{"id":10129,"date":"2015-12-21T21:50:38","date_gmt":"2015-12-22T03:50:38","guid":{"rendered":"http:\/\/hcstx.org\/?p=10129"},"modified":"2015-12-21T21:50:38","modified_gmt":"2015-12-22T03:50:38","slug":"this-article-will-not-boost-your-confidence-in-american-cyber-defense-capabilities","status":"publish","type":"post","link":"https:\/\/thetacticalhermit.com\/index.php\/2015\/12\/21\/this-article-will-not-boost-your-confidence-in-american-cyber-defense-capabilities\/","title":{"rendered":"This article Will NOT Boost Your Confidence in American Cyber-Defense Capabilities"},"content":{"rendered":"\n\n\n
\n\n\n\n
\n
\n
\n
\n
\n
\n
\n

\"hack1\"<\/p>\n

Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident.<\/p>\n

The breach came amid attacks by hackers linked to Iran\u2019s government against the websites of U.S. banks, and just a few years after American spies had damaged an Iranian nuclear facility with a sophisticated computer worm called Stuxnet. In October 2012, then-Defense Secretary<\/a>Leon Panetta<\/a> called out Iran\u2019s hacking, prompting fears of cyberwar.<\/p>\n

The still-classified dam intrusion illustrates a top concern for U.S. officials as they enter an age of digital state-on-state conflict. America\u2019s power grid, factories, pipelines, bridges and dams\u2014all prime targets for digital armies\u2014are sitting largely unprotected on the Internet. And, unlike in a traditional war, it is sometimes difficult to know whether or where an opponent has struck. In the case of the dam hack, federal investigators initially thought the target might have been a much larger dam in Oregon.<\/p>\n

Many of the computers controlling industrial systems are old and predate the consumer Internet. In the early digital days, this was touted as a security advantage. But companies, against the advice of hacking gurus, increasingly brought them online in the past decade as a way to add \u201csmarts\u201d to U.S. infrastructure. Often, they are connected directly to office computer networks, which are notoriously easy to breach.<\/p>\n

These systems control the flow in pipelines, the movements of drawbridges and water releases from dams. A hacker could theoretically cause an explosion, a flood or a traffic jam.<\/p>\n

\"\"<\/figure>\n

The U.S. has more than 57,000 industrial-control systems connected to the Internet, more than any other country, according to researchers at Shodan, a search engine that catalogs each machine online. They range from office air-conditioning units to major pipelines and electrical-control systems.<\/p>\n

Security experts say companies have done little to protect these systems from would-be hackers<\/a>.<\/p>\n

\u201cEverything is being integrated, which is great, but it\u2019s not very secure,\u201d said Cesar Cerrudo, an Argentine researcher and chief technology officer at IOActive Labs, a security-consulting firm. At a hacker conference last year in Las Vegas, Mr. Cerrudo wowed the audience when he showed how he could manipulate traffic lights in major U.S. cities.<\/p>\n

Operators of these systems \u201cdon\u2019t think about security,\u201d he said.<\/p>\n

The threat of physical damage is real. Last winter, the German government said in a report that hackers broke into the control system at a domestic steel plant<\/a> and caused \u201cmassive\u201d damage to a blast furnace.<\/p>\n

The U.S. and other governments use cyberweapons, too. In the early years of President Barack Obama<\/a>\u2019s term, the U.S. and Israel used a sophisticated computer program to disable centrifuges at Iran\u2019s nuclear facility at Natanz, according to former U.S. officials. The virus unintentionally self-replicated and spread to other networks, including systems at<\/a>Chevron<\/a>CVX -0.81 %<\/a> Corp. Executives at the oil company said no damage occurred.<\/p>\n

The Department of Homeland Security has publicly warned industrial companies<\/a> since 2011 to be more judicious in how they connect these systems to the Internet. One 2014 missive said the devices are poorly protected, \u201cfurther increasing the chances of both opportunistic and targeted\u201d hacking attempts.<\/p>\n

For the 12 months ended Sept. 30, the department had received and responded to reports of 295 industrial-control-system hacking incidents, up from 245 for fiscal year 2014<\/a>, according to agency statistics shared with The Wall Street Journal. The problem doesn\u2019t appear to be getting better. In June, the department said a \u201ccritical infrastructure asset owner\u201d who suspected a breach hadn\u2019t kept records of devices on its network, hindering the investigation.<\/p>\n

