SAN FRANCISCO — When Telvent, a company that monitors utilities, water treatment plants and more than half the oil and gas pipelines in North America, discovered last September that the Chinese had hacked into its computer systems, it immediately shut down remote access to its clients’ systems to ensure that no outsider could seize control of them.
Company officials and United States intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?
Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs in the system so they could cut off energy supplies and shut down the power grid if the US and China ever confronted each other in the Pacific? Or, were the hackers just trolling for industrial secrets, trying to rip off the technology and passing it along to China’s own energy companies?
To some, it is prime evidence of the threat that President Barack Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems”.
But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.
US intelligence officials believe the greater danger to the nation’s infrastructure may not even be China but Iran, because of its avowal to retaliate for the Stuxnet virus created by the US and Israel and unleashed on one of its nuclear sites.
While the skills of Iran’s newly created “cybercorps” are in doubt, Iranian hackers gained some respect in the technology community when they brought down 30,000 computers belonging to Saudi Aramco, the world’s largest oil producer, last August, replacing their contents with an image of a burning American flag.
But a new National Intelligence Estimate — a classified document that has not yet been published within the government, but copies of which are circulating for final comments — identifies Iran as one of the other actors besides China who would benefit from the ability to shut down parts of the American economy. Unlike the Chinese, the Iranians have no investments in the US.
The intelligence experts believe the primary reason China is deterred from conducting an attack on US infrastructure is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.
Some 198 attacks on the nation’s critical infrastructure systems were reported to the Department of Homeland Security last year, a 52 per cent increase from the number of attacks in 2011.
Mr Obama is calling anew for legislation to protect those systems. Last year, his administration’s cyber-security legislation was killed by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.
The administration, however, has, so far, failed to convince Congress that the first line of defence to avert catastrophic cyber attack is to require private industry — which controls the mobile phone networks and financial and power systems that are the primary target of infrastructure attacks — to build robust defences.
“We are in a race against time,” Mr Michael Chertoff, the former Secretary of Homeland Security, said at a security conference last week.
“Most of the infrastructure is in private hands ... We’re going to have to enlist a large number of independent actors.” The New York Times.
To US, Iran may be a bigger hacking threat than China | TODAYonline
Company officials and United States intelligence agencies then grappled with a fundamental question: Why had the Chinese done it?
Was the People’s Liberation Army, which is suspected of being behind the hacking group, trying to plant bugs in the system so they could cut off energy supplies and shut down the power grid if the US and China ever confronted each other in the Pacific? Or, were the hackers just trolling for industrial secrets, trying to rip off the technology and passing it along to China’s own energy companies?
To some, it is prime evidence of the threat that President Barack Obama highlighted in his State of the Union address, when he warned that “our enemies are also seeking the ability to sabotage our power grid, our financial institutions, our air traffic control systems”.
But the security breach of Telvent, which the Chinese government has denied, also raises questions of whether those fears may be somewhat overblown, or whether the precise nature of the threat has been misunderstood.
US intelligence officials believe the greater danger to the nation’s infrastructure may not even be China but Iran, because of its avowal to retaliate for the Stuxnet virus created by the US and Israel and unleashed on one of its nuclear sites.
While the skills of Iran’s newly created “cybercorps” are in doubt, Iranian hackers gained some respect in the technology community when they brought down 30,000 computers belonging to Saudi Aramco, the world’s largest oil producer, last August, replacing their contents with an image of a burning American flag.
But a new National Intelligence Estimate — a classified document that has not yet been published within the government, but copies of which are circulating for final comments — identifies Iran as one of the other actors besides China who would benefit from the ability to shut down parts of the American economy. Unlike the Chinese, the Iranians have no investments in the US.
The intelligence experts believe the primary reason China is deterred from conducting an attack on US infrastructure is the simple economic fact that anything that hurts America’s financial markets or transportation systems would also have consequences for its own economy.
Some 198 attacks on the nation’s critical infrastructure systems were reported to the Department of Homeland Security last year, a 52 per cent increase from the number of attacks in 2011.
Mr Obama is calling anew for legislation to protect those systems. Last year, his administration’s cyber-security legislation was killed by a Republican filibuster after intensive lobbying by the Chamber of Commerce and other business groups.
The administration, however, has, so far, failed to convince Congress that the first line of defence to avert catastrophic cyber attack is to require private industry — which controls the mobile phone networks and financial and power systems that are the primary target of infrastructure attacks — to build robust defences.
“We are in a race against time,” Mr Michael Chertoff, the former Secretary of Homeland Security, said at a security conference last week.
“Most of the infrastructure is in private hands ... We’re going to have to enlist a large number of independent actors.” The New York Times.
To US, Iran may be a bigger hacking threat than China | TODAYonline
