[ISN] CIA official: North American power company systems hacked

From: InfoSec News (alerts@private)
Date: Mon Jan 21 2008 - 22:09:59 PST


http://www.govexec.com/dailyfed/0108/011808j1.htm

By Jill R. Aitoro 
Govexec.com
January 18, 2008  

Hackers have targeted computers that operate power companies worldwide, 
causing at least one widespread electricity outage, a Central 
Intelligence Agency senior analyst told North American government and 
public works representatives in New Orleans this week.

The SANS Institute, a nonprofit cybersecurity research organization in 
Bethesda, Md., planned to release a report late Friday quoting CIA 
senior analyst Tom Donohue, who spoke Jan. 16 to 300 government 
officials, engineers and security managers from electric, water, oil and 
gas, and other utility companies based in the United States, United 
Kingdom, Sweden and Netherlands.

"We have information, from multiple regions outside the United States, 
of cyber intrusions into utilities, followed by extortion demands," 
Donohue said at the SCADA 2008 Control System Security Summit in New 
Orleans. SCADA stands for Supervisory Control and Data Acquisition, and 
generally refers to the systems that control critical U.S. 
infrastructure.

"We suspect, but cannot confirm, that some of these attackers had the 
benefit of inside knowledge," he said. "We have information that 
cyberattacks have been used to disrupt power equipment in several 
regions outside the United States. In at least one case, the disruption 
caused a power outage affecting multiple cities. We do not know who 
executed these attacks or why, but all involved intrusions through the 
Internet."

The news comes only three months after a congressional hearing that 
determined regulations to protect the control systems that support power 
plants in the United States pose a serious threat to the electricity 
infrastructure and national security.

The threat of cyberattacks on public utilities is a top concern for the 
Homeland Security Department, which works closely with the Multi-State 
Information Sharing and Analysis Center, or MS-ISAC, to provide a 
central resource for gathering and sharing information from state and 
local governments on cyber threats to critical infrastructure.

DHS is working with utilities and other companies that operate the 
nation's critical infrastructure, such as transportation and 
telecommunications companies, to develop a plan to respond to 
cyberattacks that could affect private sector computer networks. In 
2006, DHS held the first national cyber exercise to determine how the 
federal government and corporations running the nation's infrastructure 
would respond to a cyberattack. Security experts criticized the exercise 
for not determining basic procedures, such as whether the federal 
government or the private sector was in charge of issuing responses.

Congress also has expressed concern over the cybersecurity of utility 
companies. In October, the House Homeland Security Subcommittee on 
Emerging Threats, Cybersecurity, and Science and Technology held a 
hearing prompted by a simulation that highlighted vulnerabilities in the 
computer networks that run water, power and chemical plants. In the 
test, conducted last March, researchers from the Idaho National 
Laboratories simulated a cyberattack on a power plant's control system 
that caused a generator to self-destruct.

Government and industry experts who testified at the hearing cited flaws 
in regulations set by the North American Electric Reliability 
Corporation, which is charged with improving the reliability and 
security of the bulk of the power systems in North America through the 
development and enforcement of reliability standards. Recognizing 
weaknesses in these standards, the National Institute of Standards and 
Technology released recommendations of its own for the IT security of 
networked digital control systems used in industrial applications.


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Mon Jan 21 2008 - 22:26:35 PST