WASHINGTON ― The Pentagon is looking to take steps against the possibility that a cyberattack could take down the crucial infrastructure at its bases, both domestically and overseas, per a top department official.
Lucian Niemeyer, assistant secretary of defense for energy, installations and environment, said over the next year his team will be focused on finding solutions to potential vulnerabilities in the industrial control systems ― the devices that control major pieces of equipment such as air conditioning units ― throughout military installations.
“My concern is, I never want to be in front of the secretary of defense explaining why we could not conduct a critical mission because they happened to go in through a system in my purview,” he told Defense News in a November interview.
Niemeyer pointed to the December 2013 hack of retail giant Target, where almost 40 million credit card users’ information was stolen, as an example of how industrial control systems are increasingly a target. The backdoor the hackers used to get to the information was through a third-party HVAC contractor, which had access to network credentials.
Asked if there had been cyberattacks using similar methods against DoD, Niemeyer said, “I don’t know anything I can talk about in public,” but noted such concerns have become widespread in the last several years.
The Pentagon’s concerns go beyond the ability of hackers to access sensitive data.
In a 2013 incident, an Iranian national attempted to take control of the Bowman Avenue Dam in Rye Brook, N.Y. He was able to access the network that would normally allow him to control the dam, but by chance the gate controls were not connected at the time. In a more recent case, a large chunk of Ukraine’s power grid was shut down by a cyberattack in late 2015.
If the same happened at a DoD facility, it could be used to shut down an operation at a crucial time. Imagine if a control tower was shut down as the Air Force attempted to scramble fighters, or garage gates that house heavy artillery refused to open.
“There is always that concern that there is a capability for an adversary to, just like what happened in Ukraine, take down power systems but they can also go down to individual facilities and start having a tactical effect,” Niemeyer said.
Because the 2019 budget is still being formulated, Niemeyer declined to identify specific pilot projects or focus areas that he wants to see launched in the near-term. But broadly speaking, he identified a need “to increase training, to increase the technology we install, to making sure that part of the system can’t be used to deny or exploit DoD capabilities.”
“There is a desire right now to make sure the polices that exist for us drive us toward a unified direction and we’re still working on that part,” he added.