Cyberspace is now recognized as a critical domain of operations by the U.S. military and its protection is a national security issue.
We live in a wired world. Companies and countries rely on cyberspace for everything from financial transactions to the movement of military forces. Computer code blurs the line between the cyber and physical world and connects millions of objects to the Internet or private networks. Electric firms rely on industrial control systems to provide power to the grid. Shipping managers use satellites and the Internet to track freighters as they pass through global sea lanes, and the U.S. military relies on secure networks and data to carry out its missions.
Cyberwarfare is “actions by a nation-state to penetrate another nation’s computers or networks for the purposes of causing damage or disruption.”
State and non-state actors (See China’s cyber threat actors) conduct cyber operations to achieve a variety of political, economic, or military objectives. In conducting their operations, they may strike at a nation’s values as well as its interests or purposes. As one example, in November, 2014, likely in retaliation for the planned release of a satirical film, North Korea conducted a cyberattack against Sony Pictures Entertainment, rendering thousands of Sony computers inoperable and breaching Sony’s confidential business information. In addition to the destructive nature of the attacks, North Korea stole digital copies of a number of unreleased movies, as well as thousands of documents containing sensitive data regarding celebrities, Sony employees, and Sony’s business operations. North Korea accompanied their cyberattacks with coercion, intimidation, and the threat of terrorism. The North Korean attack on Sony was one of the most destructive cyberattacks on a U.S. entity to date. The attack further spurred an already ongoing national discussion about the nature of the cyber threat and the need for improved cybersecurity.
The increased use of cyberattacks as a political instrument reflects a dangerous trend in international relations. Vulnerable data systems present state and non-state actors with an enticing opportunity to strike the United States and its interests. During a conflict, the Defense Department assumes that a potential adversary will seek to target U.S. or allied critical infrastructure and military networks to gain a strategic advantage. Beyond the attacks described above, a sophisticated actor could target an industrial control system (ICS) on a public utility to affect public safety, or enter a network to manipulate health records to affect an individual’s well-being. A disruptive, manipulative, or destructive cyberattack could present a significant risk to U.S. economic and national security if lives are lost, property destroyed, policy objectives harmed, or economic interests affected.
Espionage & National Security Breaches
Cyberwarfare consists of many different threats: The United States Director of National Intelligence, James R. Clapper divides these into cyber espionage and cyberattacks, the latter of which he defines as the top security threat to the United States.
Cyber espionage is the act or practice of obtaining secrets (sensitive, proprietary or classified information) from individuals, competitors, rivals, groups, governments and enemies also for military, political, or economic advantage using illegal exploitation methods on internet, networks, software and or computers. Classified information that is not handled securely can be intercepted and even modified, making espionage possible from the other side of the world. Specific attacks on the United States have been given codenames like Titan Rain and Moonlight Maze. General Alexander notes that the recently established Cyber Command is currently trying to determine whether such activities as commercial espionage or theft of intellectual property are criminal activities or actual “breaches of national security.”
“Titan Rain was most likely the result of Chinese military hackers attempting to gather information on U.S. systems.”
Cyberattack is any type of offensive maneuver employed by individuals or whole organizations that targets computer information systems, infrastructures, computer networks, and/or personal computer devices by various means of malicious acts usually originating from an anonymous source that either steals, alters, or destroys a specified target by hacking into a susceptible system.
Cyberattacks can range from installing spyware on a PC to attempts to destroy the infrastructure of entire nations. Cyber-attacks have become increasingly sophisticated and dangerous as the Stuxnet worm recently demonstrated.
Industrial Control Systems & Critical Infrastructure
The U.S. critical infrastructure is often referred to as a “system of systems” because of the interdependencies that exist between its various industrial sectors as well as interconnections between business partners. Critical infrastructures are highly interconnected and mutually dependent in complex ways, both physically and through a host of information and communications technologies. An incident in one infrastructure can directly and indirectly affect other infrastructures through cascading and escalating failures.
Industrial control systems (ICS) include supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as skid-mounted Programmable Logic Controllers (PLC). ICS are typically used in industries such as electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods.) SCADA systems are generally used to control dispersed assets using centralized data acquisition and supervisory control. DCS are generally used to control production systems within a local area such as a factory using supervisory and regulatory control. PLCs are generally used for discrete control for specific applications and generally provide regulatory control. These control systems are vital to the operation of the U.S. critical infrastructures that are often highly interconnected and mutually dependent systems.
Many of today’s ICS evolved from the insertion of IT capabilities into existing physical systems, often replacing or supplementing physical control mechanisms. For example, embedded digital controls replaced analog mechanical controls in rotating machines and engines. Improvements in cost-and performance have encouraged this evolution, resulting in many of today’s “smart” technologies such as the smart electric grid, smart transportation, smart buildings, and smart manufacturing. While this increases the connectivity and criticality of these systems, it also creates a greater need for their adaptability, resilience, safety, and security.
An example of a potential ICS target is the electric power grid. The federal government of the United States admits that the electric power grid is susceptible to cyberwarfare.
Both the electrical power transmission and distribution grid industries use geographically distributed SCADA control technology to operate highly interconnected and dynamic systems consisting of thousands of public and private utilities and rural cooperatives for supplying electricity to end users. Some SCADA systems monitor and control electricity distribution by collecting data from and issuing commands to geographically remote field control stations from a centralized location. SCADA systems are also used to monitor and control water, oil and natural gas distribution, including pipelines, ships, trucks, and rail systems, as well as wastewater collection systems. SCADA systems and DCS are often networked together. This is the case for electric power control centers and electric power generation facilities. Although the electric power generation facility operation is controlled by a DCS, the DCS must communicate with the SCADA system to coordinate production output with transmission and distribution demands.
Electric power is often thought to be one of the most prevalent sources of disruptions of interdependent critical infrastructures. As an example, a cascading failure can be initiated by a disruption of the microwave communications network used for an electric power transmission SCADA system. The lack of monitoring and control capabilities could cause a large generating unit to be taken offline, an event that would lead to loss of power at a transmission substation. This loss could cause a major imbalance, triggering a cascading failure across the power grid. This could result in large area blackouts that could potentially affect oil and natural gas production, refinery operations, water treatment systems, wastewater collection systems, and pipeline transport systems that rely on the grid for electric power.
The United States Department of Homeland Security works with industry to identify vulnerabilities and to help industry enhance the security of control system networks. The federal government is also working to ensure that security is built in as the next generation of “smart grid” networks are developed.