Cybersecurity professionals know a myriad of ways hackers can try to wreak havoc on critical infrastructure or infiltrate corporations to steal or spy, but it is the fear of the unknown that some say keeps them up at night.
U.S. security officials and private sector experts wonder what kinds of time-bombs can be – or have been – embedded by malware into computer networks, just waiting to explode.
Cyber espionage is already “the greatest transfer of wealth in history,” National Security Agency Director Keith Alexander, the top U.S. general in charge of cybersecurity, told the Reuters Cybersecurity Summit in Washington this week.
“Disruptive and destructive attacks on our country will get worse,” he said. “Mark my words, it will get worse.”
Stealing software or money – like the $45 million lifted from two Middle Eastern banks in a daring global plot revealed this month – might pale next to an attack that could, for example, switch off the lights in a major U.S. city.
That was the fear in New Orleans in February when a power outage struck the Super Bowl, the National Football League’s championship game, witnessed by tens of millions of viewers. The outage was blamed on an electrical relay device not a cyber attack.
“The known unknown is what I worry about,” U.S. Secretary of Homeland Security Janet Napolitano told the Summit.
“For example, we don’t have the identity of all the adversaries who are trying to either commit crimes or acts over the cyber networks. The things we know about, we can deal with. It’s the known unknown,” she added.
The military is a big target, something that Rear Admiral William Leigher, who is in charge of “information dominance” with the U.S. Navy, takes on board.
“Our networks see thousands of intrusion attempts every day…staying up with the threat, making sure that our defensive systems are up to par is probably one of the things that gets most of my attention,” Leigher said.
(For a video on what keeps cybersecurity experts up at night, click on http://reut.rs/YXcifd)
To be sure, the United States has not suffered the kind of destructive cyber attack that damaged some 30,000 computers at Saudi Arabia’s oil company, Saudi Aramco, last year. But experts said they were worried about the increasingly sophisticated cyber capabilities of countries such as China, Russia and Iran.
“This new growing trend of nation states engaged in cyber attacks that are designed to be destructive to parts of the U.S. economy is very, very concerning,” said Mike Rogers, chairman of the U.S. House Intelligence Committee.
“The ferociousness of these attacks is increasing and it’s something that we better get a handle on,” Rogers added.
Dmitri Alperovitch, co-founder of Crowdstrike, a security technology specialist firm that works with governments and private companies, said he is most concerned about Iran, particularly if there is a spike in tensions in the Middle East.
He is watching the attacks that have taken down the websites of more than a dozen U.S. banks in the past nine months. There are no signs that hackers have managed to destroy or modify crucial financial data, but that is the fear.
“Attacks that focus on modifying data in the stealth way, sabotage, integrity attacks – those are the ones that are most insidious and those are the ones we really should worry about,” Alperovitch said.
The migration of ever more elements of the economy to the digital world opens the door to malfeasance.
“We keep hooking more and more stuff up to the Internet, so the attack surface keeps growing,” said Michael Daniel, cybersecurity policy coordinator at the White House. “Pretty soon your coffee maker and your refrigerator is going to be an attack vector because it’s going to be hooked up to the Internet.
(Reporting by Ros Krasny; Editing by Tiffany Wu and Leslie Gevirtz)