Critical infrastructure vulnerable to hackers

Information about cyber attacks on critical infrastructure facilities and systems rarely becomes public domain. However, according to specialists, such incidents do occur. According to Alexei Lukatsky, a consultant on information security at Cisco Systems Russia, the CIA built a logic bomb in the software of one of the USSR's gas pipelines in 1982. Later in the decade an employee hacked software at one of the USSR’s nuclear power plants near the Baltic Sea that the reactor depended on to function. The most famous incident occurred in 2010, when the Stuxnet virus infected uranium enrichment installations in Iran. Later the Kaspersky Lab discovered traces of the same virus in the Russian Federal Space Agency and the Russian State Nuclear Corporation.

Experts think that Russia must strengthen its security at its most critical infrastructure sites. In April 2014 the State Duma was supposed to hold a discussion on the new bill concerning the security of critical information infrastructure, but it was postponed by legislators. Sources told RBTH that they hope the bill will be examined by the end of 2014.

No threats should be ignored

According to data from the Group-IB, in 2014 cyber criminals earned $289 million on Internet banking. This is lower than 2011 indicators when hackers stole $490 million. In the opinion of Sergei Nikitin, an expert from the Group-IB Cyber Security Company, "hackers are very materialistic and do not hack thermal or hydroelectric power stations or transportation systems." But Nikitin maintains that the threat of attacks on critical infrastructure objects should not be ignored.

Recently it was reported that the Malaysian Boeing 777, which disappeared in March without a trace from radar while flying from Kuala Lumpur to Beijing, vanished because a hacker had disconnected a system. Lukatsky believes that highly qualified hackers are capable of carrying out this type of disruption. "After September 11, a theory emerged that Al-Qaeda terrorists had gained access to flight management systems," says Lukatsky. "That is why the hijacked planes went unnoticed."

In the words of Sergei Gordeichik, deputy general director at Positive Technologies, there were cases in Russia in which separate critical infrastructure elements were infected with viruses, although they were less serious than 9/11.

The isolation of systems is a myth

Today more and more critical information infrastructure facilities, in the industrial, energy, transportation and healthcare sectors are being modernized and connected to external networks. Lukatsky believes that this increases the risks of cyber attacks. "The isolation of critical infrastructure is a myth," Lukatsky says. "In more than 50 percent of the cases these systems are connected to the Internet either directly or through a less vulnerable business network. Only nuclear power plant systems function in isolation. But they are not completely immune to viruses, which can enter, for example, through flashcards. Such an incident occurred at an American nuclear power plant in 2003."

Vsevolod Ivanov, deputy general director at InfoWatch, told RBTH that nuclear power plants have stringent protection standards for physical and information security. However, in his view, "the danger can arise if the malefactor is an employee at the plant and has authorized access."

Gordeichik said that according to company statistics the hacker can quickly access the internal network of the object that is connected to the Internet in 80 percent of cases. "In the last years we identified 200 vulnerabilities in the solutions of big producers such as Siemens, Schneider Electrics and Honeywell," Gordeichik said.

Russian cyber protection

There are only about 30 companies in the world that develop the means to protect critical infrastructure from cyber crimes. Several of them are Russian firms such as the Kaspersky Lab, Positive Technologies, InfoWatch and Group-IB.

Several years ago the Kaspersky Lab proposed the idea of a protected operational system for critically important facilities, but it was never realized at an industrial level. Positive Technologies developed a security scanner for detecting vulnerabilities in the critical infrastructure objects' operational systems.

InfoWatch carries out analyses of enterprise infrastructures in order to identify anomalies, including the identification of malicious software used for incapacitating critical infrastructure objects. According to Ivanov, this solution was developed at the National Research Nuclear University for energy sector enterprises. 

In order to identify problems in automated control systems that are connected to the Internet, Russian firms specializing in the fight against cyber crime are working with the world's leading companies. Among them are the Computer Emergency Response Team (CERT) and the European Network and Information Security Agency (ENISA).

All rights reserved by Rossiyskaya Gazeta.