Here's the White House's response to Killer Apps' request for comment on last night's Wall Street Journal article citing current and former administration officials saying that Iranian hackers have penetrated the networks of U.S. energy firms.
Basically, National Security Staff spokeswoman Laura Lucas confirmed that our critical infrastructure, including the energy sector, is under cyber-attack, with DHS responding to 177 attacks in 2012, and that the administration is hustling to share as much information as possible about cyber-threats with critical-infrastructure providers. Notice the statement below doesn't confirm or deny the WSJ's claim that Iranian hackers specifically are responsible.
Each and every day, the United States faces a myriad of threats in cyberspace, from the theft of U.S. intellectual property through cyber intrusions to distributed denial of service attacks against public-facing websites to intrusions against U.S. critical infrastructure companies, including those in the energy sector. We have observed a trend over the last year, exemplified by this recent activity, of malicious actors increasing their focus against critical infrastructure. Secretary Napolitano has noted these trends in hearings before Congress. For example, in March she cited a campaign of intrusions targeting oil and pipeline companies. Last year DHS responded to 177 incidents against industrial control systems up from just nine three years earlier. The U.S. government is, of course, researching attribution and investigating specific events.
We are concerned about all threats to the security of our networks and critical infrastructure and are actively collaborating with our public and private sector partners to detect and mitigate disruptions and attacks against the nation's critical cyber and communications networks. We are leaning much further forward on providing warning to specific industry and international partners and are working to get ahead of the threat by providing actionable warnings and possible mitigations to all partners. This is part of our effort to implement the President's executive order. We will continue to share information with companies in our critical infrastructure sectors and are working with many institutions to establish a common understanding of malicious tactics and techniques, share network defense best practices, and provide technical assistance. What is critical is that our partners understand the nature and implications of this activity, evaluate the sufficiency of network defenses, remain vigilant, be prepared to respond and recover when such activity does occur, and work with industry organizations and the government to share information about any observed activity.
The WSJ article comes the same week that Richard Bejtlich, of the cybersecurity firm Mandiant, told Killer Apps that his company is seeing a suspected Iranian presence inside his clients' networks for the first time. Last fall, we reported that foreign hackers had penetrated the networks of U.S. energy firms in an effort to scout their weaknesses.
"There's some amount of reconnaissance that is required to infiltrate a large critical-infrastructure network, understand which systems are deployed, and how an attack should be structured to be most effective," Ashar Aziz chief technology officer of cyber security firm FireEye told Killer Apps over coffee this week when asked about foreign hackers infiltrating U.S. power networks. "There's scout malware and there's killer malware. I would not be surprised if scout malware has scouted all the vulnerabilities in critical infrastructure" in the United States, he said.
"I'm sure we have done the same thing" to potential U.S. adversaries, added Aziz. "Basically, we've got our fingers on the trigger very close to the brain of the [power] grid on the other side, and I would not be surprised if our grid was in the very same situation. If somebody felt threatened and wanted to pull the trigger, it would not be hard for them to do that."