http://www.forbes.com/technology/2008/05/22/cyberwar-breach-government-tech-security_cx_ag_0521cyber.html By Andy Greenberg Forbes.com 05.22.08 Last June, the Department of Homeland Security leaked a video documenting a disturbing experiment. Using only digital means, researchers hacked into a power plant's generator and caused it to cough and shake before shutting down in a cloud of black smoke. That clip, demonstrating what has since become known as the Aurora vulnerability, served as a wake-up call for regulators, highlighting the need to guard against cyber-security threats to critical infrastructure like power plants and the telecom system. But at a hearing Wednesday, members of the House Committee on Homeland Security warned that those regulatory bodies aren't moving fast enough. "I think we could search far and wide and not find a more disorganized response to a national security issue of this import," said Rep. James Langevin (D-R.I.), chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology. He pointed a finger to several groups: the DHS for giving scanty details of its video-taped simulation; the power industry for working too slowly to mitigate the threat; and the North American Electric Reliability Corporation, an industry group, for failing in its role as the self-regulatory body assigned to ensure a consistent national power supply. "Everything about the way this vulnerability was handled . leaves me with little confidence that we're ready or willing to deal with the cyber security threat," he said. The House's criticisms focused primarily on the electric utility industry group, NERC. They argued that the advisories issued by NERC are ineffective and that it has repeatedly misled the House in its investigation of the Aurora vulnerability. Rep. Bill Pascrell (D-N.J.) recalled that in a subcommittee hearing last October on the Aurora vulnerability, a NERC representative told him that 75% of the nation's power plants had made progress in securing their systems against cyber threats. But when the subcommittee requested that survey, Pascrell said, it became clear that NERC had only performed the research two days after the subcommittee hearing. "You are not going to sit there and waste my time telling us you're doing the job you're supposed to do," Pascrell said. "Who do you think we are, a bunch of jerks?" [...] _______________________________________________ Attend Black Hat USA, August 2-7 in Las Vegas, the world's premier technical event for ICT security experts. Featuring 40 hands-on training courses and 80 Briefings presentations with lots of new content and new tools. Network with 4,000 delegates from 50 nations. Visit product displays by 30 top sponsors in a relaxed setting. http://www.blackhat.com
This archive was generated by hypermail 2.1.3 : Mon May 26 2008 - 23:23:48 PDT