{"id":14489,"date":"2025-07-23T03:16:19","date_gmt":"2025-07-23T03:16:19","guid":{"rendered":"https:\/\/newestek.com\/?p=14489"},"modified":"2025-07-23T03:16:19","modified_gmt":"2025-07-23T03:16:19","slug":"warning-to-feds-us-infrastructure-is-under-silent-attack","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14489","title":{"rendered":"Warning to feds: US infrastructure is under silent attack"},"content":{"rendered":"
\n
\n
\n
\n
\n
\n
<\/div>\n<\/section>\n

Threat actors have become craftier as they increasingly target critical infrastructure, including operational technology (OT) environments such as electric grids, Nate Gleason, program leader at Lawrence Livermore National Laboratory (LLNL), told regulators during a federal hearing Tuesday.<\/p>\n

\u201cOur adversaries see our critical infrastructure as an attractive target,\u201d he told the US Homeland Security subcommittee on Cybersecurity and Infrastructure Protection. \u201cThese adversaries are highly capable and invest significant resources in developing capabilities to hold our infrastructure systems, and the functions that depend on them, at risk.\u201d<\/p>\n

Fighting back with the CyberSentry program<\/h2>\n

The security subcommittee held the hearing to discuss the evolution of attacks on critical infrastructure and OT<\/a> environments in the 15 years since Stuxnet<\/a>, a digital weapon designed to sabotage Iran\u2019s nuclear program, emerged in 2010.<\/p>\n

For example, Gleason<\/a> said during his testimony<\/a>, in 2022, as part of a US federal program, researchers from the LLNL in California detected internet-connected surveillance cameras stealthily built into critical infrastructure systems. They were sending information back to overseas servers operated by suspected hostile actors. LLNL<\/a> quickly built a detection tool and produced playbooks to address the issue, and the Cybersecurity and Infrastructure Security Agency (CISA) issued widespread alerts to mitigate the problem.<\/p>\n

One of the ways the US is fighting back is with the CyberSentry<\/a> program, which partners CISA with private sector companies that volunteer to have their systems monitored for malicious activity. Participants are from sectors including energy, transportation, critical manufacturing, the nuclear industry, and others.<\/p>\n

It was through this program that LLNL developed the capability to detect what it called \u201csubtle malicious beaconing behavior\u201d that available tools were unable to pick up on. In its Skyfall<\/a> lab, Gleason\u2019s team set up an OT environment and deployed various samples of beaconing malware to test commercial and open-source tools. They then built an advanced analytic, increasing its sensitivity to detect more subtle threats and improving selectivity to reduce false positives.<\/p>\n

The analytic was then deployed in the CyberSentry environment \u2014 and \u201calmost immediately\u201d threat analysts detected anomalous beacons<\/a> on a participating company\u2019s OT network that were emanating from cameras built by Chinese manufacturer Dahua and other manufacturers, both foreign and domestic, Gleason explained. Dahua, in particular, has been identified by the Federal Communications Commission (FCC) as posing an unacceptable risk to national security.<\/p>\n

LLNL discovered that the majority of CyberSentry participants had these cameras on their networks, in some cases in the hundreds. In addition to communications with suspected hostile servers overseas, reverse engineers were able to identify functionality that could enable back-door access to any network the devices were connected to.<\/p>\n

\u201cMany of these cameras were sitting on OT networks, potentially granting access to control the physical processes in our infrastructure,\u201d said Gleason.<\/p>\n

His team built a machine learning (ML) model to automate detection of the cameras and deployed it across participating CyberSentry partners. Federal agencies also communicated the findings widely, and the lab developed a set of playbooks published by CISA.<\/p>\n

\u201cThe security gains derived from this partnership between a few dozen critical infrastructure asset owners and CISA reverberated widely across US critical infrastructure,\u201d said Gleason.<\/p>\n

IT and OT are fundamentally different<\/h2>\n

Robert M. Lee, CEO and co-founder of cybersecurity company Dragos, Inc.<\/a>, also spoke at the hearing, pointing out that enterprises and regulators must \u201crecognize and account for\u201d the differences between information technology (IT) and OT systems.<\/p>\n

\u201cIT and OT systems differ fundamentally in both purpose and operation,\u201d he said. \u201cWhile some traditional IT controls have been adapted for OT, the security mindset must differ.\u201d<\/p>\n

While IT supports how a business is managed, OT enables physical functions at an organization\u2019s core, such as controlling pumps or chemical levels at a water facility. These two different missions should shape how risks are assessed and managed, said Lee.<\/p>\n

\u201cWhile an adversary might exploit similar vulnerabilities in IT and OT systems, the consequences and adversary behavior differ,\u201d he said. Whereas a breach in an IT system may result in data theft, in OT it could lead to \u201cphysical disruption, equipment damage, or even loss of life.\u201d<\/p>\n

Despite this, infrastructure operators have been underinvesting in OT security. Based on Lee\u2019s anecdotal experience, about 95% of cyber spend is focused on IT, and just 5% on OT. The latter also have distinct operational demands: Systems often must run continuously for years, require redundancy, and depend on precise, millisecond-level responsiveness.<\/p>\n

Cybersecurity mindsets must account for OT\u2019s unique physical environments, long hardware lifecycles, and evolving threats, said Lee. These dictate different practices, technologies, and policy responses. \u201cRegulators and policymakers must recognize these critical distinctions when setting policy,\u201d he said.<\/p>\n

He warned: \u201cLet\u2019s be clear: The timeline to take action against this growing threat is short, and the consequences of failure could, and likely would, be people dying.\u201d<\/p>\n

The importance of CISA 2015<\/h2>\n

Ten years ago, US lawmakers passed the Cybersecurity Information Sharing Act of 2015<\/a>, which encouraged the sharing of cyber threat intelligence between the government and the private sector as a means to improve cybersecurity throughout the country. However, its lifetime was finite; the Act is set to expire on September 30, 2025.<\/p>\n

Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition<\/a>, along with many other experts, are calling for the reauthorization of the act.<\/p>\n

\u201cThis legislation is crucial to information sharing and strengthening US collective defense,\u201d she said at today\u2019s hearing.<\/p>\n

Private sector cybersecurity teams, particularly those protecting critical infrastructure, rely on information-sharing to strengthen their defenses, Bolton said, calling these communication channels \u201ccrucial\u201d for supporting national threat awareness and allowing for rapid responses to cyber incidents.<\/p>\n

\u201cIf the legal protections established by the Act were to lapse, this flow of information would be disrupted,\u201d she warned.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"

Threat actors have become craftier as they increasingly target critical infrastructure, including operational technology (OT) environments such as electric grids, Nate Gleason, program leader at Lawrence Livermore National Laboratory (LLNL), told regulators during a federal hearing Tuesday. \u201cOur adversaries see our critical infrastructure as an attractive target,\u201d he told the US Homeland Security subcommittee on Cybersecurity and Infrastructure Protection. \u201cThese adversaries are highly capable and… <\/p>\n

Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14489","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14489","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14489"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14489\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14489"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14489"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14489"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}