In a new report released by McAfee, several noted security experts discuss the improving cyber-warfare capabilities of the world's superpowers and the risks facing critical infrastructures.
The ability of several
countries to launch politically motivated cyber-attacks has increased and
put critical infrastructure in the crosshairs, according to a sweeping
report from McAfee.
In its fifth annual Virtual
Criminology Report (PDF), McAfee noted that not only have politically motivated
cyber-attacks increased, but countries such as Russia, the United States and China
are developing advanced offensive
capabilities. According to the report, the United States nearly put its
capabilities front and center before the 2003 invasion of Iraq when U.S.
military and intelligence
agencies planned a cyber-attack on the Iraqi financial system. The attack was
called off out of concern that it would impact other countries, the report
"While in this case the
U.S. decided to hold back due to the high risk of collateral damage, one
can imagine what the consequences for the private sector might be if
hostilities were to erupt between two major powers," according to the report.
Attackers have no shortage
of targets, as the critical infrastructure in many developing nations is tied
to the Internet. The McAfee report notes that supervisory control data
acquisition (SCADA) systems for example were designed to help companies cut the
costs of running and maintaining the infrastructure of the energy industry.
When companies installed these systems, they didn't seem to have anticipated
attackers might also want to control SCADA systems remotely to disrupt or damage
them, the report contends.
"Despite the challenge of
mapping out vulnerabilities in systems, there is evidence that it can be done
and that attacks on utilities can be carried out successfully," the report
states. "One senior analyst for the U.S. Central Intelligence Agency said last
year that hackers were able to attack the computer systems of utility companies
outside the U.S., and in one case caused a power
outage in multiple cities."
At this year's Black Hat
Las Vegas, there were talks dealing with vulnerabilities
and security concerns tied to the adoption of smart grid technologies.
Among the presenters was security consultant Mike Davis, who along with other
researchers at IOActive developed proof-of-concept code for a worm that spread
from smart meter to smart meter. In a recent interview with eWEEK,
government needs to take a stronger role in making sure smart grid technologies
are engineered securely.
"Until recently the focus
on the smart grid has been about adding flexibility to the grid,"
"Unfortunately, hackers love flexible systems, and if we don't take care to
engineer the smart grid correctly [not just the smart meters], we are
engineering what may be a national failure. My personal feeling is that if
we're investing stimulus funds to expand the capability of the grid, we
should have some regulation, which requires security testing and verification
and, of course, penetration testing."
CEO Dave DeWalt said the idea of a
global cyber-arms race has become a reality.
"Now several nations
around the world are actively engaged in cyber-war-like preparations and
attacks," he said in a statement. "Today, the weapons are not nuclear, but
virtual, and everyone must adapt to these threats."