We just finished Fourth of July week, the week where we celebrate our freedom. But there’s a new threat to America’s critical infrastructure that could disrupt and impact our American way of life.
For the past several months, federal and state agencies have been quietly working to protect critical infrastructure, such as power facilities, transportation networks and our financial services systems. This infrastructure is the backbone of our economy, security and health. It’s the power we use in our homes, our drinking water, the transportation that moves us and the communication systems we rely on to manage our finances and health. The idea of a cyberattack on that critical infrastructure is scary. Even scarier: An attack may be imminent.
Consider the history of attacks. In 2012, there were 82 known attacks on our energy sector, including seven chemical plants, six nuclear plants and 29 water systems. In December 2014, hackers gained access to a steel plant in Germany. They got into the office network using social engineering. Once inside, they made their way into the production network, where their actions created outages in control components and production machines. These outages prevented the plant from shutting down its blast furnace and damaged the plant. The hackers not only had cybersecurity skills but also understood industrial control systems.
Several other German companies have been targeted by cyberespionage as well. Also in December 2014, designs and manuals of plant equipment owned by Korea Hydro & Nuclear Power Co. were put online by an anonymous source. Even more alarming, a threat was made demanding that people stay away from the three nuclear reactors.
Other incidents include malware targeting Middle Eastern petrochemical companies and a Chinese hacker accessing systems that regulate the flow of natural gas in the United States.
Just last month, a government report stated that major cyberattacks on our national power grids are increasing. Hackers are trying to compromise our grid, resulting in a regional or nationwide power outage, and the National Security Agency has seen intrusions into our water systems.
Federal agencies such as the Department of Energy and the Department of Homeland Security have been collaborating with many Michigan companies to improve our resilience to attacks on critical infrastructure in Michigan. Under the leadership of Gov. Rick Snyder and Chief Information Officer and Department of Technology, Management and Budget Director David Behen, Michigan has deployed a number of public-private programs to respond to a regional cyberattack, including:
1. Michigan Cyber Disruption Response Strategy: This document was published in 2013 to protect Michigan’s critical infrastructure and systems. The document was developed by a diverse team from public and private entities including the state of Michigan – DTMB, Michigan State Police, Oakland County, National Guard, Blue Cross Blue Shield of Michigan, BorgWarner, Penske Automotive, DTE Energy, Consumers Energy, Beaumont Health, Spectrum Health and Plante Moran.
2. Michigan Cyber Civilian Corps (MiC3) — This is the only cybercivilian corps in the nation. MiC3 is a group of trained cyberexperts who volunteer to provide assistance to protect and recover from a cyberattack on our critical infrastructure. This team includes volunteers from government, education and major corporations across Michigan. If you are interested in joining this team, please see micybercorps.org.
July 4 was a day of outdoor grilling, fireworks and family and friends. Casting a shadow over that celebration, however, is an ever-looming enemy targeting our critical infrastructure. Still, we can take comfort in the fact that our government is taking proactive strides to protect us. Yet another reason to be grateful as we celebrate our freedom.