Utilities and Infrastructure: The New Front Lines for the Battle for Cyber Security
Next up in our National Cyber Security Awareness Month (NCSAM) blog series – utilities. While cybercrimes against banks and healthcare providers are on the rise and continue to generate the majority of buzz within the security community, utilities and critical infrastructure represent arguably the greatest threat to national security. Don’t be mistaken; these threats have government officials very concerned. The National Security Agency predicts a major cyberattack on U.S. infrastructure over the next 12 to 18 months and officials are openly discussing the release of a recent al Qaeda video calling for an “electronic jihad.”
Within the past couple of weeks, Defense Secretary Leon Panetta proclaimed during a speech on security that the United States is in a “pre-9/11 moment,” citing the risk of crippling online attacks against public utilities, trains or chemical factories. According to a report in Stars and Stripes, Panetta also revealed that investigators have uncovered instances where online intruders have gained access to control systems for chemical, water and electrical plants, as well as public transportation control software. According to Panetta, attacks on public utilities could spark a “cyber Pearl Harbor.”
Panetta is not alone in his concerns. Recently, the chairman of the United States Federal Energy Regulatory Commission (FERC), Jon Wellinghoff voiced his concerns around cybersecurity and the lack of authority for an agency to act upon threats. According to Wellinghoff, “nobody has adequate authority with respect to both the electric and the gas infrastructure in this country regarding known vulnerabilities. If I had a cyber-threat that was revealed to me in a letter tomorrow, there is little I could do the next day to ensure that that threat was mitigated effectively by the utilities that were targeted.”
The cyber-threat issue is being exacerbated as utilities increase their use and reliance on technologies such as smart grid and remote control systems. The more connected a facility or network becomes, the greater the risk. In many cases these facilities don’t realize the extent to which they are connected to the Internet and by extension, the threats that are constantly being introduced to the facility by devices brought in by employees and staff.
The idea that entire regions could be left without critical services such as water or power sounds like the script from a movie or the inspiration for a hit TV show but it is a threat that is not only possible, but expected by the Department of Homeland Security. As Congressman Michael McCaul, a leader in Congress on cybersecurity issues recently stated, “This isn’t science fiction, this is real.”
The threats facing the utility industry continue to underscore one overwhelming principle. If you are connected to the Internet, you are vulnerable to attack. As Perimeter reported on recently, the Internet is a playground for opportunistic attackers. Any facility, network, or device with an Internet connection needs a robust cyber security policy in place to mitigate threats and ensure critical services are not affected.
Trackback from your site.