Iran and the Specter of State-Sponsored Hacking: Where is the Concern?

Iranian hackers have caused hundreds of millions of dollars in damage over the past two years, according to a recent study by Microsoft. They have targeted hundreds of companies through a variety of means, including phishing campaigns and DNS hijacking. By stealing corporate secrets, disrupting operations, and co-opting digital property, the hackers have wreaked havoc and caused tremendous financial loss.

While the President of the United States continues to push for a physical wall along the Mexican border, steadily mounting evidence continues to clamor for a virtual one. State-sponsored hackers from China, Russia, and Iran have made off with intellectual property, planted malware on our critical infrastructures, and stolen personal identities. By stealing our innovations, disrupting our civilization-sustaining systems, and compromising our personal accounts, foreign state-sponsored hackers seriously threaten our society with a multi-pronged assault.

Take, for example, the electric power grid. An electric utility system is a geographically expansive network of power generators, power consumers, and transmission lines. Transmission lines carry power from where it is produced to where it is needed. Electric power follows the laws of physics in flowing along paths of least resistance. Devices called relays control whether a transmission line is in service and connects two points, or is out of service and isolates them. Relays can be set manually to disconnect two points, perhaps because the utility needs to perform maintenance. Or a relay might act automatically as it detects that too much power is flowing along a particular path and so trips the circuit much like a fuse or circuit breaker in your house opens to prevent damage downstream.

When a transmission line is tripped out of service, the power that it had been carrying redistributes to other circuits, changing how much they carry. If the redistributed power causes other transmission lines to trip open because their ratings, too, are now exceeded, power must then redistribute again onto the remaining transmission lines. This can cause further overloads and, eventually, a brownout or blackout, in which not enough power can arrive from distant generation to meet local demand because too many connecting transmission lines have tripped open.

State-sponsored hackers have made inroads on our electrical grid and other critical infrastructures. Let’s consider how an attack might proceed against the power grid. A utility system operator receives a phishing email that contains a link to a website that distributes malware. The operator clicks on the link, and malware installs on his machine. Once installed, it runs a scan of all devices connected to the network to identify open ports and the software services running on them. The malware detects a relay with an open port that allows a telnet connection, and it uses that hole to log into the relay and change its settings. Specifically, it changes its settings to trip the transmission line it controls at a much lower power level than usual, one that current conditions are sure to exceed. Once the change is made, the relay detects erroneously, according the to hacker’s new setting, that its transmission line is overloaded. The transmission line opens, and the power it had been carrying redistributes to neighboring transmission lines. If enough power redistributes to other lines, it will cause them to overload and open, too, disconnecting one region of the grid from another. This will interrupt the flow of power from where it is generated to where it is needed, and a blackout, a costly and potentially life-threatening disruption, will ensue.

Russia, China, and Iran have mobilized their elite hacking teams against our mission-critical systems, including our national power grid. The fact that the current Administration spends so much time, energy, and money fighting for a medieval security technology against people on foot when the consequences of a far more imminent and fast-spreading invasion are so much more severe is confounding at best. As we have seen, it would not be that hard to compromise our electrical grid and other critical infrastructures. So, where is the sense of urgency?

My hunch is that the Trump Administration has done the political calculus and has surmised (A) that the Trump base doesn’t appreciate the extent of the cyber threat; (B) that the Trump base sees immigration of “the other” as far more of a threat to national security than faceless hackers from faraway lands attacking our critical systems in incomprehensible ways; or (C) most worryingly, that our current cyber defense is not up to the challenge, so it would be politically foolish to take on a battle we can’t win, even though we have to win it.

I sure hope it’s not C. Ignorance and racism are complicating annoyances that poison our politics. Lack of preparedness, on the other hand, would spell our doom. We must stop playing around with concrete blocks and steel slats and focus instead on threats that spread at the speed of light.

About Ray Klump

Professor and chair of Mathematics and Computer Science Director, Master of Science in Information Security Lewis University http://online.lewisu.edu/ms-information-security.asp, http://online.lewisu.edu/resource/engineering-technology/articles.asp, http://cs.lewisu.edu. You can find him on Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *