back to the Eurescom home page

 

 

mess@ge home

Table of contents
of the current issue

Selected Highlights
An overview on
ICT and critical
infra
structure protection

 

Wireless sensor
and actuator net-
works for critical
infrastructure
protection

 

Protection of elec-trical energy
distribution
infrastructures -
The example of
EDP

 

Interview with
Aurelio Blanquet

 

Monitoring
drinking water
pipelines

 

Critical infra-
structures in
emergencies

 

The new dimension of cyber attacks

Why critical infrastructures need better protection

Heinz Brüggemann

Heinz Brüggemann
Celtic Office
brueggemann@celticplus.eu

In mid 2010, the computer worm “Stuxnet” infiltrated the control systems of a nuclear uranium enrichment plant in Iran. Only recently it became clear that this highly sophisticated worm was in fact a novel cyber-attack weapon. Reportedly, it destroyed around 1,000 centrifuges, delaying the Iranian nuclear programme by months, if not years. The “success” of Stuxnet, which is said to be already available at the underground community, has further spurred the development of better targeted, smarter and untraceable versions of new “digital explosives”.

Worms which directly attack critical infrastructures by trying to destroy sensitive system parts are not completely new. New are the dimensions and the possible degree of devastations and the sophistication of these new weapons. We have to seriously re-think, if all of our critical systems are still sufficiently secured and which additional, even radical, security protection measures we may need to consider.

Rethinking cyber-attack protection

Even the most serious cyber attacks known before Stuxnet, like the distributed denial of service (DDoS) attacks on Estonia in 2007, where nearly the whole banking sector was threatened, had still only a limited potential of real destruction. Despite their economic impact, these attacks were not really threatening whole industries, countries, or large groups of people.

Stuxnet, however, was new and different considering its aggressive destruction potential. The Russian NATO diplomat Dmitry Rogozin recently mentioned that Stuxnet already had the potential to blow up the Iranian nuclear plant in Bushehr – with a chance to cause a second Chernobyl. Are we ready to imagine the impact, if control systems of nuclear power plants, of chemical plants, or of airplanes will be targeted? This could go far beyond the recent concerted computer hacking attacks, which were targeting financial markets and carbon trading registries.

It is estimated that in around 140 countries several hundred thousands of highly skilled experts – in China alone 50,000 to 100,000 – are working on the development of new cyber weapons or the protection against them. If these numbers are correct, it is almost certain that we will soon see many more attacks of much more sophisticated cyber weapons.

We have to be prepared to give up some comfort and commodities, and we have to investigate how vulnerable systems could be better protected.

Consider also radical security solutions

One option to be seriously considered is disconnecting crucial systems from the Net. This sounds like a naďve idea, completely against the current trend of connecting more systems to an even faster Internet. However, experts, like Sandro Gaycken from the University of Stuttgart, promote this idea very strongly. According to Mr Gaycken, we may not have real alternatives to this approach. He said that the US government just released parts of a ‘Comprehensive National Cybersecurity Initiative’ (CNCI), where plans are described to drastically reduce existing connectivity between state organisations and external networks. Mr Gaycken has no doubts that this will have a serious impact on the functionality and will require a large redesign of complex systems.

Disconnecting critical systems and infrastructures from the Net may not be enough though. Stuxnet infected the system via a prepared USB stick without a connected network. German and British police and security experts are also particularly afraid of internal attackers, people working at the sites and with the targeted systems who have access to infiltrate prepared worms – maybe even unintentionally – via software or firmware “updates”. It may, therefore, become necessary to protect the controlling systems from hostile take-over by considering additional means. This could be done by immediately switching a system to an emergency operation mode once unusual system values or behaviours are detected. Updates should always be first tested on stand-by systems before they are installed at the operating systems. We should, however, have no illusions: any system can be compromised. We can only try to make attacks as difficult as possible and stay always vigilant and responsive.

Another option currently discussed is a “kill-switch” for the Internet. It would allow to immediately and widely switch off the Internet in case of massive attacks. However, recent developments during the protests in Egypt and attempts by other authoritarian states raise serious concerns that such a switch could effectively be used also for other purposes to control or prevent information flow between people and turn down riots or unrests.

Conclusion

Even if Europe and many other states have started to develop strategies against severe cyber attacks, the likely dimensions and the urgency for effective and immediately available protection mechanisms may still be underestimated. A lot of effort is currently devoted to design the future, faster, more versatile Internet. Yet it is not fully clear, if really new, far better concepts than today will be considered. They will be a must, as security attacks, including cyber espionage, are increasing to inacceptable numbers.

Providers of services and networks as well as ICT manufacturers should establish closer cooperation activities with the European Network and Information Security Agency (ENISA), which has recently completed its first pan-European cyber security exercise “Cyber Europe 2010” with success. In addition, dedicated research and strategy programmes may be considered that focus on a reliable and flexible protection of the ICT infrastructure against possible cyber attacks.

Please send us your comments on this article.