It’s Fourth of July week, the week where we celebrate our freedom. But there’s a new threat to America’s critical infrastructure that could disrupt and impact our American way of life.
For the past several months, federal and state agencies have been quietly working to protect critical infrastructure, such as power facilities, transportation networks, and our financial services systems. This infrastructure is the backbone of our economy, security, and health. It’s the power we use in our homes, our drinking water, the transportation that moves us, and the communication systems we rely on to manage our finances and health. The idea of a cyber-attack on that critical infrastructure is scary. Even scarier—an attack may be imminent.
Consider the history of attacks. In 2012, there were 82 known attacks on our energy sector, including seven chemical plants, six nuclear plants, and 29 water systems. In December 2014, hackers gained access to a steel plant in Germany. The hackers got into the office network using social engineering. Once inside, they made their way into the production network where their actions created outages in control components and production machines. These outages prevented the plant from shutting down its blast furnace and damaged the plant. The hackers not only had cybersecurity skills but also understood industrial controls systems.
Several other German companies have been targeted by cyber espionage as well. Also in December 2014, designs and manuals of plant equipment owned by Korea Hydro and Nuclear Power Co were put online by an anonymous source; even more alarming, a threat was made demanding that people stay away from the three nuclear reactors. Other incidents include malware targeting Middle Eastern petrochemical companies and a Chinese hacker accessing systems that regulate the flow of natural gas in the United States.
Just last week, a government report stated that major cyber-attacks on our national power grids are increasing. Hackers are trying to compromise our grid, resulting in a regional or nationwide power outage, and the National Security Agency (NSA) has seen intrusions into our water systems.
Federal agencies such as the Department of Energy and the Department of Homeland Security have been collaborating with many Michigan companies to improve our resilience to attacks on critical infrastructure in Michigan. Under the leadership of Governor Snyder and Chief Information Officer and Department of Technology, Management (DTMB), and Budget Director David Behen, Michigan has deployed a number of public-private programs to respond to a regional cyber-attack, including:
- Michigan Cyber Disruption Response Strategy — This document was published in 2013 to protect Michigan’s critical infrastructure and systems. The document was developed by a diverse team from public and private entities including the state of Michigan – DTMB, Michigan State Police, Michigan Oakland County, National Guard, BCBS of Michigan, Borg Warner, Penske, DTE Energy, Consumers Energy, Beaumont Health System, Spectrum Health, and Plante Moran.
- Michigan Cyber Civilian Corps (MiC3) — This is the only cyber civilian corps in the nation. MiC3 is a group of trained cyber experts who volunteer to provide assistance to protect and recover from a cyber-attack on our critical infrastructure. This team includes volunteers from government, education, and major corporations across Michigan. If you are interested in joining this team, please see www.micybercorps.org.
July Fourth is a day of outdoor grilling, fireworks, and family and friends. Casting a shadow over that celebration, however, is an ever-looming enemy targeting our critical infrastructure. Still, we can take comfort in the fact that our government is taking proactive strides to protect us. Yet another reason to be grateful as we celebrate our freedom.