Quick takes // by Ben FrankelCyber attacks on critical infrastructure reach U.S.

Published 21 November 2011

Most of the U.S. critical infrastructure is run by computers which are connected to the Internet; this makes them susceptible to cyber attacks; a few days ago the control system of a water pump in Illinois was taken over by a hacker’s remote command, and then deliberately destroyed; what critical infrastructure facilities will hackers — nerdy teenagers, terrorists, or intelligence operatives of other nations — target next?

Two recent cases of debilitating cyber attacks on control systems of infrastructure assets made the headlines:

  • In the spring and summer of 2010, Israel unleashed the Stuxnet malware on uranium-enriching centrifuge farms in Iran, causing about a third of Iran’s active centrifuges to explode, disrupting the others, and slowing down Iran’s march to the bomb.
  • Last week, Israel sent another malware, the Duqu, into Iran’s military-industrial complex to disrupt Iran’s military programs. This time, on 12 November, the malware caused the sophisticated Sejil-2 ballistic missile to explode while it was being shown to a group of scientists and top military commanders, among them Gen. Hassan Tehrani Moghaddam, the founder of Iran’s missile programs. The explosion, which killed sixteen other members of the Islamic Revolutionary Guard Corps, occurred at the Alghadir military complex near city of Bidganeh. Reports say that missile exploded while Gen. Moghaddam was describing to the group gathered around the missile the features of a new warhead for the missiles, a warhead that could carry a nuclear payload. The New York Times reports that the explosion was so powerful, it was heard twenty-five miles away in Tehran and shook windows in many towns in the area, leading some Iranian to believe that and Israeli or American attack on Iran’s nuclear facilities had began (for more on the Alghadir explosion, see this report in the not-always-reliable Debka. “May there be more like it,” Israeli defense minister Ehud Barak said obliquely when asked last Sunday about the explosion).

For a good discussion of Israel cyberwar efforts, see Eli Lake, “Israel’s Secret Iran Attack Plan: Electronic Warfare,” Daily Beast (16 November 2011)

Note that the Mossad’s killing of Moghaddam was a coup equal in its audacity and operational brilliance to the killing of Hezbollah’s military leader Imad Moughnia in Damascus in February 2008. Both stayed out of the public eye and were surrounded by very tight security (the New York Times reports that “Because of his important role, General Moghaddam had one of the strongest protection details in the country, and it was supervised by Ayatollah Khamenei”).

Most critical infrastructure is civilian, not military, and events in Springfield Illinois should give us a taste of what a cyber attack on civilian critical infrastructure can do.

At the beginning of November, a water pump in Springfield, Illinois burnt out and stopped functioning. The pump was destroyed after it was turned on and off repeatedly,