Security Infrastructure Threat Growing

Friday, September 30, 2011 @ 02:09 PM gHale

Everyone knows what has happened already in the world of cyber security, Stuxnet, Slammer, and various other worms and viruses, but think about what could happen if hackers targeted a power grid or chemical plant, a top U.S. cyber security official said.

A cyber attack on the nation’s critical infrastructure “could have cascading effects across multiple sectors” and is “another order of magnitude that we have to be worried about now,” said Greg Schaffer, acting deputy undersecretary at the Department of Homeland Security.

Cyber Report: Life on Technology’s Edge
Cyber Security Month: DHS Eval Tool
White House Invests in Smart Grid, Security
U.S. Outlines Cyber Security Plan
White House: Cyber Hits Down, But Not for Feds

The nation’s adversaries are “knocking on the doors of these systems and in some cases there have been intrusions,” Schaffer said, without detailing which companies were the target and when.

Schaffer spoke during a tour of facilities at the Energy Department’s Idaho National Laboratory, where DHS has programs that assess technology vulnerabilities in utility, manufacturing and other systems and work with companies in those sectors to address specific cyber threats. The laboratory is a center for nuclear energy research.

“We are connecting equipment that has never been connected before to these global networks,” Schaffer said. Disgruntled employees, hackers and perhaps foreign governments “are knocking on the doors of these systems, and there have been intrusions.”

Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year. He did not describe the group’s findings, except to say they confirmed it was “very sophisticated.”

Edwards said several years ago he had asked Siemens to study the same kind of industrial controllers used at Natanz for vulnerabilities to attack, because they were so widely used in industry.

But he said the study was not part of any effort to target the controllers with malware, and said his program’s work on the controllers could not have helped Stuxnet’s designers.

A cyber security proposal from the Obama administration calls for the Homeland Security Department to “work with industry” to shore up vulnerabilities in critical infrastructure, such as electrical grids and financial networks. The proposal, submitted to Congress in May, seeks to jump-start efforts in Congress to update U.S. laws in response to the increased threat of cyber attacks capable of crippling business and government operations.

Data breaches at Tokyo-based Sony Corp. and Citigroup Inc. have sharpened U.S. government scrutiny of how businesses protect consumer information and notify the public about cyber attacks. U.S. lawmakers criticized Sony for taking six days to disclose an attack that exposed 100 million customer accounts and prompted the temporary shutdown of the company’s PlayStation Network.

Leave a Reply

You must be logged in to post a comment.