Dan Patterson speaks with cybersecurity expert Robert Lee about how Russia, Iran, China, and North Korea pose a threat to US industrial infrastructures.
Dan Patterson, CNET and CBS News Senior Producer, spoke with cybersecurity company Dragos, Inc., Founder and CEO Robert Lee about cyber threats to industrial infrastructures in the US. The following is an edited transcript of the interview.
Robert Lee: The [countries] we've seen over the years would be Russia, Iran, China, North Korea--the normal players. But one of the things that I often caution people is, because we know who to look for and because we know where to look for those actors, we keep seeing them over and over again in almost a self-fulfilling prophecy. There are obviously other states doing things, but we often lack the visibility into those environments to then go and say, "Oh, maybe there's a North African based team. Maybe we're seeing other state actors that we traditionally haven't seen." And some of those known/unknown players can be pretty concerning as well.
SEE: Can Russian hackers be stopped? Here's why it might take 20 years (TechRepublic cover story) | Download the PDF version
Dan Patterson: Let's get a little more specific here. What are they after? What have they found already?
Robert Lee: A good example would be a team we call Electrum. The US government came out and attributed it haphazardly to Russia. They were the ones that were responsible for the 2016 electric power outage in the Ukraine. We've seen a team called Xenotime, which others have attributed to the Russian state as well. They've targeted the site in Saudi Arabia. What they did is effectively compromised the safety system. Easiest way to think about this is in a large petrochemical environment that's inherently unsafe, everything there is for the purpose of the business. The one thing that's stand off on its own, that's just to protect human life, is a safety system. There's no value in going after it except to compromise safety.
So we've seen a tax now where we thought there could be a loss of life, luckily the attackers in that case failed. But in the US electric infrastructure, and in the infrastructure we've seen around energy in manufacturing in North America, we've seen a mixture of intellectual property theft from manufacturing companies. Everything from how you do business to maybe even pharmaceutical recipes for advancement medications and so forth, to information and electric, which would be more akin to preparatory actions. Basically, how would you target that electric site? Let's steal the type of information relevant to be able to do that.
Watch more interviews with Dan Patterson and Robert Lee
- Why critical infrastructure is vulnerable to cyberattacks
- How the US hacks other countries
- How US cities are hacked by other countries
- How the government should regulate cybersecurity
- How to become a cybersecurity pro: A cheat sheet (TechRepublic)
- Mastermind con man behind Catch Me If You Can talks cybersecurity (TechRepublic download)
- Windows 10 security: A guide for business leaders (TechRepublic Premium)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
- All the VPN terms you need to know (CNET)
- Cybersecurity and cyberwar: More must-read coverage (TechRepublic on Flipboard)