Critical infrastructure is an important part of keeping the world running and ensures that we have access to the things we need for everyday life, such as clean water, energy and power. However, this also makes these assets a prime target for threat actors. One of the biggest targets is the seat of power itself: the White House.
In 2014, in Washington D.C., the White House experienced a cyberattack on its network. While there was supposedly no classified information in the network the hacker got into, according to a White House official, the cyber adversary — believed to be Russian — was likely going to use the network to springboard into other critical infrastructures.
The White House under attack
The White House attack was carried out on the Executive Office of the President network. According to an interview by The Washington Post, a White House official said there are “bad actors out there who are attempting to achieve intrusions into our system,” stating that it wasn’t unexpected in the least.
According to the Huffington Post, “Network outages are not uncommon in the White House, but they typically last no more than a few hours. For the system to be damaged for days on end indicates an attack of significant strength.”
The attacked network’s cybersecurity featured an “air-gap” system to separate it from classified networks. An air-gap strategy is when a system’s network is closed, meaning there is “no way” to access that network remotely. However, this is a fallacy, as physical air gaps are an outdated cybersecurity practice. In the world today, air gaps are not what they used to be. Everything is so connected through networks and cloud technology that there are ways around air gaps. Hackers also can still plug a device into an air-gapped system and take information. Had the threat actor acted a little faster, they could have breached the classified network.
Similarly, an Indian nuclear facility relied on an air-gap system to protect its internal facility networks. However, it didn’t take much for the hackers to get past that layer of security. They plugged their computer into a control system in the facility and were able to access everything. The Indian government denied that this happened, but admitted the truth a few weeks post attack.
While the point of entry and how the attacker got into the White House network are still publicly unknown, some employees were informed to change their passwords and VPNs, indicating this attack was carried out remotely.
Another White House official said, “This is a constant battle for the government and our sensitive government computer systems, so it’s always a concern for us that individuals are trying to compromise systems and get access to our networks.”
The U.S. response team meant to help defend against cyberthreats at the time was the U.S. Cyber Command — a “military organization dedicated to defending the country’s critical computer systems.” While this team was not activated, Cyber Command can use force when commanded to by the president or defense secretary.
U.S. response to the White House intrusion
After the attack was discovered, the White House shut down its network and had an “outage.” In this context, an outage is a defense mechanism meant to stop threat actors from getting any farther into the systems.
According to one information security consultant, “The key step in any breach is to identify the root cause of the breach and how the attack happened. Once this is done, then steps should be taken to ensure that path cannot be used again by the attackers, or indeed any other attackers.”
Other cyberattacks on the federal government
This incursion into White House networks isn’t the first time the U.S. government has been under cyberattack. One such incident in 1996, Moonlight Maze, was a major hack on U.S. government networks that led to sensitive and classified information being stolen. It took several years and a team of 40 to stop Moonlight Maze.
Another attack that happened on U.S. grounds was carried out by a young Kevin Poulsen, who hacked his way into the Advance Research Projects Agency Network (ARPANET). He was also wiretapping into U.S. government lines of communication and leaked the information to the public, which caused an uproar of its own. While he was in custody for several years, Poulsen was charged with only minor crimes and wasn’t allowed access to a computer for three years.
Because of the stature and presence of the United States and its government, it openly invites challenge. This means best cybersecurity practices are more important than ever when it comes to U.S. federal systems. They must continue to use those best practices to ensure the safety of not only classified data, but critical infrastructure.