Data from sensors that detect threats in critical infrastructure networks is sitting unanalyzed after a government contract expired this weekend, raising risks for operational technology, a program leader at Lawrence Livermore National Laboratory told lawmakers Tuesday.

That news arrived at a hearing of a House Homeland Security subcommittee on Stuxnet, the malware that was discovered 15 years ago after it afflicted Iran’s nuclear centrifuges. The hearing focused on operational technology (OT), used to monitor and control physical processes in things like manufacturing or energy plants.

Amid a Department of Homeland Security review of contracts, the arrangement between the laboratory and DHS’s Cybersecurity and Infrastructure Security Agency to support the CyberSentry program expired Sunday, the laboratory program manager Nathaniel Gleason told lawmakers under questioning Tuesday. An agency official told CyberScoop later Tuesday that the program is still operational.

CyberSentry is a voluntary program for critical infrastructure owners and operators to monitor threats in both their IT and OT networks.

“We’re looking for threats that haven’t been seen before,” Gleason told California Rep. Eric Swalwell, the top Democrat on the Subcommittee on Cybersecurity and Infrastructure Protection. “We’re looking for threats that exist right now in our infrastructure. One of the great things about the CyberSentry program is that it takes the research and marries it with what is actually happening on the real networks. So we’re not just doing science projects. We’re deploying that technology out in the real world, detecting real threats.”

But the lab can’t legally analyze the data from the CyberSentry sensors without funding from government agencies, and funding agreements were still making their way through DHS processes before the contract expired this weekend, he said.

“One of the most important things is getting visibility into what’s happening on our OT networks,” Gleason said. “We don’t have enough of that. So losing this visibility through this program is a significant loss.”

Spokespeople for the lab did not immediately provide further details on the size or length of the contract. Other threat hunting contracts have also expired under the Trump administration. 

Chris Butera, CISA’s acting executive assistant director for cybersecurity, said in a statement to CyberScoop that the “CyberSentry program remains fully operational.”

“Through this program, CISA gains deeper insight into network activity of CyberSentry partners, which in turn helps us to disseminate actionable threat information that critical infrastructure owners and operators use to strengthen the security of their networks and to safeguard American interests, people, and our way of life,” Butera said. “CISA routinely reviews all agreements and contracts that support its programs in order to ensure mission alignment and responsible investment of taxpayer dollars. CISA’s ongoing review of its agreement with Lawrence Livermore National Laboratory has not impacted day-to-day operations of CyberSentry and we look forward to a continued partnership.”

Tatyana Bolton, executive director of the Operational Technology Cyber Coalition, told the subcommittee there aren’t enough federal OT cybersecurity resources in general.

“We must better resource OT security,” Bolton said. “From addressing the growing tech debt,  hiring cybersecurity experts, to procuring and building updated systems, OT owners and operators don’t have the necessary funding to defend their networks.”

Those owners and operators spend 99 cents of every dollar on physical security and 1 cent on cybersecurity, she said. Reauthorizing the State and Local Cybersecurity Grant Program, due to expire in September, would help with that, Bolton said.

The Trump administration has made large cuts in CISA’s budget since the president took office in January.

This story was updated July 22 with comments from CISA’s Chris Butera.

The post Contract lapse leaves critical infrastructure cybersecurity sensor data unanalyzed at national lab  appeared first on CyberScoop.

Congress is set to revisit Stuxnet — the malware that wreaked havoc on Iran’s nuclear program 15 years ago  — next week in the hopes that the pioneering attack can guide today’s critical infrastructure policy debate, CyberScoop has learned.

The House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection will hold a hearing July 22 to examine the operation that, according to independent reports, was carried out by the U.S. and Israeli governments and targeted Iran’s nuclear enrichment facilities in Natanz.

Witnesses listed for the hearing are Tatyana Bolton, executive director of the Operational Technology Cybersecurity Coalition; Kim Zetter, cybersecurity journalist and author of “Countdown to Zero Day”; Dragos CEO Robert Lee; and Nate Gleason, Lawrence Livermore National Laboratory program leader, according to a copy of the notice.

Stuxnet malware included a rootkit for programmable logic controllers and was built specifically to target industrial systems. Deployed at the Natanz facility before 2010, it was engineered to covertly manipulate the speed of the rotors used to spin nuclear centrifuges, causing them to accelerate and slow unpredictably. The Institute for Science and International Security estimated in 2010 that the worm led to the damage and removal of more than 1,000 centrifuges, or approximately 10% of Iran’s total enrichment capacity at the time.

But the subcommittee led by Rep. Andrew Garbarino, R-N.Y., is interested in more than a history lesson.

“Stuxnet signaled a new age in the targeting of operational technology, an attack vector that has increased in complexity over the past 15 years,” Garbarino said in a statement to CyberScoop. “This moment showed how malware can be used to target and potentially cripple critical infrastructure operations, which has raised the stakes for critical infrastructure resilience for sectors across the globe.” 

Stuxnet also kicked off an era where many countries — and the United States in particular — have seen its domestic critical infrastructure come under threat from criminal and nation-state hacking groups.

“Today, bad actors will not hesitate to use malware to gain a foothold in the services Americans rely on every day and wreak havoc on our way of life,” Garbarino said. “Given increasing threats to critical infrastructure from actors such as Volt Typhoon, it is important to examine the legacy of Stuxnet – –the world’s first cyber weapon.”

In the 15 years since Stuxnet, U.S. critical infrastructure has itself been pilloried by cybercriminals, ransomware groups and nation-states alike. Policymakers are revisiting Stuxnet in the hopes that it can help them learn to better defend their own domestic industries.

A committee aide told CyberScoop that Stuxnet “is part of the story of OT cybersecurity.”

“It marked a pivotal moment in critical infrastructure resilience and the way we think about both offensive and defensive cyber operations,” the aide said. “Now that we are at the 15-year mark since the discovery of Stuxnet, it is timely to review how the cyber threat landscape has evolved to ensure our OT is resilient, especially as DHS warns about heightened threats from Iran against critical infrastructure.”

The hearing also comes weeks after the U.S dropped a total of 12 “massive ordnance penetrator” bombs on several Iranian nuclear facilities, including Natanz, during Operation Midnight Hammer.

The aide added that the lessons could be valuable to legislators with Congress set to tackle a pair of important cybersecurity laws that are set to expire this year.

“We still see gaps in understanding about the risks [in OT] – something we are striving to address through the reauthorizations of CISA 2015 and the State and Local Cybersecurity Grant Program,” the aide said.

Bolton brings a wealth of cybersecurity experience in the federal government, Congress and the private sector. She has worked at Google and the Cyberspace Solarium Commission, where she helped shepherd a broad slate of cybersecurity legislation through Congress.

Zetter’s book is widely considered the most comprehensive and definitive look at how U.S. and Israeli officials built and then covertly deployed the malware in an effort to damage and slow down Iran’s nuclear program.

Lee, a former NSA and Air Force cyber official, now leads one of the most well-known cybersecurity firms, specifically geared toward operational technology and critical infrastructure.

The post House hearing will use Stuxnet to search for novel ways to confront OT cyberthreats appeared first on CyberScoop.