The Washington Free Beacon is not known for its moderate views – it is, after all, “Dedicated to uncovering the stories that the professional left hopes will never see the light of day.” Nevertheless, the story it broke Wednesday certainly ruffled a few feathers. A recent cyber intrusion into a sensitive infrastructure database has been traced to the Chinese government, and “is raising new concerns that China is preparing to conduct a future cyber attack against the national electrical power grid,” it claimed.
The report goes on to quote Michelle Van Cleave, former National Counterintelligence Executive: “Van Cleave said the intrusion appears to be part of an effort to collect “vulnerability and targeting data” for future cyber or military attacks.”
That the intrusion happened is without question; but where it originated is unconfirmed. Yesterday, Tripwire commented, “It has been mentioned in the media that U.S. officials have made claims tracing the attack to the Chinese government, but no additional information has been provided regarding these statements.” However, any breach into any database related to the critical infrastructure needs to be taken seriously.
Tripwire researcher Ken Westin told Computerworld that the data in the database on its own would unlikely pose a threat, but when combined with other data, “could help attackers piece together a comprehensive understanding of potential weaknesses in U.S. dams.” A spokesman for the U.S. Army Corps of Engineers, however, downplayed the incident, claiming the breach poses no threat to public safety nor the critical infrastructure.
A spokesperson for the US Army Corps of Engineers said: "The unauthorized access occurred, was discovered and immediately revoked in January." Few details are available other than that an unauthorized person was granted access, which has since been revoked. It could simply be a case of social engineering persuading an administrator to provide logon details to someone pretending to be a sub-contractor. Who that person is, who he pretended to be, and what information may have been compromised is not yet known.
It may turn out that no harm has been done by this incursion. The problem, however, is that it happened at all; and the simple reality is that critical infrastructures need to be better protected than they are. “This latest breach of the U.S. Army Corps of Engineers’ National Inventory of Dams is another loud siren warning critical infrastructure (CI) companies as well as the government that cyber threats to the CI are real and that security standards must be established, followed and enforced to protect our country,” explained Lila Kee, board member of the north American Energy Standard Board (NAESB) and chief product and marketing officer at GlobalSign.