Ageing Energy Systems Hold Huge Potential For Cyber Attack

Uploaded on 2017-04-18 in NEWS-News Analysis, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

The digital systems that run the electricity grid, gas pipelines and other critical infrastructure in the US have 25 years’ worth of fundamental weaknesses to hacking that need fixing.

That’s a main finding in a report from MIT’s Internet Policy Research Initiative by a former National Security Agency inspector general, Joel Brenner, with input from industry experts.

“Controls on an oil pipeline can use the same hardware as your teenager’s computer,” says Brenner. Suppliers make the most profit by selling general hardware components that have various uses, but they have security flaws. “We know how to fix the vulnerabilities, but there’s no market incentive for companies to do so,” he says.

Around 85 per cent of critical infrastructure in the US is privately owned, so the report says the Trump administration could offer tax breaks to companies that improve their security. That way there would be greater financial value in choosing more secure hardware.

The report also proposes a mandatory minimum security standard for critical infrastructure components. “In the US, we have a body that will tell you if the cord on your toaster is safe to use, but there is no comparable body to say, for example, if a controller on a pipeline is safe,” says Brenner.

Isolation Drive

Key parts of the digital systems should be isolated from the main network to make them less susceptible to attacks from hackers, the report suggests.

Alongside incentives, regulation and penalties could help improve critical infrastructure cyber-security, but they will only be useful for the worst offenders, says Eric Johnson at Vanderbilt University in Tennessee. “While regulation with penalties can help the really poor firms, providing incentives will have the biggest overall impact.”

Another way to boost cyber-security is to improve the sharing of information between firms about the latest threats, the report says. This should be a “cornerstone” for cyber-security initiatives, says Raghav Rao at the University of Texas.

But fixing all the weaknesses in the digital systems that control critical US infrastructure will require a coordinated, long-term effort. “We’ve taken 25 years to get into this predicament. We’re not going to get out of it overnight,” says Brenner.

New Scientist

You Might Also Read:

Malware Targeting Energy Companies:

Infrastructure Security in the Age of Ransomware:

Air Gapping Critical Process Control Networks:

 

« WikiLeaks Has Published The CIA’s Secrets For Infecting Windows
Cyber War Calls For A New Look US Soldier »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

Beyond Security

Beyond Security

Beyond Security is a leader in automated vulnerability assessment and compliance solutions - enabling customers to accurately assess and manage security weaknesses in their networks and applications.

Netsparker

Netsparker

Netsparker provide a web application security scanner to automatically find security flaws in your websites, web applications and web services.

Opscura

Opscura

Opscura (formerly Enigmedia) brings the reliable and cautious hands of operations together with the analytical minds of cyber experts and cryptography researchers.

Centre for Development of Advanced Computing (C-DAC)

Centre for Development of Advanced Computing (C-DAC)

C-DAC is the premier R&D organization of the indian Ministry of Electronics & Information Technology. Areas of research include cyber security.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Idaho National Laboratory (INL)

Idaho National Laboratory (INL)

INL is an applied engineering laboratory dedicated to supporting the US Dept of Energy's missions in energy research, nuclear science and national defense including critical infrastructure protection.

CounterCraft

CounterCraft

The CounterCraft Cyber Deception Platform fits seamlessly into existing security strategies and delivers high-end deception for threat hunting and threat detection.

CloudSEK

CloudSEK

CloudSEK has set its sights on building the world’s fastest and most reliable AI technology, that identifies and resolves digital threats.

United Network Technologies

United Network Technologies

United Network Technologies is a leading Managed Services Provider, distributor and developer of specialised cyber security components and technologies.

White Cloud Security

White Cloud Security

White Cloud is a cloud-based Application Trust-Listing security service that prevents unauthorized programs from running on your computers.

Norma Inc.

Norma Inc.

Norma provides the secured wireless environment (WiFi and Bluetooth) with the unauthorized AP detection, and secures your IoT assets from various threats.

Antares NetlogiX

Antares NetlogiX

Antares Netlogix are a leading Austrian service provider for IT security, critical infrastructures and managed security services.

Campus cyber

Campus cyber

A project initiated by the President of the Republic, the Cyber Campus is the totem site of cybersecurity that brings together the main national and international players in the field.

Wavenet

Wavenet

Wavenet has grown from simple beginnings to become one of the UK’s market leaders in unified communications, business telephony, and Cyber Security solutions.

Cyrex

Cyrex

Cyrex is a Web3 security and development company. Our mastery over decentralized applications, smart contracts and blockchain will keep you secure across Web3.