Infrastructure protectionDHS warns Anonymous may target critical infrastructure

Published 4 November 2011

DHS is warning critical infrastructure operators that the international hacking group known as Anonymous has threatened to attack industrial control systems, the software that governs automated processes for nearly every major utility or production facility including factories, power stations, chemical plants, and pharmacies

 

DHS is warning critical infrastructure operators that the international hacking group known as Anonymous has threatened to attack industrial control systems, the software that governs automated processes for nearly every major utility or production facility including factories, power stations, chemical plants, and pharmacies.

The security bulletin from the National Cybersecurity and Communications Integration Center was careful to note that “while Anonymous recently expressed intent to target [industrial control software], they have not demonstrated a capability to inflict damage to these systems.”

Following the Stuxnet virus at Iran’s Bushehr nuclear facility, which resulted in physical damage, cyberattacks against ICS systems have emerged as one of the greatest threats to critical infrastructure.

By taking control of the Supervisory Control and Data Acquisition (SCADA) system, the Stuxnet virus forced several nuclear centrifuges to spin out of control while it simultaneously knocked out the system’s automatic shutdown safety procedure. Analysts now fear that hackers can similarly cause power generators to explode, release dangerous chemicals, or pollute water supplies by attacking SCADA systems at various facilities.

The restricted security bulletin obtained by the website Public Intelligence, noted that hackers from Anonymous have published key programming code and other materials that instruct users on how to gain some access to ICS systems.

Furthermore Anonymous “could be able to develop capabilities to gain access and trespass on [ICS] networks very quickly,” the report cautioned.

In particular, oil and gas companies may be at greatest risk due to Anonymous’ “green energy” agenda in which it has supported the campaign against the Keystone XL oil pipeline and the Alberta Tar Sand project in Canada.

“This targeting could likely extend beyond Anonymous to the broader [hacker activist] community, resulting in larger-scope actions against energy companies,” the bulletin warned.

DHS concluded by urging “owners and operators of critical infrastructure control systems … to engage in addressing the security needs of their [ICS] assets.”