Tom Gjelten reports on efforts to defend the US from a Stuxnet-type attack — keeping mind that many experts believe that the Stuxnet worm, the first cyberweapon of its kind ever seen, was created by the US government.
The prospect of a cyberattack on U.S. infrastructure assets has prompted the Department of Homeland Security to arrange a new training program for the people who are supposed to protect the electric grid, manufacturing plants, refineries, water treatment centers and other critical facilities.
The top concern is the industrial control systems (ICS) that oversee the operation of key equipment at those facilities, from the valves to the breaker switches.
By hacking into the computer networks behind the industrial control systems, an adversary could reprogram an ICS so that it commands the equipment to operate at unsafe speeds or the valves to open when they should remain closed. This is roughly the way Stuxnet was able to damage the centrifuges in Iran.
Participants in the training program, based at the Idaho National Laboratory in Idaho Falls, are taken step by step through a simulated cyber-intrusion, so they can experience firsthand how a Stuxnet-like attack on their facilities might unfold.
During an Idaho National Laboratory exercise that was staged for visiting reporters in late September, instructor Mark Fabro installs his “red” team on the second floor of the training center, with the mission of penetrating the computer network of an unsuspecting industrial company, set up on the floor below.
The trainees on the “blue” team downstairs sit in a mock control room, monitoring their computer screens for any sign of trouble.
At first, everything appears normal. The attackers have managed to take control of the computer network without the defenders even realizing it. But gradually, problems develop in the control room.
“It’s running really slow,” says one operator. “My network is down.”
Sitting at their monitors upstairs, the attacking team is preparing to direct the computer system to issue commands to the industrial equipment.
“Take this one out,” says Fabro, pointing to a configuration that identifies the power supply to the control room. “Trip it. It should be dark very soon.”
Within 30 seconds, the mock control room downstairs is dark.
“This is not good,” says Jeff Hahn, a cybersecurity trainer who this day is playing the role of the CEO of the industrial company under attack. The blue team is under his direction.
“Our screens are black and the lights are out. We’re flying blind,” Hahn says.
During the exercise, the critical industrial facility under attack is a pumping station, such as might be found in a chemical plant or water treatment center. As the operators sit helpless at their terminals, the pumps suddenly start running, commanded by some unseen hand. Before long, water is gushing into a catch basin.
“There’s nothing we can do,” one of the operators tells the CEO. “We can only sit here and watch it happen.”
If this mock facility were an actual chemical plant, hazardous liquids could be spilling. If it were an electric utility, the turbines could be spinning out of control.
If it were a refinery, the tanks could be bursting or pipelines could be blowing up, all because the cyberattackers have been able to take over the computer network that controls the key operations.
The cyberattack scenario is all the more worrisome, because it is not clear that such attacks can be effectively stopped.
“Some of these [systems] can’t be protected,” says Weiss, the industrial control systems security expert. “We’re going to have to figure out how to recover from events that we simply can’t protect these systems from.”