Hacking Attacks on Infrastructure: Easier and Multiplying

It’s getting much simpler and more common, and that’s what makes it scary. 

The Associated Press reports new details revealed about a computer attack that crippled an Iranian nuclear plant last year point to an uncomfortable and emerging truth: laying siege to an integral part of a country’s infrastructure is easier than we thought.

Equally alarming: the number of attacks is growing at a fast rate. According to AP, the Idaho National Laboratory, an organization that works to protect critical U.S. infrastructure like power grids and water systems, has seen attacks triple this year alone.

Recently recreated in computer labs with anemic funding, limited time and skills, an attack like the one in Iran doesn’t have to be carried out by an elite cyber force, as was originally assumed. Security researcher Dillon Beresford said it took him two months and $20,000 to take control of a system like the Iranian facility.

“What all this is saying is you don’t have to be a nation-state to do this stuff,” industrial control system expert Joe Weiss told AP. “That’s very scary.”

In fact, code from the same Stuxnet worm that was used to disable the Iranian facility is popping up on other places — suggesting the people behind it may still be active.

From AP:

“It is an alarming development that shows how technical advances are eroding the barrier that has long prevented computer assaults from leaping from the digital to the physical world.

The techniques demonstrated in recent months highlight the danger to operators of power plants, water systems and other critical infrastructure around the world.”

Prisons and other large-scale facilities with digitally automated physical systems could be added to that list.