Hackers make news
Cyber threats to public and private computer networks are finally getting the attention of major media in the U.S. and around the world. Some control system hackers may only seek to cause mischief, but the damage can be significant, and the impact disruptive and unnerving. For example:
- This March, cnn.com reported on hackers who “operate from a bare apartment on a Chinese island. They are intelligent 20-somethings who seem harmless. But they are hard-core hackers who claim to have gained access to the world’s most sensitive sites, including the Pentagon.”
- Last September, a segment on CNN television depicted a hypothetical and controversial staged penetration of a utility control system by researchers “who launched an experimental cyber attack (and) caused a generator to self-destruct, alarming the federal government and [the electricity] industry about what might happen if such an attack were carried out on a larger scale.”
- This January, the UK-based online IT publication The Register and the British newspaper The Telegraph reported on a Polish teenager who allegedly turned the tram system of the city of Lodz into his own personal train set, triggering chaos and derailing four vehicles in the process. Twelve people were injured in one of the incidents. The 14-year-old modified a TV remote control so it could be used to change track switches. Local police said the youngster trespassed in tram depots to gather the information he needed. The teenager told police that he modified the track settings as a prank.
More than just child’s play
Regulatory bodies now recognize the urgency of neutralizing the threat to the nation’s industrial infrastructure that hackers represent. With control system networks increasingly seen as vulnerable to much more than mischief, public and governmental concerns about the risks of cyber-warfare and cyber-terrorism attacks are growing.
On the U.S. electric power grid, a large number of supervisory control and data acquisition (SCADA) systems are clearly mission-critical. Accordingly, any SCADA-targeted cyber attacks could, in a worst-case scenario, directly or indirectly cause great financial damage through loss or theft of data, actual physical destruction, or even loss of life. In some cases, control systems actually become more vulnerable when they are integrated with TCP/IP networks and applications. And although security solutions and standards have been proposed, in many cases they either include traditional IT security measures that are not compatible with legacy control systems or leave important aspects unaddressed.
To address these vulnerabilities, utilities need to establish an “electronic security perimeter” around their control system networks. Such a perimeter would use advanced data encryption, device and user authentications, defenses against unauthorized dial-up modems, and centralized security monitoring to thwart potential cyber attacks. From a technical standpoint, the perimeter and its supporting framework should have minimal latency and centralized control and management features that meet the power industry’s security needs over both the short and long term.
Email
Comments
Print
Reuse
