US Critical Infrastructure Is At Cyber Risk

Uploaded on 2016-02-05 in BUSINESS-Production-Energy, BUSINESS-Production-Utilities, FREE TO VIEW, GOVERNMENT-National, TECHNOLOGY--Hackers

There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space.

But over the past decade there has been much less agreement over how much of a threat the hackers are.

On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.”

Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.”

Other experts argue just as forcefully that, while the threats are real and should be taken seriously the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt.

A recent example of that view was an op-ed in the Christian Science Monitor by C. Thomas, a strategist at Tenable Network Security, who uses the nickname Space Rogue.

He argued that the biggest threat to the US power grid or other industrial control systems (ICS) is not a skilled hacker, but squirrels. They, along with other small animals, “cause hundreds of power outages every year and yet the only confirmed infrastructure cyberattack that has resulted in physical damage that is publicly known is Stuxnet (a computer worm that destroyed centrifuges used in the Iranian nuclear program),” he wrote.

That theory was immediately disputed by other experts, including Thomas P M Barnett of Resilient who said the cold is much more frequent, but is much less of a threat than cancer – or as he put it, cancer is “low probability but far higher impact.”

Still, growing evidence of intrusions into the power grid and other critical infrastructure by hostile foreign nation states is enough to make even anti-FUD experts wonder about how “low-probability” a major attack is.

The Associated Press reported last month on security researcher Brian Wallace’s discovery that hackers had penetrated Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

While accurate attribution of attacks is notoriously difficult, digital evidence pointed to Iran. Wallace found that the hackers had already taken engineering drawings, some labeled “mission critical,” that were detailed enough to let the intruders, “knock out electricity flowing to millions of homes.”

And this was just one incident of about a dozen during the past decade in which, “sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on,” the AP said, quoting anonymous experts.

CSO: http://bit.ly/1OzrBAZ

« After The OPM Hack Security Clearances Will Now Be Done By The Pentagon
GCHQ Telephone Security Is 'open to surveillance' »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Continuity Shop

Continuity Shop

Continuity Shop provides training and consultancy in Business Continuity and Information Security to some of the world's biggest organisations.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

The Security Awareness Company (SAC)

The Security Awareness Company (SAC)

The Security Awareness Company provides cyber security awareness training programs for companies of all sizes.

SenseOn

SenseOn

SenseOn’s multiple threat-detection senses work together to detect malicious activity across an organisation’s entire digital estate, covering the gaps that single point solutions create.

Greenwave Systems

Greenwave Systems

Greenwave's AXON Platform enables IoT and M2M network service providers to address security, interoperability, flexibility and scalability from a single IoT platform.

Utility Cyber Security Forum

Utility Cyber Security Forum

The Utility Cyber Security Forum offers a focused venue in which utility executives can network one-on-one with colleagues facing issues in protecting against cyber attacks.

International Cybersecurity Institute (ICSI)

International Cybersecurity Institute (ICSI)

ICSI is a UK company offering specialized and accredited professional qualifications in cybersecurity for young IT graduates as well as mature professionals.

Fortress Information Security

Fortress Information Security

Fortress Information Security is one of the largest cyber security providers of supply chain risk management and vulnerability risk management in the US.

Finnish Security & Intelligence Service (SUPO)

Finnish Security & Intelligence Service (SUPO)

The Finnish Security and Intelligence Service is a government agency tasked with combating serious threats to national security in Finland.

Intrepid Solutions & Services

Intrepid Solutions & Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

Rayzone Group

Rayzone Group

Rayzone Group offers a wide range of Cyber Security solutions and services, providing hollistic protection suitable for both enterprises and National cyber security centers.

Flat6Labs

Flat6Labs

Flat6Labs is the MENA region’s leading seed and early stage venture capital firm, currently running the most renowned startup programs in the region.

Secora Consulting

Secora Consulting

Secora Consulting is a professional services company specialising in tailored cybersecurity assessments and cyber advisory services.

Schellman

Schellman

Schellman is a leading provider of attestation and compliance services.

NetRise

NetRise

NetRise was founded as a direct result of the many shortcomings currently in the device security market, specifically targeting the firmware of devices.

Standard Notes

Standard Notes

Standard Notes is a secure digital notes app that protects your notes and files with audited, industry-leading end-to-end encryption.

Defendis

Defendis

Defendis develops AI-powered cybersecurity solutions for Government Agencies, Banks, and Businesses, designed to helps them contain data leaks, minimise damage, and proactively hunt for new threats.

Advanced IT

Advanced IT

Reliable managed IT Security & support services that will help you take your business operations to the next level without breaking the bank!

RANE Network

RANE Network

RANE is a global risk intelligence company that provides critical insights and analysis to more efficiently anticipate, monitor, and respond to emerging threats.