this group initially focused their efforts targeting n oil and gas operations and have more recently expanded into electric utilities. “Dragos also identified the MAGNALLIUM activity group expanding targeting to include electric utilities in the US. This activity group expansion and shift to the electric sector coincided with increasing political and military tensions in Gulf Coast Countries (GCC),” the report said.
According to the report, the Dragos research of the CRASHOVERRIDE attack also indicates ELECTRUM targeted recovery operations. “Such activity, if successful, could prolong outages following a cyberattack and cause physical damage to equipment or harm to operators. These findings suggest the group had greater ambitions than what it achieved during its 2016 attack, and represent worrying possibilities for safety and protection-focused attacks in the future,” the report states.
Dragos concluded that the increased risks associated with supply chain and third-party attacks are a growing concern. Such attacks make it possible for attackers to compromise environments and gain a foothold in trusted systems. And the weaponized USB, software updates and maintenance work will increasingly bypass security controls as hardware makers, maintenance engineers and managed services providers are treated as trusted entities. “NERC Registered Entities with in-scope systems can take advantage of the recent focus around CIP-013 to create robust supply-chain risk management programs focused on both security and compliance objectives across operations,” the report said.
While North America hasn't suffered a severe cybersecurity incident on its critical power infrastructure, that doesn't mean it can't or won't happen. The number of attacks on this critical infrastructure has increased in recent years and will likely continue to increase. And should a major physical war occur involving nations with significant offensive cyber capabilities, this critical infrastructure is a likely target. The Dragos report provides an interesting and wide-ranging look at the current threats to the North American electric sector and provides some insight for defenders, and it is worth a read and available here.
tags
George V. Hulme is an internationally recognized information security and business technology writer. For more than 20 years Hulme has written about business, technology, and IT security topics. From March 2000 through March 2005, as senior editor at InformationWeek magazine, he covered the IT security and homeland security beats. His work has appeared in CSOOnline, ComputerWorld, Network Computing, Government Computer News, Network World, San Francisco Examiner, TechWeb, VARBusiness, and dozens of other technology publications.
View all postsDon’t miss out on exclusive content and exciting announcements!