It’s now obvious that the Russians didn’t hack into Burlington Electric, the power utility in northwest Vermont, despite an early Washington Post story claiming it. (The Post, which is a real rather than fake news organization, wrote a follow-up story detailing its earlier error). But that doesn’t mean the situation shouldn’t give us pause, as Greentech Media reports in an excellent article:
Cybersecurity experts see the potential to learn from the whole affair. After all, the very real shutdowns of Ukrainian grid substations in December 2015 — the first-ever confirmed cyberattack against grid infrastructure — got started through similarly innocuous intrusions into utility IT systems.
“The whole goal is to get a host, and then start harvesting credentials,” he said. “If that laptop was really associated with [Russian intelligence services] activity, and there’s malware on it, and it was discovered five weeks later, that’s ample time for the bad guy to achieve significant persistence and control. They’re far past that laptop.”
The Internet of Things has brought the weaknesses of the digital world into the physical world. We need to worry about them a whole lot more.