Two events in May that warrant attention from information security analysts include the court appearance of alleged LulzSec hacker Ryan Cleary in the UK and the NATO summit in Chicago (the G8 meeting originally set to take place in the city has since been moved to Camp David).
Upcoming Events Related to Hacktivist Groups
Keep an eye on other forewarned attacks or future events related to hacker groups by setting up a Recorded Future email alert on the subject.
[Excerpt from "Criminals, Hacktivists, and Nation States"originally posted on Adriana Dvorsak's New Solutions blog hosted at Euractiv. Thanks to Adriana for permitting us to share her work here on Analysis Intelligence.]
…these individuals are not susceptible to international law, for example to Geneva conventions which professional soldiers must follow. In addition these individuals are not familiar with military ethics, laws of neutrality, might not have clear intent, do not follow the rules of hierarchical organization. Individuals can be persecuted under national criminal law, therefore we can understand police pushing for change in criminal law to cover more cyber security threats.
Recent Hacktivist Actors and Targets
You may easily manipulate Recorded Future application to get data on longer time line, on different type of events or look at them in a neat interactive Google Earth view. I came across different actors, for example hacktivists, patriot hackers, online activists, organized cyber crime, terrorist organizations, and other autonomous actors and it seems to me that individuals became very important for cyber security. Diverse as they are, they can not be called a military and they will hardly take part in a classical armed conflict where one military confronts another. But they are so important that militaries hire them and even offer them to NATO as national cyber troops. Well, Romanian hacktivists apparently disagreed with such a side job.
The post can be read in full at Euractiv.
We’ll be hosting a webinar with security expert Jeffrey Carr where we’ll demonstrate how Recorded Future can be used to gather cyber intelligence from open source.
Date: Tuesday, January 31, 2012
Time: 11am Eastern; 8am Pacific
Duration: 1 Hour
Topics we’ll cover include:
Timeline of the evolution of the RQ-170
Above is a timeline of the evolution of the RQ-170 Sentinel aircraft. At least one analyst speculated in December 2009 that the aircraft could be used to fly over Iranian airspace:
“Experts such as Phil Finnegan, a UAV analyst at the Teal Group, an aerospace consulting firm, suggest [Beast's] stealth capabilities are being used to fly in nearby countries. Neighboring Iran has an air force and air defense system that would require stealth technology to penetrate”
And there is one emerging cyber warfare technology could make the RQ-170 an attractive platform for launching electronic attacks into Iran. A January 2011 Wired article discussed the introduction of a new Navy jamming aircraft with the capability of launching cyber attacks on ground targets using on-board components. The article then speculated that the RQ-170 could become a stealth platform for launching stealth cyber attacks on Iranian infrastructure and other hostile targets:
“Hints that air-launched cyberattacks could shut down industrial (and nuclear) operations could explain why the Air Force has been flying stealthy RQ-170 drones near Iran. The NGJ could expand on that apparent capability”
From the timeline, we see that the drone’s capture may “provide little intelligence to Iran”. It seems that the Iranians will have difficulty extracting any data from the aircraft and that, “it is unlikely that Iran would be able to recover any surveillance data from the aircraft”. This is in line with reports we found from other analysts suggesting that the situation, “isn’t nearly as big an intelligence loss as the media and some pundits are making it out to be”. One takeaway quote from the article mentions that the drone would have failed eventually:
That one of many drones dedicated to collecting intelligence over Iran has fallen into Iranian hands is also expected given the law of averages. Drones crash at rates higher than manned aircraft for any number of reasons, including due to human error, incorrect information, network interference, system failure, weather, or being shot down. As a former official warned: “It was never a matter of whether we were going to lose one but when”
The fascinating point here is that Sweetman predicted this event in 2009. At that time, he also hypothesized that this would not be much of an intelligence loss. In an article to Aviation Week called “Stealth over Afghanistan”, he indicated that the RQ-170 designers may have avoided using, “’highly sensitive technologies due to the near certainty of eventual operational loss inherent with a single engine design and a desire to avoid the risk of compromising leading edge technology”. This prediction is in accordance with some of the analyses we have seen about the loss.
So what is the real danger presented by the loss of the RQ-170? News sources have cited foreign reverse-engineering as the number one threat: “Chinese or Russian access to the drone is a much greater concern than a possible Iranian effort to reverse-engineer the RQ-170”. The timeline above related to future implications of the loss tells us that we should, “look for the RQ-170 copy at the Zhuhai [air show] next year” in China. The compromise and subsequent reverse-engineering of stealth technology by foreign powers has a storied history. The U2 spyplane, F-117 Nighthawk, and a mysterious stealth copter used in the Osama Bin Laden raid were all compromised. In the recent Osama Bin Laden raid, Pakistan allowed the Chinese to examine and gather samples of the stealth aircraft. The loss of the RQ-170 drone will allow China and Russia more of an opportunity to peer into American stealth technology and incorporate it into their own military hardware.
Smart grid technology is poised to take the power infrastructure market by storm in the coming decade. The industry in the US is expected to grow from $5.6 billion in 2010 to $9.6 billion by 2015. The US government made an initial $3.6 billion investment in 2009, and now many smart grid firms are showing signs of growth. Big companies like IBM and Lockheed Martin are scrambling to take advantage of this emerging market.
