General Keith Alexander, the former head of the National Security Agency (NSA), is concerned that the United States’ energy infrastructure is vulnerable to targeted attacks launched by sophisticated actors.
“The greatest risk is a catastrophic attack on the energy infrastructure. We are not prepared for that,” he said.
According to General Alexander, the West’s “doomsday” scenario involves a coordinated attack against American critical energy infrastructure, including oil refineries and power stations, as well as a simultaneous campaign against Western financial centers. Based on these threats, he feels the United States needs “an integrated air-defence system for the whole energy sector.” General Alexander listed five countries who are capable of conducting “cyber warfare,” which includes launching targeted attacks against other nations’ critical infrastructure: the United States, the United Kingdom, Israel, Russia, and Iran. Late last year, Michael Rogers, the current head of the NSA, testified that China is capable of launching targeted attacks that could cause “catastrophic failures” in the United States’ water systems and power grid. Though Chinese hackers continue to steal intellectual property from U.S. enterprises, the NSA does not see any indication that China would seek to undermine American energy infrastructure at this time. However, intelligence officials believe that Iran might show less restraint. A report by security firm Cylance Corp., for example, sheds light on a campaign called “Operation Cleaver” in which Iranian actors hacked U.S. military computer systems as well as government networks in 15 other countries. General Alexander also believes that hackers aligned with or inspired by the Islamic State increasingly pose a threat to U.S. energy infrastructure. Just this year, ISIS supporters have hacked the United States Central Command’s social media accounts, a series of French municipality websites shortly following the Charlie Hebdo terrorist attacks, a number of American-based websites owned by small businesses, and most recently the social media accounts and website of French television network TV5MONDE. President Obama commented back in January that the CENTCOM hack illustrates “how much more work we need to do -- both public and private sector -- to strengthen our cybersecurity.” To read more about what types of security vulnerabilities affect the United States power grid, which includes some recommendations for what U.S. utilities companies can do to meet these threats, please click here.
Achieving Resilience with NERC CIP
Explore the critical role of cybersecurity in protecting national Bulk Electric Systems. Tripwire's NERC CIP Solution Suite offers advanced tools for continuous monitoring and automation solutions, ensuring compliance with evolving standards and enhancing overall security resilience.