FBI Say ISIS Is Going After US Vulnerabilities

Uploaded on 2015-10-30 in GOVERNMENT-Law Enforcement, GOVERNMENT-Defence, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy, NEWS-Cybersecurity News, TECHNOLOGY--Hackers

ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country's energy supply, CNN Money reports.

Law-enforcement officials shared the information about attempted cyberattacks at a conference on October 14 with American energy firms about potential national-security issues.
"Strong intent. Thankfully, low capability," John Riggi, a section chief in the FBI's cyber division, told CNN about ISIS' hacking attempts.
"But the concern is that they'll buy that capability."
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.
Because of the size and complexity of America's utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities.
A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level because of the large number of various providers and their own infrastructure and networks.
 
"Hackers can't take down the entire, or even a widespread portion of the US electric grid," Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. "From a logistical standpoint, this would be far too difficult to realistically pull off — and it's not what we should be devoting our attention to.
"What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level."
The likeliest outcome of a cyberattack against US infrastructure, Pollet contends, is "localized disruptions in service — not a widespread outage."
"It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country," he writes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyberattack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
"They'd love to do damage, but they just don't have the capability," Mark Lemery, the critical infrastructure protection coordinator for Utah, told CNN. "Terrorists have not gotten to the point where they're causing physical damage."
BusinessInsider: http://bit.ly/1jQAbR3

« Israel: The Cyber Power
China Still Hacking US Firms Despite Xi’s Vow »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

Kirkland & Ellis

Kirkland & Ellis

Kirkland & Ellis LLP is an international law firm with offices in the USA, Europe and Asia. Practice areas include Data Security & Privacy.

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT (CSP-CERT)

Cybersecurity Philippines CERT is the national Computer Emergency Response Team for the Philippines.

Cyacomb

Cyacomb

Cyacomb (formerly Cyan Forensics) provides digital forensics software to help police forces find evidence on computers many times faster than before.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Finnish Accreditation Service (FINAS)

Finnish Accreditation Service (FINAS)

FINAS is the national accreditation body for Finland. The directory of members provides details of organisations offering certification services for ISO 27001.

CYRail

CYRail

CYRail project will analyse threats targeting Railway infrastructures and develop innovative attack detection and alerting techniques.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

Threat Status

Threat Status

Threat Status are a Threat Intelligence company. We are the developers of Trillion. A cloud based Security As A Service (SaaS) platform.

TechBase

TechBase

TechBase is an innovation and start-up center offering technology-oriented start-ups optimal conditions for successful business development.

Eureka Security

Eureka Security

Eureka help organizations securely use any cloud data storage technology they need without having to compromise on security.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

RightSec

RightSec

RightSec is an emerging market leader and solution provider for cybersecurity and digital resiliency. We provide end to end solutions to suit your specific business lifecycle.

CyberKinetics

CyberKinetics

CyberKinetics specializes in cloud-based services and solutions for federal agencies and commercial clients with compliance mandates.

A&O Shearman

A&O Shearman

A&O Shearman is a law firm at the forefront of the forces changing the current of global business: energy transition, life sciences, technology, private capital, finance and beyond.

TekStream Solutions

TekStream Solutions

TekStream accelerates clients’ digital transformation by navigating complex technology environments with a combination of technical expertise and staffing solutions.