The Development of Infrastructure Attacks

Hacking and cybersecurity incidents can take on a character of great variation. Anything from a simple prank to a widespread shutdown of essential services is considered “hacking”. The field of cybersecurity can cover a very broad spectrum of activities. Essential services such as water, electricity, waste management, and climate control rely on computers and other digital devices that are connected to a network. In some cases, these services are connected directly to the internet. Because of this, there have been several attacks on essential infrastructure by hackers throughout time. This section will explore these incidents along with their historical impact.One of the most prominent examples of an attack on a power grid is the December 2015 Ukrainian power grid attacks. The attack began with a series of spear phishing emails. These are messages specifically tailored towards the target in order to spread malicious software or carry out any unauthorized action. The attack only lasted a few hours, but it left around 230,000 people without power. The attack demonstrated as a proof-of-concept that large power grids can be disabled by hackers for extended periods of time. Power outages that only last a few days can bring civilization to its knees, and there is certainly potential for greater attacks that must be prevented.Water is essential to life. A key focus for civilizations throughout time has been control over sources of water. It’s no surprise that nations have attempted attacks against each other’s water infrastructure. In 2013, The United States Department of Justice points to Iran as the originator of the dam attack in Rye Brook, New York. The attackers were able to gain control of a computer system that opened and closed the dam’s gate. Similar to the hacking of the Ukrainian power grid in 2013, this incident serves as a proof-of-concept for greater attacks that must be protected against. Compromised dams can lead to flooding, serious structural damage, and power outages.Another United States infrastructure attack occurred in Burlington, Kansas. The FBI and Department of Homeland Security claim that the attack was carried out by Russian agents targeting a local nuclear power plant. Similar to the Ukrainian power grid attacks, spear phishing was the main culprit and mode of execution. A nuclear power plant attack can conjure images of elite, state-sponsored hackers using cutting-edge tools and technology, but a spear phishing attack is frighteningly simple and easy to execute. Despite the implementation of advanced security measures across the world, a series of carefully-worded emails is enough to compromise an entire nuclear power plant. The best defenses against spear phishing are policies, awareness, and training towards use of secured communication channels.Kaspersky Labs CEO and global hacking doomsayer, Eugene Kaspersky, has issued public warnings and ominous statements on infrastructure attacks. As mentioned by many cybersecurity professionals, increasing dependence on technology calls for rigorous security practices around our key points of infrastructure. It is not hard to imagine a world like Terry Gilliam’s Brazil, where a dystopian futuristic society relies on advanced machinery that grows increasingly unstable and beyond repair. As Kaspersky warns, our infrastructure must be secured against attacks both domestic and international.Infrastructure attacks are nothing new, but they have been gaining prominence in recent years. This article looks at some of the highest profile infrastructure attacks in the 21st century. Details of the attacks are provided along with analysis of their impact and meaning for the future of cybersecurity.