Government officials and some internet security researchers have been saying for quite some time now that the nation’s (and the world’s) core infrastructure is at risk. Some examples include the flow of water into cities, the flow of electricity, and the traffic lights that keep city streets relatively organized. All of these depend on the reliable function of Industrial Control Systems, and these, as it turns out, are incredibly easy to hack.
A couple of years ago, hackers brought traffic to a standstill in a city in Texas by hacking the control system for signal lights. Other hackers have attacked water systems, with the effect of denying large numbers of citizens access to clean water for days at a time. We’ve also seen hackers overload transformers and cut power in limited areas of municipalities, and this is just the tip of the proverbial iceberg.
So far, these attacks have been little more than experiments. Small forays into a new frontier designed to test the defenses of the perimeter and see what’s possible.
The results of those initial attacks have revealed glaring weaknesses that, if exploited in a serious and large scale way, could paralyze entire cities, perhaps for weeks at a time. Those hacks, if and when they occur, will absolutely cost lives.
As Bharat Mistry, the technical director of Trend Micro puts it:
“The underground cyber crime economy is big business for ransomware operators and affiliates alike. Industrial Control Systems found in critical national infrastructure, manufacturing and other facilities are seen as soft targets, with many systems still running legacy operating systems and unpatched applications. Any infection on these systems will most likely cause days if not weeks of outage.”
This is a dangerous time, and worse, at present, there is no serious effort being made anywhere to better secure industrial control systems. It’s a ticking bomb that could go off at any time. Sooner or later, a state sponsored group of hackers is going to pull the trigger. Probably sooner than later.