[ISN] U.S. energy network seen vulnerable to hackers

From: InfoSec News (isnat_private)
Date: Thu Mar 06 2003 - 02:57:47 PST

  • Next message: InfoSec News: "[ISN] Security UPDATE, March 5, 2003"

    06 Mar 2003
    HOUSTON, March 5 (Reuters) - The U.S. energy network could be
    vulnerable to a hacker attack through its interlinked computer
    systems, causing heavy damage to the already weak economy, government
    and industry experts said on Wednesday.
    "The whole energy system is being run on a cyber system," Abbie Layne,
    project manager at the Department of Energy's National Energy
    Technology Laboratory, told an electricity industry conference in
    "You can do a lot of damage just through a quick strong strike to that
    cyber system," she said.
    A successful attack on computer networks that support the electricity
    system could have devastating economic impact if a "cascading"  
    shutdown hobbled the grid of power lines, possibly shutting off the
    lights in a region.
    "If we lose this infrastructure...we could have a lot of damage to our
    economy," Layne said.
    Energy industry experts believe that while a threat to oil tankers,
    pipelines or power plants remains a frightening prospect, there is no
    evidence those sites have been targeted.
    "To this point, there have been no specific threats to the industry,"  
    Gary Gardner, chief information officer at the American Gas
    Association, told the conference.
    Although manuals describing methods to attack natural gas systems were
    discovered by U.S. forces during raids on suspected Taliban and al
    Qaeda bases in Afghanistan, Gardner said the industry did not believe
    a violent attack against an energy installation was the most likely
    Security for power plants, oil refineries and the vast network of
    natural gas and oil pipelines comes under the jurisdiction of a former
    Department of Energy unit that was recently moved to the newly created
    Department of Homeland Security.
    Another Homeland Security division handles "cyber," or computer
    network, security, but that unit remains without a leader despite an
    extensive search, according to Harris Miller, a security expert and
    president of the industry umbrella group Information Technology
    Association of America.
    "There is nobody in the Department of Homeland Security in charge of
    cyber-security," Miller said. "It's a little scary."
    The energy sector does have some safeguards to prevent interlopers
    from gaining access to sensitive systems, Miller said, but it probably
    falls "in the middle of the pack" compared with other industries.
    Still, even the financial industry, which boasts the most secure
    networks, can be hit by hacker attacks, Miller said.
    In January, the "slammer worm" virus infiltrated financial companies'
    computers systems despite widely available preventive software, and
    last month hackers accessed about 8 million credit card numbers from a
    processing company.
    ISN is currently hosted by Attrition.org
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.

    This archive was generated by hypermail 2b30 : Thu Mar 06 2003 - 05:39:12 PST