Cybersecurity breaches and risk management continue to be a concern for businesses of all sizes and types. A recent warning distributed by the U.S. Department of Homeland Security and the FBI regarding targeted hacks in several critical industries is an illustration that anyone can be vulnerable such tactics, including the hospitality industry. My partner Bob Braun, senior member of JMBM’s Global Hospitality Group® and co-chair of JMBM’s Cybersecurity and Privacy Group, summarizes the recent report and its conclusions below. 

The Department of Homeland Security and Federal Bureau of Investigation distributed an email warning late on Friday, October 20, 2017, that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. In particular, the agencies reported that hackers had compromised some targeted networks, but did not identify specific victims or provide other details.

While the report focused on threats to nuclear and conventional power, water, and other infrastructure, the very fact that the DHS and the FBI chose to make a public statement highlights how important the issue is to all industries, and the concern that an attack on infrastructure could have a devastating impact on all aspects of the American economy.

The report noted that, as in many malware attacks, hackers seek to compromise networks with “spear phishing” – emails tailored to reach specific individuals – with malicious attachments and tainted websites with a goal of obtaining credentials that allow the hackers to access computer networks.

Attacks on U.S. public infrastructure have been reported in the past, and authorities initially detailed the attempts in a confidential report in June of this year. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

Robert Lee, an expert in securing industrial networks and chief executive of cyber-security firm Dragos, said the report appears to describe hackers working in the interests of the Russian government, though he declined to elaborate. Dragos reported that it is also monitoring other groups targeting infrastructure that appear to be aligned with China, Iran and North Korea, he said.

Lee said that the hacking described in the government report is unlikely to result in dramatic attacks in the near term, but that it is still troubling: “We don’t want our adversaries learning enough to be able to do things that are disruptive later.”

The report said that hackers have succeeded in infiltrating some targets, including at least one energy generator, and conducting reconnaissance on their networks. It was accompanied by six technical documents describing malware used in the attacks.

Homeland Security “has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign,” the report said.

A full copy of the report can be accessed at https://www.us-cert.gov/ncas/alerts/TA17-293A.