As the holiday season gathers steam, we traditionally pause to take stock of our many blessings. This year we can find one in the just released U.S. National Security Strategy.  It appears we’ve won the war on climate change, and climate change is no longer a national security threat, so a long winter’s nap should be marginally easier to come by.  However, the strategy does recognize the growing threat from cyber weapons, and the evidence of that threat is abundant.

CSO online just issued its security predictions for 2018, and predictably, it forecasts ever increasing state sponsored cyber attacks.  As the article notes, “The usual suspects for state-sponsored attacks — North Korea, Iran, and Russia — don’t have much to lose by continuing their attempts to extort, steal, spy and disrupt by infiltrating information systems. All are already heavily sanctioned, and the consequences — at least those we know about — in response to state-sponsored attacks have been minimal.” Their forecast is consistent with the outlook of Experian, which pointed to critical infrastructure as a sector where breach activity by nation states is likely to rise.

How timely then that FireEye just announced that Schneider Electric SC had just received a lump of coal in its business stocking. Schneider provides safety technology, and one of its products, Triconex, is widely used in the energy industry, including at nuclear facilities, and oil and gas plants. The breach victim is said to be in the Middle East, and some cyber experts suggest Iran had sponsored an attack on Saudi Arabia, which, if true, would hardly be shocking news. More importantly, this seems to be the first report of a safety system cyber breach at an industrial plant. This offers a new front in cyber warfare, because by compromising a safety system, hackers could destroy the ability of an industrial plant to identify an attack or limit the damage.

This comes as security experts are closely watching developments in the Ukraine, where the holiday season in recent years has been marked by significant attacks on their power grid. Officials from other nations have been studying the attacks on the Ukraine to determine what additional safety measures need to be employed to lessen the vulnerability of power grids around the world. It’s fair to say that if Ukraine is again victimized the repercussions will ripple widely. When we say we hope your holiday season is warm and bright this year, we really mean it.

By Tom Davis, SDI Cyber Risk Practice

December 19, 2017