Ageing Energy Systems Hold Huge Potential For Cyber Attack

Uploaded on 2017-04-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

The digital systems that run the electricity grid, gas pipelines and other critical infrastructure in the US have 25 years’ worth of fundamental weaknesses to hacking that need fixing.

That’s a main finding in a report from MIT’s Internet Policy Research Initiative by a former National Security Agency inspector general, Joel Brenner, with input from industry experts.

“Controls on an oil pipeline can use the same hardware as your teenager’s computer,” says Brenner. Suppliers make the most profit by selling general hardware components that have various uses, but they have security flaws. “We know how to fix the vulnerabilities, but there’s no market incentive for companies to do so,” he says.

Around 85 per cent of critical infrastructure in the US is privately owned, so the report says the Trump administration could offer tax breaks to companies that improve their security. That way there would be greater financial value in choosing more secure hardware.

The report also proposes a mandatory minimum security standard for critical infrastructure components. “In the US, we have a body that will tell you if the cord on your toaster is safe to use, but there is no comparable body to say, for example, if a controller on a pipeline is safe,” says Brenner.

Isolation Drive

Key parts of the digital systems should be isolated from the main network to make them less susceptible to attacks from hackers, the report suggests.

Alongside incentives, regulation and penalties could help improve critical infrastructure cyber-security, but they will only be useful for the worst offenders, says Eric Johnson at Vanderbilt University in Tennessee. “While regulation with penalties can help the really poor firms, providing incentives will have the biggest overall impact.”

Another way to boost cyber-security is to improve the sharing of information between firms about the latest threats, the report says. This should be a “cornerstone” for cyber-security initiatives, says Raghav Rao at the University of Texas.

But fixing all the weaknesses in the digital systems that control critical US infrastructure will require a coordinated, long-term effort. “We’ve taken 25 years to get into this predicament. We’re not going to get out of it overnight,” says Brenner.

New Scientist

You Might Also Read:

Malware Targeting Energy Companies:

Infrastructure Security in the Age of Ransomware:

Air Gapping Critical Process Control Networks:

 

« WikiLeaks Has Published The CIA’s Secrets For Infecting Windows
Cyber War Calls For A New Look US Soldier »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

SSLGURU

SSLGURU

SSLGURU bring all of the major SSL certificate vendors to one market place in order to create the world's largest SSL store with the most competitive prices.

Lumeta

Lumeta

Lumeta’s cyber situational awareness platform is the unmatched source for enterprise network infrastructure analytics and security monitoring for breach detection.

FinalCode

FinalCode

FinalCode offers a file encryption and file-based enterprise digital rights management (eDRM) platform.

qSkills

qSkills

QSkills is an independent training provider specialized high-quality IT and IT management training courses including IT security.

SCADAfence

SCADAfence

SCADAfence offers cutting edge cybersecurity solutions designed to ensure the operational continuity of industrial (ICS/SCADA) networks.

Intertrust Technologies

Intertrust Technologies

Intertrust Technologies is a software company specializing in trusted computing products and services.

Cybertron

Cybertron

Cybertron services include real-time monitoring and incident response and a cyber range for competency development.

Coalition

Coalition

Coalition combines comprehensive insurance and proprietary security tools to help businesses manage and mitigate cyber risk.

Information & eGovernment Authority (iGA) - Bahrain

Information & eGovernment Authority (iGA) - Bahrain

The Information & eGovernment Authority facilitates many services catering to different parts of the community within the IT sector in Bahrain including information security.

Cybersecurity Tech Accord

Cybersecurity Tech Accord

The Cybersecurity Tech Accord promotes a safer online world by fostering collaboration among global technology companies.

Clym

Clym

Clym is the data privacy platform that helps organisations meet their data protection obligations. Cookies, Consent, Requests, Policies and more are all managed in a secure and adaptive application.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

Department of Justice - Office of Cybercrime (DOJ-OOC) - Philippines

The Office of Cybercrime within the Philippines Department of Justice is the Central Authority in all matters relating to international mutual assistance and extradition for cybercrime.

Nubeva Technologies

Nubeva Technologies

Nubeva provide a breakthrough TLS Decrypt solution with Symmetric Key Intercept to gain the visibility needed to monitor and secure network traffic.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.

SysGroup

SysGroup

SysGroup is an award-winning managed IT services, cloud hosting, and IT consultancy provider.

Cyberoo

Cyberoo

We are Cyberoo, a European company specialized in Cybersecurity. We monitor your data security, leaving you free to focus on your business.