Long-predicted attacks against infrastructure control systems (SCADA) have arrived
, according to the CIA. Bejtlich
doubts its authenticity, but I have every reasons to believe it to be true for the following reasons:
- Bellovin correctly pointed out that maintaining the air gap between critical networks and non-critical networks is nearly impossible, making the likelihood that at least a few critical networks are somehow connected to the public internet extremely high. Information behaves like heat, in that it leaks out unless tightly constrained, like hot coffee in a dewar flask.
- My old business partner Ralph Logan was quoted in the article. Given the work we did together and the work that he does now, I consider him to be an absolute authority on the topic.
- The early monetization techniques employed by attackers whenever they discover a tool are usually extortion-related schemes. The first botnet business model was based upon DDoS extortion, where victims were taken off of the network if they didn't pay the attacker protection money. Here we have attackers demanding protection money in exchange for not taking down the power grid. Botnets evolved into spam and phishing engines. I am willing to bet that the next step in the racket will involve selling the attacks to nation states now that infrastructure attacks have been reduced to practice.