Cybersecurity Update

March 14: 'Defend forward', Kaspersky Lab Q&A, SCADA

cyberSecurity
         update }

Welcome to cybersecurity update!

This week we're entering the top-secret realm of the military's U.S. Cyber Command as it brings energy companies into the fold to battle would-be hackers.

We also talked with Kaspersky Lab about cyber espionage and tech nationalism, and turned our viewfinder toward Venezuela's struggle to keep the lights on.

Feel free to send tips or feedback to blakesobczak@protonmail.com, and you can follow me on Twitter at @BlakeSobczak.

Thanks for reading!

— Blake Sobczak

(Want to receive these by email? Sign up here.)


Pentagon to utilities: Uncle Sam wants you

Walled off inside the National Security Agency complex in Fort Meade, Md., leaders of U.S. Cyber Command are preparing for digital combat against state-backed hackers targeting critical energy infrastructure.

The top-secret work comes after a decade of relentless probing by cyber units from Russia and China. And in a sharp departure from the past, Cybercom is recruiting U.S. energy companies as partners in a new strategy called "defend forward." It includes for the first time a commitment by the Pentagon to hit back at adversaries to block the most dangerous attacks before they're launched.

Read the complete story in Energywire.


Advertisement

Q & A
Anton Shingarev:
Defending Kaspersky's name
}

Kaspersky Lab's chief of public affairs and head of the CEO office weighs in on tech nationalism and comments on suspicions that the Moscow-based company has abetted Russian government spying. In one high-profile case, Kaspersky antivirus software detected classified malware on a National Security Agency employee's home computer.

Can you discuss that case?

It was reported by U.S. media that our product detected Equation [Group] on the computer and we took this sample. We didn't know the guy works at NSA, and this was his home computer where he developed NSA, super-confidential, classified operations. What we did is we took the malicious sample from the computer — and of course we did it because this is what any antivirus would do.

What's most often misunderstood about the way your products work?

Antivirus has deep privileges in the system because it needs this. So in many cases, people say, 'Oh, look, this antivirus has the right to take this malicious file and send it somewhere!' Well, of course it does, the same as Symantec or Trend Micro or McAfee ... from a technical point of view, there is no difference between us and all other antiviruses.

DHS banned U.S. government use of Kaspersky software in 2017. How has that affected your business?

The reputational damage is significant. It's very hard to estimate the cost.

It's pretty interesting that our results in other regions are actually growing, and this was my worry: How would it influence Europe? How would it influence the Middle East, Latin America, Asia-Pacific?

How do you view recent trends in "tech nationalism"?

Politicians have finally started to realize how we depend on technologies. They now understand that the internet is not just the place where you ask for advice on where to buy a new car. Factories are run with the help of the internet. People make decisions on elections based on what they see in social media. It concerns the most critical parts of national infrastructure.

And then the politicians realized that there is a whole new part of their internal infrastructure, which is not regulated, not controlled. They don't know how it works, they don't know who gets their data, they don't know how easy it is to protect, because in many cases it's kept in the hands of private companies.

Theoretically, the U.S. can afford to have its own American-based systems. But even America right now, in this interconnected world, cannot afford it. You never know where the infrastructure is based. Where is it assembled? Who develops the source code? How is it outsourced? And so on.

The interview has been edited and condensed for clarity.


Column: Blake's Take 

Crying cyber wolf

Venezuelan authorities raised eyebrows when they blamed a dayslong power outage on a U.S. cyberattack.

The blackout, which started Thursday and dragged into this week, compounded the dire humanitarian and economic crisis facing Venezuelans under autocrat Nicolás Maduro, who clings to power in a standoff with opposition leader Juan Guaidó.

Maduro tweeted Sunday that the country's power grid had been hit with "multiple cyberattacks." On Monday, he raised the specter of an all-out battle to wrest control from U.S. hackers.

The United States is an easy foil, of course. Years of documented corruption and mismanagement at Venezuela's energy companies challenge the integrity of Maduro's claim — to say the least.

Still, Venezuela isn't the first government to point the finger at U.S. hackers when the electricity goes out. In 2017, Turkey's energy minister blamed an "intense, U.S.-originated cyberattack" for sporadic outages in Istanbul.

Who knows? The hush-hush nature of grid cybersecurity lends itself to conspiratorial thinking and blockbuster accusations. The only known examples of cyberattacks that caused power outages happened in Ukraine.

Sure, American hackers know how to flex their muscles. The National Security Agency and even a U.S. electric utility executive have threatened retaliation against schemers trying to hack their way into our grid.

It's doubtful that Maduro had much of that in mind. For one, he's blamed saboteurs for power outages before. Secondly, he reflexively blames American imperialism for everything from Venezuela's runaway inflation to drug smuggling charges brought against two family members.

So the million-dollar question: Would the United States take down Venezuela's grid without being at war with the country? U.S. national security adviser John Bolton didn't exactly cool tensions when he insisted that "all options are on the table" with Venezuela this January. He held a notepad that read, "5,000 troops to Colombia."

So maybe, just maybe, despite all official protests and zero evidence that the United States has led grid cyberattacks in the past, U.S. operatives engaged in "technical and cybernetic sabotage" at a major hydroelectric plant, as one Venezuelan official put it.

Or maybe Venezuela's government just got tired of blaming possums for its long-running power woes.

— Blake Sobczak | @BlakeSobczak | blakesobczak@protonmail.com


News: Bits and Bytes 

Nuclear plant operators offer a rare glimpse into the hacking threat keeping them up at night. E&E News

The Energy Department is turning to the electricity industry for advice on what to do when the president declares a grid emergency. E&E News

President Trump is asking Congress to boost funding for the Energy Department's new cybersecurity office. E&E News

The Navy is "under cyber siege" by Chinese hackers and isn't sure what to do about it, according to an internal review. Wall Street Journal

Why Venezuela is struggling to restart its power grid. Wired


Term of the week: SCADA 

Supervisory control and data acquisition (SCADA) systems are computer networks designed to manage a big industrial process. This term is sometimes used interchangeably with industrial control systems but refers to a specific category of ICS, much like a sedan is one type of car.

SCADA systems can trade data and commands with PLCs — those hardy devices built for a specific job like moving a robot arm — which in turn stay in touch with sensors in the field, like tactile sensors from the arm's hand. SCADA systems operate long-distance electricity and natural gas transmission.


That's all for this week! If you missed it, read last week's update.

Want to receive E&E News cybersecurity update in your inbox? Sign up!

Advertisement

Advertisement

Latest Selected Headlines

More headlinesMore headlines

More headlinesMore headlines

More headlinesMore headlines

More headlinesMore headlines