When Hamas rained rockets on Israel in 2012 and again in 2014, the country was able to prevent widespread casualties and damage by activating the Iron Dome system, which intercepted and destroyed rockets fired at Israeli population centers and industrial areas. But rockets aren’t the only threat, or even the main threat. Experts are examining ways to find and foil enemy cyber-attacks against the country’s infrastructure, attacks that are already taking place in the tens of thousands.
The brains behind Iron Dome have given some thought to this problem as well. On Tuesday, the Israel Electric Company (IEC) unveiled its Information Grid, a system designed to keep an eye on electricity data flows, helping to ensure that nothing is amiss in how power is being deployed. The Grid was designed by IEC professionals, together with developers from mPrest Systems, the company that supplied much of the technology for Iron Dome. The system was presented for the first time Tuesday at the Homeland Security Conference taking place in Tel Aviv this week.
In a recent talk, Eugene Kaspersky, one of the deans of the cyber-security business, said that while hackers were currently using their talents to steal money, for the most part, sabotage of infrastructure – like electrical grids – was a major threat to governments around the world.
Kaspersky is the head of the cyber-security firm that bears his name. Among his accomplishments was disclosure of the existence of the Stuxnet malware in 2012. The virus attacked Iranian nuclear facilities, by hitting the PLC (programmable logic control) automation systems that control them. More than one analyst has attributed the creation and deployment of Stuxnet to Israeli engineers. Israel, as expected, denies any involvement.
But if Stuxnet was unique and exceptional just two years ago, it’s just another run-of-the-mill attack program now. Over the past several years, there’s been an explosion in the development of malware to attack infrastructure, SCADA systems, the automated low-level computer systems that control machinery, transportation systems, gas stations, utility systems, security installations – and electrical grids.
“We’ve seen numerous cases of attacks on industrial infrastructure – Stuxnet was far from the only one,” said Kaspersky. “There is an international army consisting of tens of thousands of engineers out there developing SCADA malware. One day, a terrorist organization is going to get the bright idea to acquire one of these tools and deploy it to make their ideological point. If it hasn’t happened yet, it’s just a matter of time until it does.”
Hoping to avoid a situation in which Israelis are victims of an “ideological point” made by Hamas or another terrorist group, the IEC partnered with a subsidiary of mPrest Systems, called mPrest Electric, which was a member of the IEC’s KARAT Incubator. Drawing on the tech used by mPrest to design and operate Iron Dome, the companies designed the Information Grid, which checks the flow of electricity to ensure that lines are not overloaded, and that electricity “viruses” — attacks on specific sections of the grid – don’t spread, allowing administrators to quickly identify suspicious activity and isolate it.
As with Iron Dome, the key to the Grid’s capabilities is the creation of specific rules that quickly deploy resources and issue commands on the grid in response to ever-changing circumstances. The heart of the Grid is a command and control system similar to the one that controls Iron Dome. When an attack is detected – if a SCADA system that is controlling electrical flow starts acting “funny,” for example – the Grid will notice it right away, and it will automatically shut off connections to the substation or segment of the system that has been compromised, preventing further damage and allowing security personnel to better track the source of the attack.
The system allows integration and control in real-time of thousands of sensors, which are installed at about 300 different sites in Israel. The sensors measure a wide variety of data, which flows into the Grid and is analyzed in real time. The Grid is based on a unique architecture which allows the integration of an infinite number of systems and assets, with no limitation on the number of links or data, said the IEC, and it can also handle additional information from a wide variety of legacy programs that measure and record data.
To ensure full preparedness, the Grid prepares potential problem scenarios based on permutations of the data, providing daily “what if” scenarios and solutions based on the trends it discovers in the electrical system.
According to Yiftach Ron-Tal, chairman of the board of directors of the Israel Electric Company, “Hezbollah-style terrorism and Grad missile attacks are out; cyber-attacks are in. We are getting hit with tens of thousands of penetration attempts daily, hundreds of thousands monthly. The world, the state of Israel and the electricity sector are in an era where cybernetic threats on communication infrastructures are ever increasing. I attach great importance to training future generations. As chairman of the board of the IEC, I can testify to the abilities we are developing in the field of cybernetics which places us in the forefront of this sophisticated and complex arena.”