Security flaws affecting computer systems that control critical infrastructure are being explored by foreign adversaries as hackers find new ways to wage potentially debilitating cyber attacks, said NSA Deputy Director Richard Ledgett Jr.
Mr. Ledgett, speaking Thursday during a cybersecurity summit at the U.S. Military Academy in West Point, New York, acknowledged that systems used by utility companies, telecommunication providers and other critical infrastructure components are increasingly susceptible to cyberattacks.
“There’s no doubt that Chinese military planners understand the importance of industrial control systems and the critical infrastructure they control,” Mr. Ledgett said during his keynote address at the Joint Service Academy Cyber Security Summit, according to the Pentagon.
Industrial control systems haven’t always been prime targets for hackers, Mr. Ledgett said, partly on account of being composed of “weird software with proprietary system.” As those technologies became less obscure, however, hackers have routinely discovered unpatched security flaws that affect the control panels of a growing number of critical infrastructure components.
“Any system is only as strong as its weakest link,” Mr. Ledgett said. “You don’t need to cause physical harm to affect critical infrastructure assets. Today, anyone with a computer and a fairly decent level of knowledge and an Internet connection can pose a very serious threat to an individual, a business, a city and a foreign nation.
In February, President Obama requested $19 billion in federal funding to bankroll a new suite of cybersecurity initiatives intended to strengthen critical infrastructure components and other “important technologies.”
“It’s only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States,” NSA Director Adm. Mike Rogers told attendees at a security conference in San Francisco the following month.