If no nation has been yet hit with an attack by hackers on its infrastructure, it’s only been because cyber-terrorists have been too busy carrying out “showplace” attacks that draw major headlines, said international Internet security expert, Eugene Kaspersky. Speaking at the close of the Cybertech 2014 Conference in Tel Aviv Tuesday, Kaspersky said that it was just a matter of time before such attacks became prevalent.
“The only reason that cyber-sabotage of this type hasn’t yet taken off is because terrorists are not so bright,” said Kaspersky. “They still aren’t in this game of targeting infrastructure, but they are learning.” As proof, Kaspersky cited a little-reported incident that took place in Brazil in 2008. “Criminals there hacked power plants to extort money from the utilities and the government,” he said. “I don’t have any details about what happened, as they were keeping the incident very quiet. But we will soon be seeing terrorists, criminals, and even cyber-mercenaries – hackers who are hired by organizations for their skills – carrying out these kinds of attacks.”
Yiftach Ron-Tal, Chairman of the Board of Directors of the Israel Electric Company, could supply Kaspersky with some stories. “Hezbollah-style terrorism by Hassan Nasrallah and Grad missile attacks are out; cyber-attacks are in,” said Ron-Tal. “We are getting hit with tens of thousands of penetration attempts daily, hundreds of thousands monthly. Can you believe that?”
Ron-Tal was speaking at the came cyber-defense technology conference, describing the ways the IEC ensures the security of Israel’s energy infrastructure. “The strategic goal would be to continue operating electricity systems with a very definite emphasis on priorities,” he said. “The IEC invests many resources to work on all these things and more. As the years pass, due to accumulated experience, we have become professionals and experts in a field that renews itself and also changes every day. This is a real challenge.”
In the past, Ron-Tal said, security was a zero-sum game. In war, “the contact line was very clear, the victories were very clear. In the end, there’s one who falls and one who remains standing.” Cyber-war was different, he said. “As terror develops, the wars are dirtier, and the borders and contact lines are more blurred. A situation of winners and losers doesn’t exist anymore; there is a situation of weakening systems, which are harder to operate. They are damaged, but they are not defeated.”
Among the strategies the IEC employs to protect Israel’s electrical infrastructure, in collaboration with the Institute for Counter-Terrorism of the Herzliya Interdisciplinary Center, is a simulator called a “CyberGym.” This tool is a controlled environment designed to duplicate real-world conditions in which hackers might try to break into the IEC’s system. As part of the program, hackers — the “good guy” kind — employ various exploits and manipulations in order to get into the IEC’s systems, ensuring that, if there are any holes in the system, the IEC can get to them first and patch them up before an enemy hacker group does.
The facility is unique in that it is not a run of the mill simulator, but a real-life mirror of what actually transpires on the IEC systems. It allows teams to experience and react in real-time to the consequences of a cyber-attack on sensitive infrastructure installations.
And even a single breach could topple the system, said Ron-Tal. “The electricity chain is comprised of generation, transmission, and distribution and it is customary to think that it is the generation sector which is the most vulnerable and has the most impact in the event of damage.” With 200 different sites around the country, there is plenty of opportunity for hackers to cause plenty of damage, he added.
Vigilance, hard work – and especially top skills – are the only weapons that will ensure that the lights stay on, said Ron-Tal. “The world, the State of Israel and the electricity sector are in an era where cybernetic threats on communication infrastructures are ever increasing. I attach great importance to training future generations. As Chairman of the Board of the IEC, I can testify to the abilities we are developing in the field of cybernetics which places us in the forefront of this sophisticated and complex arena. The IEC is, no doubt, one of the better companies in the country and in the world with the best professionals, skilled to learn and to teach,” he added.