Internet Security Industry News
Blackout prompts worries about cyber attack
August 19, 2003
The electric power grid might be more vulnerable to a cyberattack today than it was on Sept. 11, 2001. Officials doubt last week's massive blackout was caused by a terrorist or domestic hacker breaking into an electric power system via the Internet.
Yet, the incident again brought to the forefront concerns that such an attack is possible. "This power infrastructure is all Band-Aids and baling wire. And, of course, it's all dependent on computers," says Peter Neumann of research firm SRI International. "This stuff is riddled with security and reliability flaws." The electric industry is concerned enough that on Wednesday — one day before the blackout — the North American Electric Reliability Council (NERC) adopted the industry's first-ever cybersecurity standard. It outlines 16 things that utilities should do to protect themselves.
"Some companies have gone well beyond this. Some have to catch up," says Lynn Constantini, NERC's chief information officer. Yet, because the grid is so interconnected, experts note, companies that must catch up put the whole system at risk. "Most computer networks are only as good as the weakest point," says Ramnath Chellappa, computer business professor at the University of Southern California. As the blackout illustrated, if a hacker could break into one undefended piece of the system, the effects could cascade through the grid.
Some security and energy experts say developments in the past two years actually increase the grid's vulnerability. Among those:
1) Worries about Supervisory Control and Data Acquisition (SCADA) systems. Such systems control critical functions in many industrial settings, such as chemical processing and water filtration. They also control the flow of electricity in many power company systems, and are often connected to the Internet so managers can monitor them, collect data and manipulate them from afar. A hacker might not be able to breach a utility's protected central computer but might be able to get into a SCADA system. The energy industry has opened its systems "to a vast array of cyberdisruptions by creating inadvertent Internet links (both physical and wireless) between their corporate networks and (SCADA) systems," writes Dan Verton in his new book Black Ice: The Invisible Threat of Cyber-Terrorism.
2) Competitive pressures on power companies have increased. Since Sept. 11, utilities are two years deeper into deregulation. Verton points out that as utility managers focus on reducing costs, they increasingly use the Internet, just like managers in any industry. That can create more pathways into the power system, or make it possible for a one password to open access to more functions, experts say.
3) A study by security company Riptech found that in the six months after the Sept. 11 terrorist attacks, energy companies were cyberattacked at twice the rate of other industries surveyed. The problems won't go away if the power industry hastily patches the grid to get power back on. Instead, the industry needs to update the system to make it robust enough to survive any problem. "There's a tremendous opportunity here," SRI's Neumann says.
Source: Silicon Valley.com
You can link to the
Internet Security web site as
much as you like. Read our section on how your company can participate in our
reciprocal link exchange program
and increase your rankings
in the major search engines such as
Site optimized by Pagina+™
Powered by Sun Hosting
Search engine keywords by Rank for Sales
Development platform by My Web Services
Internet Security.ca is listed in
Global Business Listing