Homeland Security report hoses down energy-sector 'cybergeddon' talk

It's all the media's fault. Even when the DHS hypes things up

+Comment Everybody knows how easily the world could be plunged into a New Dark Ages with nothing more than a handful of hacker keystrokes – everybody except the United States Department of Homeland Security (DHS).

In a report obtained and published by Public Intelligence researchers, the DHS contradicts most of the received wisdom attached to the critical infrastructure debate, by assessing the immediate risk to America's energy network as “low”.

The intelligence assessment, entitled Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector, has been circulated among America's policy-makers since January.

Working with ICS-CERT, the DHS has come to the conclusion that the main aim of nation state-level attackers on the US energy sector is espionage rather than destruction.

“The APT activity directed against sector industrial control system (ICS) networks probably is focused on acquiring and maintaining persistent access to facilitate the introduction of malware, and likely is part of nation-state contingency planning that would only be implemented to conduct a damaging or disruptive attack in the event of hostilities with the United States”, the report says under the heading Key Judgements.

While there were 17 intrusions “against the US energy sector” reported in 2014, for example, the report says the “APT actors did not cause any damage or disruption”.

Incidents described in the report included four Bang-based DDoS malware attacks, three Cryptolocker attacks, and a successful financial attack against a North Carolina fuel distributor that netted US$800,000 by using compromised login credentials.

So why does everybody believe the world is only a few clicks away from cybergeddon? Apparently, the DHS reckons, it's all the media's fault.

“Imprecise use of the term 'cyber attack' in open source media reporting and throughout the private sector has led to misperceptions about the cyber threat to the US energy sector”, the report says.

Asking for the rhetoric rheostat to be dialled back a few notches, the report continues: “Overuse of the term 'cyber attack' risks 'alarm fatigue', which could lead to longer response times or to missing important incidents”.


The DHS's public rhetoric doesn't always help media distinguish between real and imagined threats. A good example is in how the report dissects the now-famous December blackouts in the Ukraine.

In March, ICS-CERT was confident about attributing the attacks to intrusions: “power outages were caused by remote cyber intrusions at three regional electric power distribution companies (Oblenergos) impacting approximately 225,000 customers”.

Here's the intelligence assessment's full text regarding the incidents (emphasis added):

“Open source media and various US cybersecurity threat intelligence companies have claimed that at least six Ukrainian regional power providers in late December suffered a cyber attack causing the loss of power for more than 80,000 customers for up to six hours. Due to limited authoritative reporting, I&A is unable to confirm the event was triggered by cyber means.

“While not independently confirmed as the cause of the outage, malware provided by Kyiv indicates the presence of a variant of an ICS-specific malware on the energy provider’s systems, according to ICS-CERT analysis.

“The variant provided by the Ukrainian Government has the capability to enable remote access and delete computer content, including system drives. I&A cannot attribute this operation to any specific cyber actor, but the attacks are consistent with our understanding of Moscow’s capability and intent, including observations of cyber operations during regional tensions. This incident does not represent an increase in the threat of a disruptive or destructive attack on US energy infrastructure, which I&A assesses is low.

The DHS's Andy Ozment and Greg Touhill wrote: “US critical infrastructure entities have been affected by targeted intrusions in recent years, and it is imperative that critical infrastructure owners and operators across all sectors are aware and up-to-date on the cyber threat landscape and the measures they can take to protect their assets.”

That seems, to The Register, to leave plenty of room for the media to interpret the DHS's position as a warning of imminent threat. ®

Similar topics

Broader topics

Other stories you might like

  • James Webb Space Telescope has arrived at its new home – an orbit almost a million miles from Earth

    Funnily enough, that's where we want to be right now, too

    The James Webb Space Telescope, the largest and most complex space observatory built by NASA, has reached its final destination: L2, the second Sun-Earth Lagrange point, an orbit located about a million miles away.

    Mission control sent instructions to fire the telescope's thrusters at 1400 EST (1900 UTC) on Monday. The small boost increased its speed by about 3.6 miles per hour to send it to L2, where it will orbit the Sun in line with Earth for the foreseeable future. It takes about 180 days to complete an L2 orbit, Amber Straughn, deputy project scientist for Webb Science Communications at NASA's Goddard Space Flight Center, said during a live briefing.

    "Webb, welcome home!" blurted NASA's Administrator Bill Nelson. "Congratulations to the team for all of their hard work ensuring Webb's safe arrival at L2 today. We're one step closer to uncovering the mysteries of the universe. And I can't wait to see Webb's first new views of the universe this summer."

    Continue reading
  • LG promises to make home appliance software upgradeable to take on new tasks

    Kids: empty the dishwasher! We can’t, Dad, it’s updating its OS to handle baked on grime from winter curries

    As the right to repair movement gathers pace, Korea’s LG has decided to make sure that its whitegoods can be upgraded.

    The company today announced a scheme called “Evolving Appliances For You.”

    The plan is sketchy: LG has outlined a scenario in which a customer who moves to a locale with climate markedly different to their previous home could use LG’s ThingQ app to upgrade their clothes dryer with new software that makes the appliance better suited to prevailing conditions and to the kind of fabrics you’d wear in a hotter or colder climes. The drier could also get new hardware to handle its new location. An image distributed by LG shows off the ability to change the tune a dryer plays after it finishes a load.

    Continue reading
  • IBM confirms new mainframe to arrive ‘late’ in first half of 2022

    Hybrid cloud is Big Blue's big bet, but big iron is predicted to bring a welcome revenue boost

    IBM has confirmed that a new model of its Z Series mainframes will arrive “late in the first half” of 2022 and emphasised the new device’s debut as a source of improved revenue for the company’s infrastructure business.

    CFO James Kavanaugh put the release on the roadmap during Big Blue’s Q4 2021 earnings call on Monday. The CFO suggested the new release will make a positive impact on IBM’s revenue, which came in at $16.7 billion for the quarter and $57.35bn for the year. The Q4 number was up 6.5 per cent year on year, the annual number was a $2.2bn jump.

    Kavanaugh mentioned the mainframe because revenue from the big iron was down four points in the quarter, a dip that Big Blue attributed to the fact that its last mainframe – the Z15 – emerged in 2019 and the sales cycle has naturally ebbed after eleven quarters of sales. But what a sales cycle it was: IBM says the Z15 has done better than its predecessor and seen shipments that can power more MIPS (Millions of Instructions Per Second) than in any previous program in the company’s history*.

    Continue reading

Biting the hand that feeds IT © 1998–2022