Cyber Threats to the US Power Grid

Every day billions of activities from across multiple digital platforms must be monitored and checked by cyber security experts working to protect the US power grid from cyber attack. 24 hours a day, workers must monitor electronic messages from both within the state owned power utilities themselves and from the outside.

The IT infrastructure of the power grid makes for a prime target for potential attackers, and the ability to generate widescale physical world consequences through penetrating power companies’ systems makes for an enticing hack to some “threat actors”. TVA, Tennessee Valley Authority, for example, operates 29 power-generating dams, seven nuclear reactors and maintains multiple connections to the Oak Ridge nuclear weapons production arsenal. These factors cause it to be regarded as amongst the most prime targets for cyber terrorists.

Andrea Brackett, director of TVA’s Cybersecurity group, says this federal utility company has adequate protection.

“There are all kinds of threat actors that attempt to test us on a daily basis, but I think we are in a really great spot with all kinds of layering of defenses to make sure that we’re protecting our operational assets from different types of cyber attacks that could happen, whether that is from the internet or internally from within TVA,” she said. “We’ve not had any events that have impacted our operational capability.”

But in the climate following recent hacks into Equifax and Yahoo, cyber crime seems to be a looming threat, with the energy sector regarded as a sort of pinnacle for those with cyber terror ambitions.

Homeland Security Secretary Kirstjen Nielsen believes we are in fact in something of a “crisis mode” with respect to cybersecurity.

“Cyber threats now represent a greater threat to the United States than physical threats,” Nielsen recently warned. “Our digital enemies are taking advantage of all of us. They are exploiting our open society to steal, to manipulate, to intimidate, to coerce, to disrupt and to undermine.”

Each day TVA alone watches as tens of thousands of attempts to hack into their networks are made. Many of these conducted by hostile nation states in an ongoing back and forth, testing the resilience and responsiveness of US cyber defense.

Ultimately the US will be forced to bring its infrastructure more and more into the age of the Internet and rely less on the mere antiquation of its machines as a defense, and as it does, external and internal threats alike will continue to test the security apparatus charged with protecting the grid. As it stands now, there are many other countries with newer infrastructure that may be easier to break into, although there are few prizes more enticing to cyber terrorists than the power grid of the US.

——————————————————————————————————————————————

Security Technology of South Texas is locally owned and operated out of San Antonio, Texas. We provide integration of security products and infrastructure for commercial scale projects in the South Texas area.

Call us today to set up a consultation, 24/7 210-446-4863 or email admin@gostst.com on our website

Surveillance Cameras’ Feeds Made Vulnerable Due to Bug: Zero-Day Exploits

Last month researchers from cybersecurity firm Digital Defense disclosed they had discovered a vulnerability in Nuuo NVRmini 2 Network Video Recorder firmware, basic software which is used in hundreds of thousands of IP surveillance cameras across the world.

The Linux-based software is used in a wide array of the company’s IP cameras, supports NAS storage and is capable of monitoring up to 64 live video channels. The bug centers around an unauthenticated remote buffer overflow security flaw which an attacker can exploit through executing arbitrary code on a system with root privileges. In addition to allowing a potential attacker to make use of the bug to access and modify video feeds and recordings from their cameras, the exploit also permits changing the configuration and settings of cameras.

This is achieved through “Overflowing of the stack variable, which is intended to hold the request data, results in the overwriting of stored return addresses, and with a properly crafted payload, can be leveraged to achieve arbitrary code execution,” Digital Defense said.

NVRmini 2 firmware prior to and including version 3.9.1 are vulnerable to this exploit, however Nuuo has responded to the discovery and has released a patch to resolve the issue.

So called zero-day exploits are some of the most damaging security flaws you can have in your security solution at large. These exploits or bugs are found in software from the day of its release onwards unless they are detected through chance or pro-active research into the software as described in the situation above. These exploits will be known only to potential attackers and the online communities they share this intel with up to that point, and a significant degree of damage and compromise can occur during that time period, up to and including the possible installation of backdoors unknown to the creators of the software and modification of source code if the exploit allows for that.

The zero in “zero-day” actually refers to the time at which the vendor of the software discovers the vulnerability. Up to that day the vulnerability would be referred to as a zero-day vulnerability, but after 30 days, a 30-day vulnerability and so on. It is during this time that the vendor will typically be working on a patch or workaround to mitigate the exploit, but depending on the specifics of the bug, potential attackers with knowledge of the bug may also be working on “counter patches” of their own.

A zero-day attack should always be considered a serious threat, and even after a patch has been developed, there is no guarantee that every user or even a majority will have installed the patch. Those who write malware have several different attack vectors available to them to exploit zero-day vulnerabilities, from executing malicious code exploiting web browsers to email attachments containing malicious code via SMTP.

In the context of the security industry, these types of exploits can have potentially devastating consequences. As we trust in the convenience and technical superiority of IP cameras and access control systems, it is critical to use reputable vendors and an integrator with the response time to manage and respond to crisis events.

——————————————————————————————————————————————

Security Technology of South Texas is locally owned and operated out of San Antonio, Texas. We provide integration of security products and infrastructure for commercial scale projects in the South Texas area.

Call us today to set up a consultation, 24/7 210-446-4863 or email admin@gostst.com on our website