With hacking of U.S. utilities, Russia could move from cyberespionage toward cyberwar

Advanced adversaries
In July the Center for Cyber and Homeland Security at George Washington University, where we serve, hosted a forum on protecting energy infrastructure. At that event, a Duke Energy Corporation executive reported that in 2017, the company experienced over 650 million attempts to intrude into their system. That number is startling, though hard to contextualize. More generally, however, some efforts directed against the United States are extremely sophisticated.

Federal officials have said that starting in 2016, continuing in 2017 and likely still ongoing, Russian government attacks took advantage of trusting relationships between key vendors of services related to equipment and operations for utility companies. Compromising the vendors’ computers was the first step toward breaching the security of systems not directly connected to the internet.

It’s not just electric utilities – crucial though they are to almost every aspect of modern society. The Russian intrusion targeted computerized industrial control systems that are at the beating hearts of every part of critical public and private infrastructure, including water, energy, telecommunications and manufacturing. In the United States, more than 85 percent of those critical potential targets are owned and operated by private companies. Once considered safely on home soil far from conflict, these firms are now at the center of the international cyberspace battleground.

Setting up defenses
The energy industry has invested heavily in protecting itself, and is leveraging a sector-wide collaboration called the Electricity Information Sharing and Analysis Center to communicate between companies about warnings and threats to grid operations. But the task is too great – and the consequences to public health and safety too severe – for private companies to handle the burden on their own. As a result, the U.S. Department of Homeland Security has been investigating breaches like the Russian intrusions, and briefing industry leaders about what it finds.

For instance, the Wall Street Journal reported that DHS cybersecurity experts are “looking for evidence that the Russians are automating their attacks, which … could presage a large increase in hacking efforts.” That possibility, taken together with the energy-sector focus of the utility-hacking effort and the perpetrators’ interest in industrial control systems, could be a signal that Russia may be considering shifting from exploring U.S. utility systems to actually attacking them.

An upcoming meeting may deepen federal-corporate collaboration: On 31 July, the Department of Homeland Security is hosting a National Cybersecurity Summit to bring together government, industry and academic experts in protecting the country’s most important infrastructure. It will take all their efforts to keep up with the threats, particularly as the underlying techniques and technologies continue to evolve. The “internet of things,” for instance, connects physical devices in ways that merge the virtual world with the real one – making people only as safe as the weakest link in the network or supply chain.

The federal hint about identifying automated attacks offers a glimpse into the not-too-distant future. In 2017, Russian President Putin declared that “Whoever becomes the leader in [artificial intelligence] will become the ruler of the world.” In May 2018, Chinese President Xi Jinping told the Chinese Academies of Sciences and Engineering of his plan to make China “a world leader in science and technology,” which includes “integration of the internet, big data, and artificial intelligence with the real economy.”

Those statements, and the inexorable march of research and development, mean that machine learning – and ultimately quantum computing too – will play an increasing role in cyberespionage and cyberwarfare, as well as cybersecurity. The line between probing and attacking – and between defensive readiness and offensive preparation – may get even thinner.

Frank J. Cilluffo is Director, Center for Cyber and Homeland Security, George Washington University. Sharon L. Cardash is Associate Director, Center for Cyber and Homeland Security, George Washington University. This article is published courtesy of The Conversation.