The appeal of the smart grid is its potential to greatly improve the efficiency and stability of the nation’s power infrastructure. For example, the smart grid can “self-heal,” so if a power station goes down in one region the system may be able to adapt and divert resources as needed. Another principle advantage of the smart grid is increased transparency between the customer and the utility, ideally allowing utilities to better manage peak loads and communicate with customers.
Let’s look at the progress. How has the industry fared within the past year?
Smart grid news over the past 12 months
Recorded Future’s sentiment analysis tool can provide immediate feedback on the health of an industry. In this case, we can see plenty of positive sentiment for the smart grid market, and we can also pick out favorable analyst quotations. Three analysts of note that discuss the US smart grid market:
As seen above, forecasts for the US smart grid market appear to be generally positive. Analysts like Lawrence Makovich seem more cynical than others about the smart grid’s transformative powers, but even he is cautiously optimistic.
International Outlook
The international market for smart grid technology in the future appears to be even more explosive than in the United States.
Future international market for smart grid technology
China is expected to be a major player in this area, investing around $100 billion into upgrading its power infrastructure . It also appears to have taken the lead in government spending on smart grid projects at $7.3 billion while several other nations in the region are expected to spend $28.8 billion on smart grid projects by 2017.
Security: The Achilles Heal
Although most analysts agree on the general short-term health of the industry, there are some signals that raise concern. Electric Light & Power indicates that the momentum of smart grid development declined in the first half of 2011, and the “weakest link in smart grid’s development has been the lack of attention to automating and modernizing the transmission and distribution network”, according to the smart grid blog Memoori.
However, the biggest risk and potentially limiting factor for progress toward widespread smart grid adoption is security. The smart grid market is serious business with potentially disastrous consequences if it is not implemented correctly. Rolf Adam of Cisco sums up the situation: “From an IT environment security perspective, it’s a nightmare”.
Evidence suggests that he isn’t the only one concerned as fear of an infrastructure attack is on the rise among business executives. In a survey conducted by McAfee, 40 percent of executives surveyed said that their company was not prepared for an attack.
The security of the smart grid is increasingly being brought into question
Over the past year, the security of the smart grid has increasingly been brought into question. The primary concern is that an attacker might be able to exploit vulnerabilities in the hyper-connected grid to cause mass blackouts. VentureBeat highlights why so many industry experts are concerned, “ increasing automation and communications within the electricity grid potentially has a dark side; increased vulnerability to attack.” Ironically, as the grid gets smarter it becomes less secure.
Is anything being done to combat this future threat? What is the biggest future security threat for the smart grid?
Long-term security threats facing the smart grid
The good news is that governments are aware of the problem and resources are being mobilized to combat it. A report by Pike Research, “anticipates that government and regulatory compliance will drive substantial investment in smart grid cyber security”. The group also expects the smart grid cyber security market to reach $3.7 billion by 2015.
Will billions of dollars in cyber security investment solve the problem? Perhaps not. It appears that the biggest problem facing the power grid is non-technical in nature. According to one former government official, “Ninety to 95 percent of the people working on the smart grid are not concerned about security and only see it as a last box they have to check”.
If no one cares about security, it is reasonable to conclude that the system will not be secure, and the New York Times recently highlighted this same point when it said that, “utilities are very reluctant to share information about security vulnerabilities due to liability issues”. It appears that utilities are not encouraging a culture of security around the smart grid. As a result, this could have disastrous consequences for the long-term future of the smart grid.
Conclusion
The smart grid market is a potentially lucrative space, and both the US and international markets are expected to grow substantially over the next decade. Yet, the security concerns are significant enough that they can be expected to slow down progress.
Are you following the smart grid market? Interested in the future of Advanced Metering Infrastructure (AMI) or Meter Data Management (MDM)? Take a look below and see what future projects these companies are working on.
Advanced Metering Infrastructure (AMI):
Analytics:
Demand Response:
Meter Data Management (MDM):
Personal Energy Management (PEM):
Threats surfaced this week from supposed members of hacktivist group Anonymous about plans destroy Facebook on November 5. The claims sparked a variety of commentary about the validity of the individuals’ legitimacy, true affiliations, and capability to carry out such an attack.
While we can’t clear up any of those uncertainties, the reporting does present an opportunity to look forward over the rest of the year in an effort to identify predicted or speculative events that might indicate threat of cyber attacks. We’ve compiled future events for a group of entities related to hacker organizations for viewing on a timeline below to identify potential dates of interest:
Rest of the year related to major hacktivist groups - Click for live view
While these points in time don’t necessitate a disturbance, it’s worth keeping them in sight for risk analysis purposes. This seems especially true given that Anonymous has not been shy about announcing ahead of time their intentions to attack government web properties. This is evidenced by several cases this year in which statements were made prior to targeting sites belonging to Iran, UK, and New Zealand.
Want to follow along with the news? Visit the current results and select “Create Future” to keep tabs on events predicted for the rest of this year related to Anonymous, LulzSec, hackers and more.
