HUNTSVILLE, Ala. (WHNT) – Following Russia’s invasion of Ukraine and U.S. sanctions against Russia, Huntsvillians might be wondering – Is Huntsville at risk of cyberattacks?
One expert from the University of Alabama in Huntsville (UAH) says it’s possible but unlikely.
“Russia attacking U.S. critical infrastructure in a way that affects our society seems unlikely to me because we would know where the attack came from and we might respond in kind. Cyberattacks are not governed by mutually assured destruction like nuclear bombs. Nations use cybersecurity attacks because they are inexpensive and generally nobody dies.”Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
Historically, Huntsville has been a top Moscow target since the Cold War, and Morris said that extends to the city’s technology as well.
“Redstone Arsenal is a Federal Center of Excellence with a great deal of research and development, logistics and supply, intelligence and law enforcement activity. This makes Redstone Arsenal, businesses in the area and even our home networks high-value targets. Our home networks are targets because our family members work at Redstone or at local companies involved in the high-value target areas.“Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
And while much press has focused on vulnerabilities in the electrical grid, there’s something else that hackers have been targeting, Morris added.
“One attack that has grown in recent years is attacks on money transfers. Banks send money electronically with systems developed a relatively long time ago. Another threat that is growing is attacks on cryptocurrency like Bitcoin, Ethereum, Dogecoin, etc. wallets (which serve as electronic storage for cryptocurrencies). If you are dabbling in cryptocurrency, be careful. This theft is extremely hard to trace and there are no protections such as you might get from a credit card company or from the Federal Deposit Insurance Corporation for a bank account.”Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
What form would a potential attack come in? Ransomware, explained Morris.
“Criminals run ransomware operations to encrypt any computer’s data they can find. They charge ransom to give you your data back. Sometimes they have no intention of giving your data back.”Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
Despite money and work being poured into defending critical infrastructure, Morris said staffing is affecting the industry.
“We have far more computers than cybersecurity professionals to bring cybersecurity best practices to all corners of our networks. Because of a shortage of cybersecurity professionals many systems remain vulnerable to attack even though we know how to defend them.“Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
Morris said the attacks, if they came, would likely target low-level Supervisory Control and Data Acquisition systems, like the SolarWinds attack in 2020, which was linked to Russian hackers.
“SCADA systems are computers and networks that control electric power, water treatment and distribution, gas pipelines, factory automation and other critical infrastructure. SolarWinds, email attacks and other penetrations allow attackers to look around and pivot to access high-value targets they find inside networks. Once they are in, they can install back doors and come back with later attacks.”Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
In the case of an attack against Ukraine in 2015, a backdoor was leveraged to shut off power over Christmas to thousands of customers.
“They don’t necessarily want to take out our critical infrastructure now, but if we go to war or if they want to send us a message, they want to be able to attack later.”Dr. Tommy Morris, director of the Center for Cybersecurity Research and Education at UAH
Besides ensuring all data is backed up in the event of a ransomware attack, there are some simple steps all of us can take to stay safe:
- Use complex passwords (mix letters, numbers, and symbols; don’t use a single word – especially “password”) and change them regularly – many experts sugget using a password manager such as 1Password, LastPass, or Apple’s built-in iCloud Keychain, instead of the old sticky note
- Set up two-factor authentication, where available
- Don’t use the same password for multiple accounts
- Install a virus scanner on your computer and make sure it runs regularly
- Don’t click on links in emails (that warning that pops up at the bottom of many corporate emails from outside the company should be a good reminder)
Other general tips on cybersecurity and mitigating cyberattacks can be found on the Cybersecurity and Infrastructure Security Agency website.