Forwarded from: William Knowles <wk@private> http://www.washingtonpost.com/wp-dyn/articles/A62990-2003Nov19.html By Brian Krebs washingtonpost.com Staff Writer November 19, 2003 There is no evidence that the blackout that struck the northeastern United States and southern Canada on August 14 was caused by hackers, but the power grid's reliance on the Internet makes it vulnerable to potentially devastating online attacks, according to a report issued Wednesday. The U.S.-Canada Power System Outage Task Force concluded that the blackout was due to a combination of factors, including computer failures, human error, power grid rule violations and inadequate maintenance by FirstEnergy Corp., the Akron-based power company that serves northern Ohio. The task force said "analysis to date provides no evidence that malicious actors are responsible for, or contributed to, the outage." But the report noted that utilities are increasingly connecting their internal control systems to the global Internet to more easily monitor their networks from remote locations, a practice that exposes systems to a range of security risks. The largest North American blackout in history took place two days after the "Blaster" worm infected hundreds of thousands of computers worldwide, leading some computer security experts to speculate that the malicious computer program caused or contributed to the power failure. Such speculation was driven, in part, by the fact that the "Slammer" worm crashed computers at FirstEnergy's Davis-Besse nuclear power plant when it spread across the Internet in late January. In June 2002, Washington Post reporter Barton Gellman reported that U.S. government security officials were growing concerned that terrorists would try to hijack vulnerable computer systems at utilities, dams and other infrastructure targets in hopes of causing widespread destruction. Officials told Gellman that they had monitored Internet traffic from East Asia and the Middle East that was directed at critical infrastructure systems, activity that was interpreted to be terrorists researching potential targets. Utilities have long been targeted by hackers, according to Alexandria, Va.-based network security firm Riptech (now a unit of Symantec Corp.). Riptech said that its power and energy clients were targeted far more than any other industry sector last year: 70 percent of power and energy companies suffered at least one severe attack during the first six months of 2002, a 77 percent increase over the previous year. Joseph Weiss, a consultant at Fairfax, Va.-based KEMA Consulting, said most U.S. power facilities now use some form of commercially available products to remotely monitor and control their distant networks and facilities. Yet, the vast majority of the nation's power plants and substations do not have the technology in place to detect electronic intrusions, Weiss said. "These systems are being networked over the Web because the power companies want the information from various facilities in real time," Weiss said. "And that's starting to make them a lot more vulnerable than they were in the past." Many of the back-end systems that control the physical switches in power plants are the very same products used in other industrial infrastructures, including water, oil and gas, chemical and metal refining, paper, pharmaceuticals, and food and beverage production, Weiss said. "That means if one of them is vulnerable, all of them probably are," he said. The U.S.-Canada report concluded that the generation and delivery of electricity remains a target of people intent on disrupting the electric power system. *==============================================================* "Communications without intelligence is noise; Intelligence without communications is irrelevant." Gen Alfred. M. Gray, USMC ---------------------------------------------------------------- C4I.org - Computer Security, & Intelligence - http://www.c4i.org ================================================================ Help C4I.org with a donation: http://www.c4i.org/contribute.html *==============================================================* - ISN is currently hosted by Attrition.org To unsubscribe email majordomo@private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Nov 20 2003 - 01:59:52 PST