Cyber war stakes rising

U.S. intelligence officials have warned as nation-sponsored cyber warfare goes mainstream this year, attacks on U.S. installations and institutions could result not just in damage and theft but in fatalities.


ISS SourceU.S. intelligence officials have warned as nation-sponsored cyber warfare goes mainstream this year, attacks on U.S. installations and institutions could result not just in damage and theft but in fatalities.

They believe fatalities could occur and “that is the best estimate at this point,” said the former senior intelligence official.

Currently 12 of the world’s 15 largest military powers are building cyber warfare programs, these intelligence sources told ISSSource, adding the number of intrusions and attacks has increased dramatically over the last several years.

U.S. security researchers have warned because of vulnerability in the firmware, attackers could tap into Voice over IP (VoIP) products from Cisco and other manufacturers. The research at Columbia Engineering – funded by U.S. military research arm, the Defense Advanced Research Projects Agency (DARPA) found the flaw affected all 14 of Cisco’s Unified IP Phone models that are used in government departments and corporations around the world. Equipment from other manufacturers could also be vulnerable.

By inserting malware into handsets the researchers said they could start eavesdropping on private conversations, “not just on the phone but also in the phone’s surroundings. It’s not just Cisco phones that are at risk. All VoIP phones are particularly problematic since they are everywhere and reveal our private communications,” said project leader, Professor Salvatore Stolfo.

Last year, cyber attacks at the Iranian government were uncovered and Iran retaliated with “denial of service” attacks at U.S. banks and Saudi oil companies that are continuing today. Over 10 U.S. banks were under cyber attack by Iranian hackers for over a week, interrupting service. Just Tuesday, Wells Fargo may have also been the victim of a sophisticated campaign of distributed denial-of-service (DDoS) attacks. Other victims included Bank of America, PNC, BB&T, JPMorgan Chase and others.

In addition, ISSSource reported Iran intensified its attempt to push forward its cyber war capabilities with a six-month rash of virus attacks that culminated with its hackers disabling 30,000 computers at Saudi Aramco, the world’s largest oil corporation, this past August, computer and intelligence experts said.

The attack took place August 15, when a malware weapon took down at least 30,000 of the company’s computers, said Jim Lewis, a computer expert at the Center for Strategic and International Studies (CSIS) in Washington. While Aramco officials said production did not suffer from the attack, sources have said it is hard to believe they did not have production issues.

Two former senior CIA officials first alerted ISSSource the culprit in the attack was Iran working with personnel inside the Aramco’s computer center. They said the Saudi regime is investigating the attack and is arresting suspects like operating staff, janitors, office people, and cargo handlers.

CIA sources said at the time attack was the work of a disgruntled Shiite insider (or insiders) that had full access to the system.

The U.S. is not alone in suffering attacks as a Syrian government backed hacker group is now attacking Saudi government websites, particularly focusing on the Saudi Ministry of Defense. Several of the Saudi sites are down. The Syrian Electronic Army is carrying out direction from Syrian intelligence in retaliating against the Saudis for support to the Syrian opposition forces, including Jihadis who have been effective in fighting Bashar al Assad’s rule.

The Christian Scientist Monitor today published a list of damaging cyber events including:

  • Cyber espionage that’s intended to scoop up industrial secrets alone costs U.S. companies as much as $400 billion annually, some researchers estimate. Much of that comes over the long term, as stolen proprietary data give firms in other nations, such as China, a leg up by slashing research-and-development costs.
  • The volume of malicious software targeting U.S. computers and networks has more than tripled since 2009, according to a 2011 report by the director of national intelligence. Reports in 2012 corroborate that upward trend.
  • Ransomware netted cybercriminals $5 million last year, by some estimates. Smart-phone and other mobile cyber vulnerabilities nearly doubled from 2010 to 2011, according to the cyber security firm Symantec.
  • The Pentagon continues to report more than 3 million cyber attacks of various kinds each year on its 15,000 computer networks.

Defense contractors such as Lockheed Martin have become key targets as well, the report continued. At a November news conference, Chandra McMahon, Lockheed vice president and chief information security officer, said 20% of all threats aimed at the company’s networks were sophisticated, targeted attacks by a nation or a group trying to steal data or harm operations.

As ISSSource reported last week, U.S. builders of America’s most advanced combat aircraft, the F-35 Joint Strike Fighter, are still frantically rushing to put in place cutting edge technology that would secure the aircraft’s avionics from Chinese hacker attacks. The Chinese got hold of the plans three years ago.

In addition, three years ago, the same hackers who are part of a military cyber group, also stole plans for the F-22 combat aircraft. Both planes are advanced stealth aircraft and considered the most advanced and the most expensive in the world.

The former senior U.S. intelligence official said the major U.S. contractors of the plane never thought of designing countermeasures that would act to repel China’s extensive hacking programs, and he said the security equipment was never installed. China, who has issued vehement non-denials about the event, long ago created groups of military cyber hackers to pillage intellectual property and military technology. Those units often employed logic bombs and other devices whose purpose is the unauthorized seizure of classified U.S. military or commercial technology.

