Homeland Security Cybersecurity

An Information Sharing and Analysis Center map, when active, would show the internet security threat level in the Department of Homeland Security's National Cybersecurity and Communications Integration Center (NCCIC) in Arlington, Va. The center serves as the hub for the federal government's cyber situational awareness, incident response, and management center for any malicious cyber activity. (AP Photo/Cliff Owen)

War always goes for the infrastructure: take out the bridges, cut off the electricity and water supplies. All that used to be done with artillery, tanks and bombs.

Going forward, it will be done by computers: Cyberwar.

Every day the early skirmishes — the tryout phase, if you will — are taking place. There are tens of thousands of probes of U.S. infrastructure by potential enemies, known and unknown, state and non-state. A few get through the defenses.

Jeremy Samide, chief executive officer of Stealthcare, a company that seeks to improve cyberdefenses for a diverse set of U.S. companies, sees the cyber battlefield starkly. He says the threat is very real; and he puts the threat of serious attack at 83 percent.

As Samide looks out across the United States from his base in Cleveland, he sees probes, the term of art for incoming cyberattacks, like an endless rain of arrows. Some, he says, will get through and the infrastructure is always at risk.

Director of National Intelligence Dan Coats issued a warning in July that the alarms for our digital infrastructure are “blinking.” He compared the situation to that in the country before the 9/11 terrorist attacks. The situation, he told the Hudson Institute in a speech, is “critical.” Coats singled out Russia as the most active of the probers of U.S. infrastructure.

A common scenario, Samide says, is that the electric grid is target one. But considerable devastation could come from attacking banking, communications, transportation or water supply.

Retired Army Gen. David Petraeus, a former director of the CIA and current chairman of KKR Global Institute, in an article co-authored with Kiran Sridhar and published in Politico on Sept. 5, urges the creation of a new government agency devoted to cybersecurity.

Samide and others endorse this and worry that the government has much vital material spread across many agencies and not coordinated. Behind Petraeus’s thinking is one of the lessons of 9/11: Government departments aren’t good at sharing information.

Conventional wisdom has it that the electric grid is super-vulnerable. But Politico’s cybersecurity reporter David Perera, who consulted experts on the feasibility of taking down the grid, somewhat demurs. In a Politico article, he concluded that the kind of national blackout often theorized isn’t possible because of the complexity of the engineering in the grid and its diversity.

The difficulty, according to Perera, is for the intruder to drill down into the computer-managed engineering systems of the grid and attack the programmable controllers — the devices that run things, like moving load, closing down a power plant or shutting off the fuel supply.

Perera’s article has been read by some as getting the utilities off the hook. But it doesn’t do that: Perera’s piece is not only well-researched and argued but also warns against complacency and ignoring the threat.

Samide warns against believing that all probes are equal in intent and purpose. He says there are various levels of probing from surveillance (checking on your operation) to reconnaissance (modeling your operation before a possible attack). Actual attacks, ranging from the political to the purely criminal, include ransomware attacks or the increasing cryptojacking in which a hacker hijacks a target’s processing power in order to mine cryptocurrency on the hacker’s behalf.

The threats are global and increasingly the attribution — the source of the attack — concealed. Other tactics, according to Samide, include misdirection: a classic espionage technique for diverting attention from the real aim of the attack.

The existential question is if cyberwar goes from low-grade to high-intensity, can we cope? And how effective are our countermeasures?

Today’s skirmishes are harbingers of the warfighting of the future.

Llewellyn King is executive producer and host of “White House Chronicle” on PBS. His email is llewellynking1@gmail.com. He wrote this for InsideSources.com.