How safe is the grid from cyberattacks?

The next major attack against the energy sector may be by a state actor, Graeber writes, and it may come from a computer.

Mark J. Terrill/AP/File
The Department of Homeland Security logo is reflected in the eyeglasses of a cybersecurity analyst at the watch and warning center of the Department of Homeland Security's secretive cyber defense facility in Idaho Falls, Idaho.

An annual index from IHS Jane's Terrorism and Insurgency Center said acts of violence committed by non-state actors since 2009 increased by more than 150 percent. But for Internet security company Kaspersky Lab, it may be a state actor that launches the next major attack against the energy sector and it may be from a computer.

Matthew Henman, manager of JTIC, said the Middle East was the "epicenter" of violence last year, though it spilled out of the region to endanger parts of Africa and South Asia.

"In 2009, a worldwide total of 7,217 attacks were recorded from open sources," he said. "In 2013, that number increased by more than 150 percent to 18,524." (Related Article: How Prepared is the Oil Industry for a Cyber War?)

But according to U.S. President Barack Obama, it's cybersecurity that's emerging as the next great threat to national security. 

"Cyberthreats pose one the gravest national security dangers that the United States faces," he said.

Last week, Kaspersky Lab said it uncovered a threat it called The Mask, describing it as one of the most advanced cyberespionage operations it's ever seen.

It warned the threat actor was likely from a Spanish-speaking part of the work and its target is usually oil and natural gas companies, or other high-profile victims.

"Several reasons make us believe this could be a nation-state sponsored campaign," warned Costin Raiu, director of global research for Kaspersky Lab.

Two years ago, the internet security company uncovered the Flame malware, which essentially rendered computers used in the Iranian energy sector useless. When it was discovered, Kaspersky said that was "the largest cyberweapon discovered to date."

But now there's The Mask. Flame forced Iran to disconnect its services from the main oil terminal on Kharg Island as a security precaution, but the government had its servers back up and running relatively quickly given the severity of the attack. Kaspersky warns The Mask, which it says has been around at least since 2007, has already targeted more than 1,000 IP addresses in 31 countries, including Iran, the United States and at least three European countries. (Related Article: Oil Explorers Beware: Hackers Are Eyeing What You Know)

President Obama unveiled a roadmap last week designed to protect the electrical grid, oil and gas distribution networks and other parts of the nation's critical infrastructure from a cyberattack. Last year, the Department of Defense said it was stepping up its effort to protect national interests from attacks originating in cyberspace. The level of protection, the Defense Department said, needs to be intense.

Recent extreme weather events this season have strained the nation's ability to keep the lights on and, with energy independence the new buzz word in energy security circles, protecting against cyberattacks may be the name of the 21st century game. U.S. Energy Secretary Ernest Moniz said protecting the energy sector was a "vital" national interest. The consequences of not acting, the Federal Energy Regulatory Commission warned, would be "devastating."

You've read  of  free articles. Subscribe to continue.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.