| Submit your comments on this article |
| Home Front: WoT |
| CIA: Cyberattacks have led to blackouts in multiple cities |
| 2008-01-19 |
| The CIA on Friday admitted that cyberattacks have caused at least one power outage affecting multiple cities outside the United States. Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities. Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." Information about which foreign cities were affected by the outage and other information related to the attack was not mentioned and is unlikely to be forthcoming, said Paller. A call to the CIA asking for further comment was not immediately returned. Donahue said that the CIA had thoroughly weighed the pros and cons of making this information public, according to Paller. The prospect of cyberattacks crippling multicity regions appears to have prompted the government to make this information public. The issue "went from 'we should be concerned about to this' to 'this is something we should fix now,' " said Paller. "That's why, I think, the government decided to disclose this." The delegates at the meeting were sharing data about cyberattacks on critical utilities and resources, and methods of attack mitigation. One topic of discussion was the new SCADA and Control Systems Survival Kit, a document of best practices for SCADA systems. SCADA stands for Supervisory Control And Data Acquisition and refers to devices that control critical infrastructure like power generators, traffic signals, and dams. The security of SCADA systems has been a concern among federal officials for years. In San Francisco on Thursday, following a private screening of the new documentary The New Face Of Cybercrime, Howard Schmidt, a former Microsoft (NSDQ: MSFT) executive and government cybersecurity adviser, mentioned ongoing concerns about the vulnerabilities of SCADA systems and noted that 85% of the U.S. critical infrastructure is controlled by the private sector. "No one should be minimizing this issue," he said. Citing two Government Accountability Office reports on SCADA security, Paller said that people have been adding wireless and Windows to SCADA systems without really thinking about security. "They're gotten radically unsafe," he said. |
| Posted by:lotp |
| #6 Adding Windows to Scada systems isn't an issue: I am aware of one vendor who does an excellent job in this respect because they made two key design decisions: Clients use Windows. Servers use the Command Line Subsystem. Think about it. Clients are transients, so if the GUI goes belly up, no great deal. Servers run in probably the most stable, bug free windows subsystem after the scheduling kernel, mainly because the glamor is in the GUI so nobody's bothering to add anything new (ergo buggy) to the CLI. This allows the bugs to be quashed with no new ones introduced by new features. |
| Posted by: Ptah 2008-01-19 16:19 |
| #5 but rather |
| Posted by: lotp 2008-01-19 15:54 |
| #4 The issue isn't govt control of SCADA systems, but rather than their dispersal in industry means that there is a distressingly wide range of security etc. expertise being applied to them right now. And for older industries that often does include internet access, implemented by techies to make monitoring easier. Not to mention for e.g. load sharing during peak energy draw periods. Lots and lots of focus has been going into security monitoring and risks for US SCADA. Most visible face of that activity is the I3P Consortium. |
| Posted by: lotp 2008-01-19 15:53 |
| #3 Howard Schmidt, a former Microsoft (NSDQ: MSFT) executive and government cybersecurity adviser, mentioned ongoing concerns about the vulnerabilities of SCADA systems and noted that 85% of the U.S. critical infrastructure is controlled by the private sector. "No one should be minimizing this issue," he said. Yes - let's centralize the problem under government control. Let's get all the battleships in a line, and park all the planes wingtip to wingtip on the tarmac. The phrase chrome-dome comes to mind. Then again, what did Twain say about eggs and baskets? |
| Posted by: Halliburton - Hyperbolic Idiot Detection Service 2008-01-19 15:42 |
| #2 This story irritates me, why in the WORLD would you have a SCADA system connected to the internet? Where I work, we keep our SCADA type systems air-gapped, they don't even touch our production LAN.It isn't about using Windows systems, it's about a lack of control and good management processes. One other point that none of the IT pundits mention is that, yes our SCADA systems are at risk but no mention is made about the SCADA systems in Russia, China, et. al. |
| Posted by: djh_usmc 2008-01-19 15:16 |
| #1 insider info? Of course! |
| Posted by: Frank G 2008-01-19 15:10 |