The initial breach occurred when Chinese hackers penetrated the vulnerable computers of British Aerospace (BAE) and the intrusion was done with such skill the Chinese ended up monitoring online meetings and technical discussions of the plane. The attack on BAE lasted 18 months before anyone found out about it. After the breach occurred, officials halted the program, and then restarted with work on the new expensive security system still ongoing, said former U.S. intelligence officials.

The hackers behind the cyber attacks on major U.S. banks have repeatedly disrupted online banking by using sophisticated and diverse tools that point to a carefully coordinated campaign, security researchers said.

The hackers, believed to be activists in the Middle East, were highly knowledgeable about the defensive equipment used by the banks and likely spent months on reconnaissance, said researchers in a Reuters report, who viewed the assaults as among the strongest and most complex the world has seen to date.

Researchers said the hackers used botnets, which are inexpensive to rent for short periods. What made these botnets much more powerful was they were made up of Web servers and not just personal computers.

Topping the mounting list of concerns, though, is the accelerating pace of cyber attacks on the computerized industrial control systems that run the power grid, chemical plants, and other critical infrastructure.

Richard Sale was United Press International’s Intelligence Correspondent for 10 years and the Middle East Times, a publication of UPI. He is the author of Clinton’s Secret Wars and Traitors.

Top Plant
The Top Plant program honors outstanding manufacturing facilities in North America.
Product of the Year
The Product of the Year program recognizes products newly released in the manufacturing industries.
System Integrator of the Year
Each year, a panel of Control Engineering and Plant Engineering editors and industry expert judges select the System Integrator of the Year Award winners in three categories.
September 2018
2018 Engineering Leaders under 40, Women in Engineering, Six ways to reduce waste in manufacturing, and Four robot implementation challenges.
GAMS preview, 2018 Mid-Year Report, EAM and Safety
June 2018
2018 Lubrication Guide, Motor and maintenance management, Control system migration
August 2018
SCADA standardization, capital expenditures, data-driven drilling and execution
June 2018
Machine learning, produced water benefits, programming cavity pumps
April 2018
ROVs, rigs, and the real time; wellsite valve manifolds; AI on a chip; analytics use for pipelines
Spring 2018
Burners for heat-treating furnaces, CHP, dryers, gas humidification, and more
August 2018
Choosing an automation controller, Lean manufacturing
September 2018
Effective process analytics; Four reasons why LTE networks are not IIoT ready

Annual Salary Survey

After two years of economic concerns, manufacturing leaders once again have homed in on the single biggest issue facing their operations:

It's the workers—or more specifically, the lack of workers.

The 2017 Plant Engineering Salary Survey looks at not just what plant managers make, but what they think. As they look across their plants today, plant managers say they don’t have the operational depth to take on the new technologies and new challenges of global manufacturing.

Read more: 2017 Salary Survey

The Maintenance and Reliability Coach's blog
Maintenance and reliability tips and best practices from the maintenance and reliability coaches at Allied Reliability Group.
One Voice for Manufacturing
The One Voice for Manufacturing blog reports on federal public policy issues impacting the manufacturing sector. One Voice is a joint effort by the National Tooling and Machining...
The Maintenance and Reliability Professionals Blog
The Society for Maintenance and Reliability Professionals an organization devoted...
Machine Safety
Join this ongoing discussion of machine guarding topics, including solutions assessments, regulatory compliance, gap analysis...
Research Analyst Blog
IMS Research, recently acquired by IHS Inc., is a leading independent supplier of market research and consultancy to the global electronics industry.
Marshall on Maintenance
Maintenance is not optional in manufacturing. It’s a profit center, driving productivity and uptime while reducing overall repair costs.
Lachance on CMMS
The Lachance on CMMS blog is about current maintenance topics. Blogger Paul Lachance is president and chief technology officer for Smartware Group.
Material Handling
This digital report explains how everything from conveyors and robots to automatic picking systems and digital orders have evolved to keep pace with the speed of change in the supply chain.
Electrical Safety Update
This digital report explains how plant engineers need to take greater care when it comes to electrical safety incidents on the plant floor.
IIoT: Machines, Equipment, & Asset Management
Articles in this digital report highlight technologies that enable Industrial Internet of Things, IIoT-related products and strategies.
Randy Steele
Maintenance Manager; California Oils Corp.
Matthew J. Woo, PE, RCDD, LEED AP BD+C
Associate, Electrical Engineering; Wood Harbinger
Randy Oliver
Control Systems Engineer; Robert Bosch Corp.
Data Centers: Impacts of Climate and Cooling Technology
This course focuses on climate analysis, appropriateness of cooling system selection, and combining cooling systems.
Safety First: Arc Flash 101
This course will help identify and reveal electrical hazards and identify the solutions to implementing and maintaining a safe work environment.
Critical Power: Hospital Electrical Systems
This course explains how maintaining power and communication systems through emergency power-generation systems is critical.
Design of Safe and Reliable Hydraulic Systems for Subsea Applications
This eGuide explains how the operation of hydraulic systems for subsea applications requires the user to consider additional aspects because of the unique conditions that apply to the setting
click me