recommended reading

Occupy Wall Street plus Anonymous may equal city computer outages

Note to the Homeland Security Department: expect hackers to join forces with offline activists in 2012 for strikes on transportation computer systems and other critical networks. According to annual predictions released by security firm McAfee, anti-Wall Street demonstrators occupying parks in cities across the country and digital vigilantes associated with hacktivist group Anonymous may soon operate as "cyberoccupiers."

"Think about the effectiveness if you actually shut down transportation in the place that you're sitting in at," said Dave Marcus, security research director for McAfee Labs. "You actually take the step of taking their power offline." For example, Anonymous this summer wanted to get back at the Bay Area Rapid Transit District for jamming passengers' cellphones amid demonstrations against BART police violence. The instigators could have made a bigger statement by crippling the railway's control system instead of doing what they did -- leaking the e-mail addresses of its riders and posting nude photos of its spokesman.

Other 2012 scenarios published on Wednesday envision the Defense Department staging cyberwarfare games to scare off the likes of the Chinese military. The predictions also posit that hacktivists will ramp up disclosures of government officials' e-mails and other private data. The goal of McAfee's yearly assessments is to convince authorities and network administrators to take threats more seriously, Marcus said. "We don't write them to be doomsayers," he stressed. "It's possible to secure these types of systems. But part of that preparedness may require changing behavior."

Industrial supervisory control and data acquisition systems -- the machinery that operate power grids and water plants -- are vulnerable because they were not designed for the Internet environment, according to McAfee. Recently, state of Illinois reports indicated a water pump outage was possibly the work of Russian hackers, but federal forensic analysts later ruled out malicious activity. Still, the incident demonstrated how ill-equipped to handle attacks some municipalities are, Marcus said. "If you don't know when it's not a cyberattack, what does that really mean for your preparedness in actually stopping a cyberattack?"

McAfee's forecast states, "It's time for extensive penetration testing and emergency response planning that includes cybercomponents and networking with law enforcement at all levels." Increasing communication between the private sector and authorities is a thorny issue. Congress has struggled to pass legislation that will somehow allow businesses to disclose breaches, without infringing on customer privacy or punishing firms too harshly.

"I think most of us tend to favor self-regulation," Marcus said. "But for something as big as infrastructure, you may need the government" involved. Officials should provide companies with resources and guidance, and not just penalize them, he added.

This year, researchers said, the Pentagon equated cyberattacks to acts of war that can warrant kinetic strikes in response, but next year McAfee says the U.S. military will strut its cyber artillery. China for years has distributed propaganda touting the country's cyberwarfare powers, while the United States has promoted the power of deterrence. The U.S. military is long overdue for a more offensive stance, said Marcus, who expects Defense to hold public cyberwarfare demonstrations with vendors in 2012.

"I think governments are going to be much more up front about what kind of cyber capabilities they have," he said. "It looks like, from an outsider view, that China walks all over us." Wargames would allow for "showing off your digital weaponry in a different kind of format, which is a safer way" to intimidate without divulging actual probes, Marcus added.

Next year, look for hacktivists to clarify their goals. Last weekend, hackers claiming to be affiliated with Anonymous leaked the names, addresses and credit card information of government subscribers to security intelligence provider Stratfor. But the main Anonymous group immediately posted a bulletin disavowing the strike. McAfee researchers anticipate such divides will dissipate next year.

"The 'true' Anonymous (that is, its historical wing) will reinvent themselves and their scene or die out," the predictions state. "If the Anonymous circles of influence are unable to become organized -- with clear calls for action and responsibility claims -- all those labeling themselves Anonymous will eventually run the risk of becoming marginalized."

Either way, their modus operandi of disabling websites and publishing personal data in the name of human rights will intensify, the researchers said. "For political and ideological ends, the private lives of public figures -- politicians, industry leaders, judges, and law-enforcement and security officers -- will be disclosed this year more than in the past," the forecast says.

Marcus added, "With the election coming down the line, I can't see them not leveraging that. I really can't."

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.