US Critical Infrastructure Is At Cyber Risk

Uploaded on 2016-02-05 in BUSINESS-Production-Energy, BUSINESS-Production-Utilities, FREE TO VIEW, GOVERNMENT-National, TECHNOLOGY--Hackers

There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space.

But over the past decade there has been much less agreement over how much of a threat the hackers are.

On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.”

Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.”

Other experts argue just as forcefully that, while the threats are real and should be taken seriously the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt.

A recent example of that view was an op-ed in the Christian Science Monitor by C. Thomas, a strategist at Tenable Network Security, who uses the nickname Space Rogue.

He argued that the biggest threat to the US power grid or other industrial control systems (ICS) is not a skilled hacker, but squirrels. They, along with other small animals, “cause hundreds of power outages every year and yet the only confirmed infrastructure cyberattack that has resulted in physical damage that is publicly known is Stuxnet (a computer worm that destroyed centrifuges used in the Iranian nuclear program),” he wrote.

That theory was immediately disputed by other experts, including Thomas P M Barnett of Resilient who said the cold is much more frequent, but is much less of a threat than cancer – or as he put it, cancer is “low probability but far higher impact.”

Still, growing evidence of intrusions into the power grid and other critical infrastructure by hostile foreign nation states is enough to make even anti-FUD experts wonder about how “low-probability” a major attack is.

The Associated Press reported last month on security researcher Brian Wallace’s discovery that hackers had penetrated Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

While accurate attribution of attacks is notoriously difficult, digital evidence pointed to Iran. Wallace found that the hackers had already taken engineering drawings, some labeled “mission critical,” that were detailed enough to let the intruders, “knock out electricity flowing to millions of homes.”

And this was just one incident of about a dozen during the past decade in which, “sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on,” the AP said, quoting anonymous experts.

CSO: http://bit.ly/1OzrBAZ

« After The OPM Hack Security Clearances Will Now Be Done By The Pentagon
GCHQ Telephone Security Is 'open to surveillance' »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ACIS Professional Center

ACIS Professional Center

ACIS provides training and consulting services in the area of information technology, cybersecurity, IT Governance, IT Service management, information security and business continuity management.

Lantronix

Lantronix

Lantronix is a global provider of secure data access and management solutions for Internet of Things (IoT) and information technology assets.

RU-CERT

RU-CERT

RU-CERT is the CSIRT / CERT team of the Russian Federation.

Intland Software

Intland Software

Intland offer an integrated Application Lifecycle Management platform that offers all-round Requirements, Development, and Testing & Quality Assurance functionality.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Uniscon

Uniscon

Uniscon is a leading provider of cloud security solutions in Europe.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Intrasoft International

Intrasoft International

Intrasoft International is a leading European IT Solutions and Services Group offering a full range of IT services including Information Security.

TeachPrivacy

TeachPrivacy

TeachPrivacy provides computer-based privacy and data security training that is engaging, memorable, and understandable.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Blok Cyber Security

Blok Cyber Security

Blok provide small businesses and sole traders, with affordable, managed Cyber Security Packages that offer immediate protection and peace of mind.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

D.med Software

D.med Software

D.med Software is a company with a focus on cybersecurity for embedded software and cloud applications for the medical industry.

Nokod Security

Nokod Security

Nokod Security delivers an application security platform for low-code / no-code custom applications and Robotic Process Automation (RPA).

Methods

Methods

Methods is the leading digital transformation partner for the UK public sector. We care deeply about making our public services better and have been doing this for over 28 years.