Hacks, Hacks Everywhere: FERC, US Energy Grid, Atlanta Are All Targets

Like Amazon deliveries, cyber attacks keep showing up on a regular basis. In recent days: the US charged nine Iranian citizens with a state-sponsored attack against a range of companies and agencies, including the Federal Energy Regulatory Commission (FERC); the Trump administration blamed Russia for ongoing attempts to hack the US energy grid and other critical infrastructure; and key parts of Atlanta’s municipal computer system were knocked out by a ransomware attacker. Reports like these are becoming all too common.

State-Sponsored Attacks Warrant Concern

The first two raise serious red flags. State-sponsored attacks fall into the highest level of sophisticated cyber attacks. The hackers use the most advanced tools to break in, and with governments behind them they have nearly limitless resources to achieve their nefarious goals. Plus, they have the time to mount attacks over years if need be, probing on many fronts for the weak spots, and lurking in the background of computer systems or devices with almost undetected code. The Iranian attackers were said to have been operating from 2013 until the end of 2017, or roughly 4 years.

Hacking a federal agency or probing critical infrastructure poses dangerous threats. Messing with critical infrastructure can be viewed as an act of war, or a precursor to such hostilities. These types of attacks are not new, of course, and more than likely the US itself engages in these cyber techniques of probing and spying on friends and enemies on a regular basis. Experts warn that state-sponsored attacks are growing in scale, frequency, and sophistication, according to Leo Taddeo, chief information security officer at Cyxtera, a provider of infrastructure security solutions.

To Thwart Cyber Attacks, Cities Must Plan and Budget

Atlanta’s case is somewhat more benign. The attack kept some customers from paying bills, and residents were unable to access court-related information. As much as 4 days after the initial report of the attack the city’s servers were still struggling to enable online bill payments or the collection of fees. Moreover, the city had not said whether it would pay the ransom demand or not. For Atlanta, this cyber attack must sting, since it prides itself as a leading-edge smart city. Part of being on that leading edge, though, is accepting risks that come with newer technologies and learning hard lessons. The lesson here: make sure you plan and budget for the latest tools and best people to thwart cybercriminals, because this type of threat is not going away anytime soon.

These cyber attacks underscore the challenges of a connected Internet of Things (IoT) world. As governments, corporations, and utilities take advantage of IoT technologies, they must keep security measures at the forefront of all they do (see Guidehouse Insights’ report, Managing IoT Cybersecurity Threats in the Energy Cloud Ecosystem, for practical steps to reduce the risks posed by cyber attacks). A smart grid or a smart city looks rather dumb when the security piece gets short shrift.