There are two stories today about infrastructure attacks that do not bode well for the people responsible for protecting US infrastructure. The first is a Wall Street Journal report on hacking the US power grid, something the Russians have been doing for some time, but has now been reinvestigated since new attacks have been discovered. There is a good map of where these targets are in this article. The second is a FireEye report on Iran's DNS hacking on a very broad scale. Both of these are not making anyone happy who cares about protection of national interests. [ If you don't know very much about DNS attacks, you might try reading Security Issues at DNS a paper published on SANS. It is long but worth reading. For a less technical paper on this, try DNS Security: Defending the Domain Name System]
These kinds of attacks are not new, although the Iranian attacks on DNS certainly are more innovative than the brute force attacks of the past. They are also broader, taking in the Middle East and North Africa, Europe and North America. They are almost attributed to Iran, though FireEye says "an Iran nexus" which is not exactly the same thing. It is obvious that someone is working hard to use DNS to hack businesses and specific individuals by something totally out of the victim's control. It is effective, and should be getting much more attention that it does now.
The Russians seem to have gone after some of the smaller infrastructure companies that are more vulnerable to state-sponsored attacks. The Journal alludes to this being preparation of the battlefield, suggesting they are laying the groundwork for larger attacks and making a capability to do real damage to the power grid in conjunction with other types of war. In general, that part is true. They are partly that and partly a warning of what is possible if we want to fight them. We know what they are capable of and have to take that into consideration before engaging them. The problem for any country that does that is not the known types of things that have been identified. It is the unknown things that have been done. This particular series of attacks went unknown for a year.
A good bit of the world has to start coordination between countries on these kinds of attacks. They are targeting large grids that cross international boundaries and have multiple jurisdictions. Nobody wants this kind of attack undermining the confidence in power and computer infrastructure yet neither Congress and other state legislative bodies seem to have the ability to identify and do something about it. Focus a little on this area and start thinking about what is required to get a grip on large scale attacks on big infrastructures. Russia and Iran are working on it. Maybe we should too. This is Homeland Security territory and they are mostly missing.
No comments:
Post a Comment