Canadian Cyber Security Journal
Filed under: Featured, News

Dam releases, bank failures and poisoned water: Cyber pros warn worst cases are possible

Hackers could have opened the flood gates on a dam in New York in 2013, but the gates were offline for maintenance.

Another hacker was in the process of trying to poison the water supply in a Florida town in February when a worker noticed and stopped it.

Rather than risk a spill or other pipeline disaster after a ransomware attack last month, operators of an East Coast pipeline shut it down, leaving millions waiting in long fuel lines.

Such close calls are ratcheting up fears about how vulnerable the nation’s infrastructure is to cyberattacks. Experts say there are more to come and the attacks could be far more devastating than anything seen so far unless the United States girds its critical systems against a growing onslaught of digital intrusion.

That worst-case scenarios haven’t played out already, experts said, comes down to a combination of luck, and the fact that hackers have focused on making quick money using relatively unsophisticated attacks.

Hackers hit hundreds of critical systems last year and watchdogs say we’re not doing enough head off more.

The U.S. Department of Homeland Security identifies 16 “critical infrastructure sectors,” vital parts of everyday life such as transportation and drinking water that are at risk of disruptions and would hurt the nation’s security, health or safety. Last week, President Joe Biden handed a list of the sectors to Russian President Vladimir Putin and told him they’re off limits for cyberattacks.

Think of all the automated systems that people rely on every day, said Paul Rosenzweig, who formerly worked on cybersecurity policy for Homeland Security: “Traffic lights for our cars, natural gas for our houses, water for our homes, clean water and sewage, electricity to power our houses, our metro rail systems that that many of us use.”

And therein lie the worst-case scenarios, said Tatyana Bolton, a former Homeland Security official who led development of strategies for strengthening U.S. cybersecurity.

“If any of (these industries) are attacked and taken offline it would create massive repercussions across the United States,” she said.

Despite repeated warnings, she said, cybersecurity in these critical sectors hasn’t improved much.

“You can look back at videos and events and papers from 10 years ago,” Bolton said. “And the arguments that we were making then are the arguments we’re trying to make now, which shows you how little focus we’ve gotten from Congress, and support from the administration in terms of resources, and funding and people.”

That might be changing after hacks at the Colonial Pipeline Co. and meatpacker JBS Foods.

Deputy Attorney General Lisa Monaco issued a plea to the nation’s CEOs earlier this month to batten down the digital hatches against an expected onslaught of devastating ransomware attacks.

“You’ve got to be on notice of the exponential increase of these attacks,” Monaco told them.

Experts say the scariest scenarios involve a hacker either purposefully or inadvertently changing the operations of an industrial control system, such as that for a pipeline, a dam or a water works.

Such an intrusion could lead to prolonged outages, destroy infrastructure and even kill.

Enjoy this article? Don’t forget to share.