Could cyber attackers cut off the power grid? The US says new 'connected' equipment is at risk - and 'there have been intrusions'
Utilities such as water supplies and the power grid face a rising number of cyber break-ins by attackers using sophisticated attacks.
Acting DHS Deputy Undersecretary Greg Schaffer said that industries are increasingly vulnerable to hackers and foreign agents due to 'connected' equipment - and 'there have been intrusions.'
Earlier this month, security researchers demonstrated that it was even possible to remotely 'open' jail cell doors if they were controlled using 'programmable logic controllers' - common automated controls.
The 'Stuxnet' worm - a sophisticated cyber attack on the Bushehr nuclear plant in Iran opened a new era of cyber-warfare. But nations such as the US are taking steps to defend themselves
'We are connecting equipment that has never been connected before to global networks,' Schaffer said. Hackers and perhaps foreign governments 'are knocking on the doors of these systems - there have been intrusions.'
According to the DHS, Control System Security Program cyber experts responded to 116 requests for assistance in 2010, and 342 so far this year. In response, the US government are building 'cyber defense' labs.
The Stuxnet attack on Iran's Bushehr nuclear plant - a computer 'worm' specifically written to attack industrial control systems - was proof that the software in many industrial plants was vulnerable to attack.
Since then,! there h as been increased interest in the idea - both from researchers, and from potential attackers.
A 'cyber defence' range of the sort used by the US and UK governments to 'test' networks for weaknesses. New US defence labs will test other defensive technologies
Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system. The former guard was sentenced to 110 months in prison in March.
U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
Before the test, he said, the notion of cyber warfare 'was mainly smoke and mirrors. But the Aurora tests showedthat, you know what? We have a new kind of weapon.'
Defence companies such as Northrop Grumman have pioneered the idea of 'cyber ranges' - high-end computers used by the US military and UK government that simulate an entire company's network and 'test' weaknesses in it.
Governments are often subject to thousands of attacks per month.
The nuclear power plant in Bushehr, southern Iran, which was the target of the Stuxnet worm. Even US utilities have been the target of 'intrusions'
A senior Homeland Security cyber official, who spoke on condition of anonymity because of the sensitivity of the topic, said the Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can't be patched.
Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.
The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.
Defense companies, though, are often much more open about the fact there are 'black' - secret, military - versions of their 'defensive' software and hardware. It is an open secret that these exist.
While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country's offensive cyber weapons capability. The U.S. is thought to be the world's leader in cyber warfare, both defensive and offensive.
Comments