A high-profile attack on critical infrastructure will be made somewhere around the world that could involve the electric grid, the stock market, or may even involve the breach of an entire database of sensitive and private information of the citizens of an entire town or municipality.
The great philosopher Aristotle introduced the concept of ‘potentiality’ to the world in his book Theta. Potentiality refers to any possibility that a thing can be said to have, good or bad. This concept of ‘potentiality’ is precisely why DARPA (The Defense Advanced Research Projects Agency) is soliciting “innovative research proposals to develop technologies for detecting and recovering from cyber-attacks on US critical infrastructure”.
Any infrastructure that controls energy (chemical, electrical, nuclear, and even financial energy) can be pointed in the wrong direction. Energy that has the potential to be harnessed for good can immediately be transformed into energy that can be unleashed for bad. An electric grid can be completely turned off or overloaded to explode. The financial system of an economy can be thrown into turmoil by a simple denial of service or through the introduction of untrusted data.
The world is quickly connecting devices and standardizing on similar hardware, software and operating systems for the controllers that perform the management of the potential energy of core infrastructure. This creates rapid growth and innovation, but it is detrimental to the health of the system. A system composed of similar and connected things now has a distributed but shared immune system. A successful attack on one element of the system can generally be used on another, a concept not lost on the hacker.
Successfully compromise one controller and you are well on your way to controlling the system. Fifty years ago the immune system of a country’s infrastructure was built on a lack of connectivity coupled with obscure hardware and software. None of that is true anymore, and this is precisely why DARPA is soliciting proposals for the agency’s Rapid Attack Detection, Isolation and Characterization (RADICS) program. Never before has the potential to turn infrastructure into a weapon been so real.
Governments around the world are searching for ways to create secure identity for devices, protect critical data, and prevent software from being hacked. The potential for infrastructure to be attacked is quickly becoming a reality, and will soon become a nightmare.
It was recently disclosed that Iranian hackers breached a small dam in Upstate New York, and U.S. intelligence and security agencies are currently investigating the claims that Russian government hackers were behind a cyber attack on the Ukrainian power grid in December. Very soon we will find out how vulnerable the industrial control systems of the world are, and what is their potential for manipulation and destruction.
Rod Schultz
Vice President Product at Rubicon Labs Inc.