Tuesday, September 15, 2015 by cyberwar
Russia has placed a destructive “Trojan Horse” malware program in the software that operates most of America’s critical infrastructure, making it possible for Moscow to cause economic catastrophe throughout the U.S., the Department of Homeland Security has now warned.
The cyber operation is the modern-day equivalent of the Cold War’s concept of nuclear MAD — mutual assured destruction — because intelligence analysts believe the United States has likely achieved similar inroads into Russian (and likely Chinese) infrastructure.
However, the penetration of American financial infrastructure could be even more potentially devastating, considering that the U.S. financial and banking system and Wall Street provide the backbone for global trade, as part of the world’s largest economy. Also, the U.S. dollar is the world’s reserve currency; any disruption of the American economic system would likely cause a dollar collapse and lead to global financial pandemonium.
‘No random attack’
In addition to having major financial implications, national security sources and intelligence analysts note that the malware has also penetrated other vital infrastructure — that which is used to “control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants,” ABC News reported. Shutting any of these vital systems down could adversely impact millions of Americans, and could even lead to destruction and death.
In a bulletin, DHS warned that the Russia-sponsored hacking attack has been continuous since 2011, though no attempt has yet been made to activate the malware to “damage, modify, or otherwise disrupt” America’s industrial and infrastructure control processes. As such, though American intelligence agencies and the Obama Administration have only recently been made aware of the breach, no one knows where or when the malware could be activated.
“DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems — mutually assured destruction,” the network reported on its website.
Intelligence community insiders learned about the penetration in late October; at that time, DHS’ Industrial Control Systems Cyber Emergency Response Team issued an alert bulletin to industry members outlining the breach. The bulletin reported that the “BlackEnergy” penetration was detected by several private industrial firms recently.
ABC News reported further:
DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year.
“Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said.
‘The more I worked on the issue, the more concerned I became’
DHS officials said that the hacker software is very advanced, meaning it most likely was developed by a state actor with unlimited resources, rather than a non-state actor as a terrorist weapon. The malware can be controlled by operators using computers, an iPad or smart phone to control “various industrial processes,” ABC News reported. The software also allows collaborative control and information sharing.
The 2010 book Cyber War, by Richard A. Clarke, who served as a national security expert in the administrations of Ronald Reagan, George H. W. Bush, Bill Clinton and Georg W. Bush, warned that the nation’s critical infrastructure — financial, transportation, water, electrical and communications — were vulnerable to penetration and attack. He describes such tactics as “asymmetrical warfare,” and he noted that China was likely a bigger threat than Russia.
Clarke noted that, during the administration of Bill Clinton, he was assigned to draft a Presidential Decision Document (PDD) outlining the risks to both government and private industrial systems, but said he was given no authority to implement his recommendations.
“The more I worked on the issue, the more concerned I became,” he wrote, adding that by 2000, the Clinton Administration “developed a National Plan for Information Systems Protection, but there was still no willingness in the government to regulate the industries that ran the vulnerable critical infrastructure.”
Clarke, Richard A. and Knake, Robert K. 2010. Cyber War. New York: HarperCollins. http://www.barnesandnoble.com