Foreign Hackers Accessed U.S. Power Grid ‘Dozens of Times’
Recently, a private security researcher hot on the trail of hackers who stole information from a California university’s housing files discovered something far more nefarious: the attackers had found a way into networks running America’s power grid.
That security researcher was Brian Wallace. Those attackers appear to be based in Iran. According to his research, these bad actors have already swiped passwords, engineering drawings from dozens of power plants, and more. If that’s not bad enough, the Associated Press (AP) is reporting that Wallace’s discovery is not altogether unique.
“About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on,” the AP said, noting its sources were top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter.
However, the public almost never learns the details of these types of attacks, which are rarer as well as more intricate and potentially more dangerous than data theft, the AP noted. “Information about the government’s response to these hacks is often protected and sometimes classified; many are never even reported to the government,” according to the AP.
Dealing with Super Powers
We caught up with Dwayne Melancon, CTO of advanced threat detection firm Tripwire, to get his thoughts on the news.
When it comes to critical systems, and critical infrastructure, it pays to make attackers’ lives more difficult, he told us. As an example, he stressed implementing multi-factor authentication to prevent access rather than using just a password is crucial. On top of that organizations should segment their networks to limit the amount of sensitive information that can be accessed by users, he said.
“In particular, accounts with ‘super powers’ — such as creating new users, changing access permissions, or performing potentially harmful operations — should not only be tightly controlled, they should be aggressively monitored to look for unusual activity,” Melancon said.
“In older systems, the amount of rigor possible might be limited due to the lack of security functionality in old applications,” he continued. “In that case, organizations can often reduce risk by moving systems into a network segment that can only be accessed by a VPN, and multi-factor authentication can be added at the VPN.”