Digital Directorship – Cybersecurity: Air Force
Russian cyberattack “should wake us up,” former Air Force officer says
Source:Marketplace Tech March 26, 2018
By Molly Wood, Stephanie Hughes, and Shaheen Ainpour
Earlier this month, the Department of Homeland Security confirmed that Russian hackers have infiltrated the U.S. electric grid. That means they may have the ability to shut down major power plants. The targeted facilities included at least one nuclear power plant and other types of infrastructure as well. Marketplace Tech host Molly Wood spoke with former U.S. Air Force Maj. Gen. Robert Latiff about the strategy behind the attacks. The following is an edited transcript of their conversation.
Robert Latiff: Their goal is to demonstrate that they can. I don’t think the goal of another country would actually be to take down the U.S. system; that clearly would be an act of war, but to demonstrate that they can is very important.
Molly Wood: Why is that?
Latiff: It’s all about power struggles. Reportedly, we might have had something to do with the Stuxnet virus that infected the Iranian centrifuges back in 2010, I believe it was. That sent a very powerful message to the rest of the world that the U.S. — if it was the U.S. — could do those kinds of things. So other countries want to send the same message to us.
Wood: It sounds like you’re describing what is almost like a Cold War type of back-and-forth of saber rattling. Should that worry those of us civilians?
Latiff: It should, in much the same way the old Cold War should have worried us. Mistaking something, mistaking an action on the part of your adversary, can be dangerous and catastrophic. But I wouldn’t be really alarmed by it. It should wake us up to doing a much better job of network defense.
Wood: When you look at the protection for infrastructure in the United States, do you feel like we are doing enough to prevent against these kinds of probes?
Latiff: I think the general answer to that is no. There are 16 — I wouldn’t even begin to list them — but there are 16 sectors that are considered to be critical infrastructure, and most of them have done an abysmal job of upgrading their systems because it’s expensive. It turns out that the manufacturing sector is the sector that has had the most attacks. Most people don’t think about that, but if you’re building an airplane and you’re off by a couple of millimeters on your weld, due perhaps to a cyber attack, that could have really bad consequences.
Wood: And should any of these attempts ever escalate to actual attacks, should we be in a situation where someone is perpetrating an act of war, how serious could it get when we talk about, let’s just say, the electrical grid?
Latiff: If they were to really press the attack, it could do a lot of damage. But one thing that is almost a positive is the age of our system and how it is sort of fragmented. We don’t have one monolithic power system in the United States. I think I’ve heard the number 3,000 different systems all tied together: different computer systems, different security measures and so on and so forth. So an attack might not take down the whole system. But if it took down a significant portion of it, trains would stop running, the switches would stop working, maybe trains would run into each other and water filtration and purification systems might stop. Hospitals can only stay on emergency power for so long, so people might die. There are all kinds of secondary and tertiary effects that could hurt people.