DHS Says SCADA Systems are Safe from Anonymous Attacks Now, But Future is Uncertain
The "hacktivist" collective Anonymous is capable of crippling critical infrastructure, but the odds of developing a Stuxnet-style attack on industrial Supervisory Control and Data Acquisition (SCADA) systems were slim, according to a Department of Homeland Security bulletin.
The four-page report from the department's National Cyber-Security and Communications Integration Center was posted on the Public Intelligence Website on Oct. 17. The Department of Homeland Security evaluated the collective's potential to disrupt critical infrastructure in the "Assessment of Anonymous Threat to Control Systems" report, dated Sept. 17.
Even though hacktivist groups are increasingly more active in their attacks, DHS said actual threats to control systems don't seem to have increased. Anonymous currently has a "limited ability" to conduct attacks that target industrial control systems, the DHS found. The group has the capability to disrupt operations with distributed denial-of-service attacks, but it doesn't currently have the necessary skills to take over critical infrastructure, according to the DHS.
"However, experienced and skilled members of Anonymous could be able to develop capabilities to gain access and trespass on control system networks very quickly," according to the DHS bulletin.
Critical infrastructure refers to the systems and networks that power communications, energy, financial systems, food, government operations, health care systems, transportation and water. The vast majority of the infrastructure is currently controlled by the private sector. There are several bills in Congress proposing some form of government oversight to protect critical infrastructure, but disagreements remain as to who should be in charge and the role government should play.
While the risks currently are low, there was a "moderate likelihood" that future protests could be accompanied by attacks on core infrastructure in the future.
The group can become more interested, especially as they realize how poorly these systems are secured in the first place, the report warned. Members can study industrial control systems using publicly available information and develop malware to exploit well-known vulnerabilities, according to the federal agency.