Skip Links

A laundry list of power industry incidents to learn from

Security Strategies Alert By M. E. Kabay, Network World
September 22, 2010 12:03 AM ET
Sign up for this newsletter now!

The long view of security strategies for your network.

In this seventh article in a series focusing on the need for improved information assurance and cyber situational awareness in the electric power industry, we continue a survey of government and industry consensus about the need for increased security of SCADA systems in the power industry.

2003 US Infrastructure Still Vulnerable to Cyber Attack

The DHS Daily Open Source Infrastructure Report for May 16, 2003 included the following item:

The United States remains ill-prepared to defend against a strike on the nation's critical computer systems because of slow-moving federal research efforts, members of Congress said Wednesday [May 14, 2003]. "The nation quite simply has been under-investing woefully in cyber security R&D," said Rep. Sherwood Boehlert (R-NY), chair of the House Science Committee…. Terrorism experts fear attacks on computer systems that operate electricity grids, phone systems or other critical infrastructure as part of a terrorist strike.[1]

2004 Cyberterror Impact, Defense Under Scrutiny

The DHS Daily Open Source Infrastructure Report for Aug. 4, 2004 included the following item summarizing work by Jon Swartz of USA TODAY:

A coordinated cyberattack against the U.S. could topple parts of the Internet, silence communications and commerce, and paralyze federal agencies and businesses, government officials and security experts warn. Such an attack could disrupt millions of dollars in financial transactions, hang up air traffic control systems, deny access to emergency 911 services, shut down water supplies and interrupt power supplies to millions of homes, security experts say. But from whom the attacks would come is unclear. Intelligence shows al Qaeda is more fixated on physical threats than electronic ones, government officials and cybersecurity experts say.… More than two dozen countries, including China and Russia, have developed "asymmetrical warfare" strategies targeting holes in U.S. computer systems. Because of U.S. military firepower, those countries see electronic warfare as their best way to pierce U.S. defenses, military experts say.[2]

2005 Security Expert: More Sophisticated Cyber Attacks Likely

A DHS Open Source Infrastructure Report for Nov. 29, 2005 summarized an article by Grant Gross published in Network World:

The cyber attacks of recent years have been relatively unsophisticated and inexpensive compared to the potential of organized attacks, a cybersecurity expert said Tuesday, Nov. 29. Organized attacks by teams of hackers that have members with expertise in business functions and processes – as well the rudimentary access and coding expertise that many current attackers have – could have a huge impact on a nation's economy, said Scott Borg, director of the U.S. Cyber Consequences Unit…. "We will probably see terrorist groups, criminal organizations putting together combinations of talent," Borg said….

While past cyber attacks have done relatively small amounts of damage, coordinated attacks on important targets such as the U.S. electrical grid, the banking and finance industry, or the telecommunications and Internet industries could potentially cause many billions of dollars in damage, he said. Most viruses and worms knock out company networks for two or three days at most, but costs would multiply quickly for any coordinated attack on a critical U.S. industry that knocked out service for more than three days, said Borg, an economist.[3]

M. E. Kabay, PhD, CISSP-ISSMP, specializes in security and operations management consulting services and teaching. He is Chief Technical Officer of Adaptive Cyber Security Instruments, Inc. and Associate Professor of Information Assurance in the School of Business and Management at Norwich University. Visit his Web site for white papers and course materials.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News