An official website of the United States Government
Here's how you know

Official websites use .gov

.gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS

A lock ( lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Critical Infrastructure Vulnerable to Attack, NSA Leader Says

You have accessed part of a historical collection on defense.gov. Some of the information contained within may be outdated and links may not function. Please contact the DOD Webmaster with any questions.

Strong dependence on industrial control systems, or ICS, is a serious vulnerability for industry, the National Security Agency’s deputy director said here yesterday.

Richard H. Ledgett Jr., deputy director of the National Security Agency, delivers the keynote address during a dinner at the Joint Service Academy Cyber Security Summit at the U.S. Military Academy in West Point, N.Y., April 20, 2016. DoD photo by David Vergun
Richard H. Ledgett Jr., deputy director of the National Security Agency, delivers the keynote address during a dinner at the Joint Service Academy Cyber Security Summit at the U.S. Military Academy in West Point, N.Y., April 20, 2016. DoD photo by David Vergun
Richard H. Ledgett Jr., deputy director of the National Security Agency, delivers the keynote address during a dinner at the Joint Service Academy Cyber Security Summit at the U.S. Military Academy in West Point, N.Y., April 20, 2016. DoD photo by David Vergun
Cyber Speech
Richard H. Ledgett Jr., deputy director of the National Security Agency, delivers the keynote address during a dinner at the Joint Service Academy Cyber Security Summit at the U.S. Military Academy in West Point, N.Y., April 20, 2016. DoD photo by David Vergun
Photo By: David Vergun
VIRIN: 160420-D-ZZ999-0420

"There's no doubt that Chinese military planners understand the importance of industrial control systems and the critical infrastructure they control," Richard H. Ledgett Jr. said in his keynote address during a dinner at the Joint Service Academy Cyber Security Summit at the U.S. Military Academy.

Security Threat Inadequately Addressed

Historically, ICS has been strong because of its obscurity, he explained, calling it "weird software with proprietary systems."

But over time, ICS has become less obscure, and providers, working on thin profit margins, haven't adequately addressed the security threat, he said. "Adversaries are seeing what they can get by compromising those industrial control systems," he added.

In 2007, Idaho National Laboratory ran the Aurora Generator experiment, which demonstrated that the electric grid could be compromised. There are other notable examples, he said.

"You don't need to cause physical harm to affect critical infrastructure assets," Ledgett pointed out. For instance, he said, remote hackers using stolen credentials caused a Ukrainian blackout about four months ago that took down the country’s entire power grid.

"These are all fairly significant events," he said. "We're seeing more and more of that by adversaries."

Internet of Things

More and more devices are being connected to the Internet, Ledgett noted. Some 6.4 billion things worldwide will be connected by the Internet this year, he said, and by 2020, that number will be about 20.8 billion. The challenge is identifying emerging risks and vulnerabilities that come about with the introduction of new hardware and software, he said.

"Any system is only as strong as its weakest link," Ledgett said. Most types of devices connected to the Internet are built with differing security profiles and updated on differing timescales, and every time it's updated, that's another opportunity for a security vulnerability, he added.

Cybercrime is one example, Ledgett said. A million pieces of malware come out every day, he said, and 1.5 million criminal cyber events take place every year.

"Today, anyone with a computer and a fairly decent level of knowledge and an Internet connection can pose a very serious threat to an individual, a business, a city and a foreign nation," he said.

The Joint Service Academy Cyber Security Summit was co-hosted by the Army Cyber Institute and Palo Alto Networks.

Related Stories