I was debating posting something about this since I thought it was very chicken little, but it made it to slashdot again so my hopes of it dying quietly in the night are broken.
The Wall Street Journal had a hysterical article about our power infrastructure being vulnerable to attack by the Chinese and the Russians; it further declared a multitude of attacks have already occurred resulting in backdoors and dormant malware being planted ready for some massive cyber war in the future. As Bruce Shneier briefly blogged about the whole article is devoid of specifics and most of the detection claims comes from intelligence agencies who are not likely to share the specifics. China has, of course, denied the allegations.
I’m going to give both the WSJ and the unnamed intelligence agencies the benefit of the doubt and say this probably is not being made up out of whole cloth, but also probably is not what they are representing it as either. The likely culprit for these “recon” and “mapping” expeditions are your average, run of the mill script kiddies who happen to reside in Russia or China. My daily security logs show constant attacks from all over the world – usually concentrated in Russia, China, South Korea, and Taiwan. Does this mean these four countries have declared war on my network? No more than a bored high school student using nmap on a foreign government’s IP space or trying some dictionary attacks against their servers constitutes an attack by America on them. This is all speculation, of course, but how do you differentiate government sponsored activities from the ever present hackers who may just be exploring out of boredom.
The better question is why these systems are possible to attack from the internet in the first place. The idea every system must be connected to the internet is flawed. If our intelligence agencies do not connect the systems storing super classified information to the internet, and our military has its own separate network for its battlefield operations why are systems controlling critical infrastructure connected to the net? Air gap networks, a network in which there is a gap of air between the network and any other – e.g. it is isolated physically from the internet, is hardly a new one. Many companies do the same thing with critical systems – especially if they are worried about data ex-filtration – so files cannot be transferred outside the company.
The WSJ article also references officials denying any immediate danger. One paragraph later they reference a $17 billion dollar expenditure for securing the government networks. Maybe that $17 billion would have been better spent funding computer science programs through the NSA’s information assurance Centers of Academic Excellence program; then someone could get a clue that maybe plugging critical systems into the internet is not such a great idea.