Hospitals and national grid “will be hacked in 2016”
Predictions made by security company reverberate with recent warnings from UK government
A major US data security firm has issued a series of predictions about security breaches in 2016, including attacks on the US electric grid and healthcare devices.
PKWARE, which invented the ZIP file compression standard, also predicted that ISIS will breach “a major corporation”, that a US presidential campaign will be hacked, and that there will be widespread cyber-attacks against US law enforcement. The company claims to have a 95% degree of accuracy in its forecasts since 2011.
The predicted risk to electric grids looks particularly pertinent given the recent suspected hack of a Ukrainian power distributor. As CNN reports, American investigators are currently travelling to Ukraine to investigate whether an electricity blackout in December 2015 was an act of cyberwarfare.
Prykarpattya Oblenergo, the power distributor that suffered the breach, reported that 27 of its substations failed, leading 103 cities to blackout with a further 186 cities partially disrupted. The Security Service of Ukraine (SBU) claims that this outage was an attack by Russia, who infected Prykarpattya Oblenergo with malware via an infected Microsoft Word document.
“We know that the hackers who temporarily brought down the power grid in Ukraine have been monitoring systems in the US, but with no actual success as of yet,” Davey Winder, managing analyst at IT Security Thing, tells me. “Defence of critical national infrastructure (CNI) is, frankly, a whole lot better in the West than many other places around the globe. I would be surprised if the UK were to suffer blackouts as a result of a cyber-attack any time soon.”
“Healthcare, on the other hand, is a totally different ballgame,” Winder adds. “State-sponsored attackers have their eye on health as medical records can lead to incriminating information to be used for blackmail of important political players, and criminal gangs are just following the data; there's lots of it in the health sector.”
Miller Newton, CEO of PKWARE, tells me that his predictions for attacks on healthcare stem from the rise of wearable devices and the Internet of Things (IoT). “The more devices, the more of a footprint there is to hack into,” he explains. “There are two types of wearable devices – external devices that we all know about like Apple Watch and Fitbit, and internal devices like pacemakers and insulin pumps. I think there's a huge susceptibility to these being hacked.”
Winder also pinpoints the dangers of inadequately handling data provided by connected devices. “As we get more tech in health, especially wearables and connected devices, then the amount of data generated increases as security decreases,” he says. “So unlike CNI, I would be surprised if there isn't an increase in the successful attacks on our healthcare systems as the year progresses."
These comments chime with remarks by George Osborne in November 2015, who warned that ISIS cyber-attacks could target both power stations and hospitals: "If our electricity supply, or our air-traffic control, or our hospitals were successfully attacked online, the impact could be measured not just in terms of economic damage but of lives lost," he said at the time.
The US Institute for Critical Infrastructure Technology (ICIT) has also issued a white paper this month warning that the healthcare industry is becoming increasingly susceptible to cyber-attacks. “Since 2009, the annual number of cyber-attacks against the healthcare sector has drastically increased; often the number of attacks exceeds the previous year’s count by at least 40%. So far, the healthcare sector has remained a succulent target because organisations only began to seriously invest in cybersecurity in the past five years.”
While Winder also indicated that the National Grid and healthcare are “pretty easy targets for predictions”, and that being targeted and being compromised are very different things, the growth of connected devices does seem to pose problems when it comes to vulnerabilities in outdated infrastructures.
“Our infrastructure systems are antiquated for the most part,” PKWARE's Newton claims. “They've been in existence for a very long time. Whether it's our water systems or our electric systems, these are using old technology. All of the security in play in these organisations is based on paradigms that are no longer applicable today.”