Most of the time, the hackers appear to be probing systems to see how they are laid out and where they can get in, investigators familiar with the incidents said.<\/p>\n

The incident at the New York dam was a wake-up call for U.S. officials, demonstrating that Iran had greater digital-warfare capability than believed and could inflict real-world damage, according to people familiar with the matter. At a congressional hearing in February, Director of National Intelligence James Clapper called Iranian hackers \u201cmotivated and unpredictable cyber actors.\u201d Iranian officials didn\u2019t respond to a request for comment.<\/p>\n

The 2013 dam hack highlighted another challenge for America\u2019s digital defenses: the fog of cyberwar. Amid a mix of three-letter agencies, unclear Internet addresses and rules governing domestic surveillance, U.S. officials at first weren\u2019t able to determine where the hackers had infiltrated, three of the people familiar with the incident said.<\/p>\n

Hackers are believed to have gained access to the dam through a cellular modem, according to an unclassified Homeland Security summary of the case that doesn\u2019t specify the type of infrastructure by name. Two people familiar with the incident said the summary refers to the Bowman Avenue Dam, a small structure used for flood control near Rye, N.Y.<\/p>\n

Investigators said hackers didn\u2019t take control of the dam but probed the system, according to people familiar with the matter.<\/p>\n

Homeland Security said it doesn\u2019t comment on specific incidents. Spokesman S.Y. Lee said the department\u2019s \u201cIndustrial Control Systems Cyber Emergency Response Team responds to cyber incidents, vulnerabilities and threats\u201d to critical infrastructure across the U.S.<\/p>\n

Intelligence analysts then noticed that one of the machines was crawling the Internet, looking for vulnerable U.S. industrial-control systems. The hackers appeared to be focusing on certain Internet addresses, according to the people.<\/p>\n

Analysts at the National Security Agency relayed these addresses to counterparts at Homeland Security, the people said.<\/p>\n

Eventually, investigators linked one address to a \u201cBowman\u201d dam. But there are 31 dams in the U.S. that include the word \u201cBowman\u201d in their name, according to U.S. Army Corps of Engineers records.<\/p>\n

Officials feared that hackers breached the systems at the Arthur R. Bowman Dam in Oregon, a 245-foot-tall earthen structure that irrigates local agriculture and prevents flooding in Prineville, Ore., population: 9,200. The White House was notified of the discovery, on the belief that it was a new escalation in the ongoing digital conflict with Iran, three people familiar with the incident said.<\/p>\n

In response to a request for comment, the White House referred The Wall Street Journal to Homeland Security.<\/p>\n

Eventually, the trail led to the Bowman Avenue Dam, the people said, near the village of Rye Brook, N.Y., a 20-foot-tall concrete slab across Blind Brook, about 5 miles from Long Island Sound. It was built in the mid-20th century for ice production, according to municipal documents.<\/p>\n

\u201cIt\u2019s very, very small,\u201d said Marcus Serrano, the manager of the neighboring larger city of Rye. In 2013, Mr. Serrano said, several FBI agents appeared at city offices and wanted to speak to the city\u2019s information-technology manager about a hacking incident at the dam. \u201cThere was very little discussion,\u201d Mr. Serrano said.<\/p>\n

Chris Bradbury, administrator for the village of Rye Brook, said, \u201cI couldn\u2019t comment on that.\u201d<\/p>\n

The FBI declined to comment.<\/p>\n

Read the Original Article at WSJ<\/a><\/strong><\/p>\n

\n<\/div>\n
<\/div>\n<\/div>\n<\/div>\n<\/div>\n
<\/div>\n<\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City two years ago, sparking concerns that reached to the White House, according to former and current U.S. officials and experts familiar with the previously undisclosed incident. The breach came amid attacks by hackers linked to Iran\u2019s government…<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_newsletter_tier_id":0,"jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[2122,1704,13,74,1317,883,1814,1725,2450,1189,65,272,1898],"tags":[3413,3414,3415,3416,183,3417],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/10129"}],"collection":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/comments?post=10129"}],"version-history":[{"count":0,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/posts\/10129\/revisions"}],"wp:attachment":[{"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/media?parent=10129"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/categories?post=10129"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/thetacticalhermit.com\/index.php\/wp-json\/wp\/v2\/tags?post=10129"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}