France-based Schneider Electric became the latest utility company to succumb to a ransomware attack on January 17, when some of its business divisions serving several critical industries were taken down. Although access to the system was eventually re-opened on January 31st, the incident underlines the growing seriousness of cyber-attacks aimed at the West’s critical infrastructure. Schnieder Electric has an annual turnover of over 42 billion and employs over 150,000 people.
The ransomware attack on Schneider Electric coincides with news that, in the US, the Federal Bureau of Investigation (FBI) has recently neutralized a botnet controlled by a Chinese threat group. The White House had previously authorized the FBI to take down the botnet after federal agencies and private sector researchers had accused cyberespionage gang Volt Typhoon of a major campaign aimed at a wide range of the US’s critical infrastructure.
One of Volt Typhoon botnet’s targets was critical infrastructure on the island of Guam, which lies close to Taiwan. It was feared a successful cyber-attack might be used to disrupt US military capabilities in the South Seas in the event of a confrontation with China, given the latter’s territorial ambitions there. The takedown of the Chinese botnet is also a validation of the FBI’s new strategy of enlisting the help of the private sector in countering China’s use of the latest technologies to attack critical infrastructure in the US, which it announced last June following unprecedented US losses of US$10 billion in the previous 12 months to cybercrime.
White House teams with private sector in cyber-war
Therefore, a series of meetings were recently held between the White House and technology industry representatives such as telecommunications and cloud computing companies. The US government asked for help tracking Volt Typhoon’s activities in order to leapfrog the CCP’s current cyber-espionage capability. But, although the FBI’s recent botnet victory may be a validation of its new strategy, it does little to alleviate long-term concerns about the security of America’s critical infrastructure. The US government is now taking the threat of a nationwide cyber-attack very seriously and some defense sources are already talking about re-introducing ‘air-gapping ‘of some critical facilities; i.e. taking them completely offline.
The reason that critical infrastructure such as power facilities have become such relatively easy targets for potentially hostile powers is the hitherto seemingly inevitable convergence of traditional operational technology (OT) systems converging with modern IT systems that are connected to the internet. However, the resulting efficiencies and cost-saving from this convergence must now be weighed against the vulnerabilities exposed in modern IT systems.
Supply-chain attacks, thousands of unvetted suppliers, and a huge number of potential outside entry nodes can endanger the security of any critical infrastructure. The US is now increasingly concerned that this vulnerability might be exploited by a hostile power to distract America’s attention from conflict elsewhere by causing chaos and suffering across the US. One strategy that will be center stage in future national security discussions will be the option of ‘air-gapping’ critical facilities, particularly where highly critical infrastructure such as nuclear facilities are concerned.
