Pagers and walkie-talkies are still used by US critical infrastructures such as power, water, and oil/gas. It appears the compromise of the Hezbollah pagers, walkie-talkies, and solar systems were supply chain attacks, somewhat akin to the Farewell Dosier attack on Gazprom in 1982. The Hezbollah pagers and walkie-talkies needed to be remotely actuated making them a combination of supply chain and cyberattacks. On September 18th, the Aspen Institute held their AspenDigital Conference in Washington with a cast of cybersecurity luminaries. There were no presenters from critical infrastructures or the control system community. The Chinese cyber issues discussed did not mention the hardware backdoors in Chinese-made large electric transformers or hardware implants in Chinese-made port cranes. There was also no discussion that cyber security education needs to address the unique aspects of control systems including the ability to identify control system incidents as being cyber-related. Additionally, the cyberattacks against the pagers and walkie-talkies in Lebanon and Syria were not mentioned even though they occurred before the AspenDigital Conference started. Whether the incident is considered to be a cyberattack or a supply chain attack may be less important than recognizing the ways in which these threats are converging.
Government and industry are indifferent or unaware of critical infrastructure kinetic cyber incidents
Leave a comment