Ageing Energy Systems Hold Huge Potential For Cyber Attack

The digital systems that run the electricity grid, gas pipelines and other critical infrastructure in the US have 25 years’ worth of fundamental weaknesses to hacking that need fixing.

That’s a main finding in a report from MIT’s Internet Policy Research Initiative by a former National Security Agency inspector general, Joel Brenner, with input from industry experts.

“Controls on an oil pipeline can use the same hardware as your teenager’s computer,” says Brenner. Suppliers make the most profit by selling general hardware components that have various uses, but they have security flaws. “We know how to fix the vulnerabilities, but there’s no market incentive for companies to do so,” he says.

Around 85 per cent of critical infrastructure in the US is privately owned, so the report says the Trump administration could offer tax breaks to companies that improve their security. That way there would be greater financial value in choosing more secure hardware.

The report also proposes a mandatory minimum security standard for critical infrastructure components. “In the US, we have a body that will tell you if the cord on your toaster is safe to use, but there is no comparable body to say, for example, if a controller on a pipeline is safe,” says Brenner.

Isolation Drive

Key parts of the digital systems should be isolated from the main network to make them less susceptible to attacks from hackers, the report suggests.

Alongside incentives, regulation and penalties could help improve critical infrastructure cyber-security, but they will only be useful for the worst offenders, says Eric Johnson at Vanderbilt University in Tennessee. “While regulation with penalties can help the really poor firms, providing incentives will have the biggest overall impact.”

Another way to boost cyber-security is to improve the sharing of information between firms about the latest threats, the report says. This should be a “cornerstone” for cyber-security initiatives, says Raghav Rao at the University of Texas.

But fixing all the weaknesses in the digital systems that control critical US infrastructure will require a coordinated, long-term effort. “We’ve taken 25 years to get into this predicament. We’re not going to get out of it overnight,” says Brenner.

New Scientist

You Might Also Read:

Malware Targeting Energy Companies:

Infrastructure Security in the Age of Ransomware:

Air Gapping Critical Process Control Networks:

 

« WikiLeaks Has Published The CIA’s Secrets For Infecting Windows
Cyber War Calls For A New Look US Soldier »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Sigma Payment Solutions

Sigma Payment Solutions

Sigma Payment Solutions offers a comprehensive suite of automated payment processing services, solutions, and technology to businesses in the USA.

DocAuthority

DocAuthority

DocAuthority automatically discovers and accurately identifies unprotected, sensitive documents, enabling a broad yet business-friendly security policy.

RedLock

RedLock

The RedLock Cloud 360TM platform correlates disparate security data sets to provide a unified view of risks across fragmented cloud environments.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

Torsion Information Security

Torsion Information Security

Torsion is an innovative information security and compliance engine, which runs either in the cloud or your data centre.

Lepide

Lepide

LepideAuditor is a powerful Data Security Platform that enables you to reduce risk, prevent data breaches and prove regulatory compliance.

Garner Products

Garner Products

Garner design, manufacture, and sell equipment that delivers complete, permanent, and verifiable data elimination.

ACROS Security

ACROS Security

ACROS Security is a leading provider of security research, real penetration testing and code review for customers with the highest security requirements.

QI ANXIN Technology Group

QI ANXIN Technology Group

QI ANXIN specializes in serving the cybersecurity market by offering next generation enterprise-class cybersecurity products and services to government and businesses.

Keyless Technologies

Keyless Technologies

Simple, secure, and interoperable authentication. Keyless offers unmatched security, privacy and usability, while reducing risk and infrastructure costs.

Saepio Solutions

Saepio Solutions

Saepio promote an all-encompassing approach to cybersecurity, ensuring the appropriate balance of budget and resource across Policy, Product and People.

Matrium Technologies

Matrium Technologies

Matrium Technologies has been a leading provider of technology solutions since 1991, with a strong industry background in Network Testing, Network Visibility and Security.

FINX Capital

FINX Capital

FINX strives to solve the cybersecurity issues with its proprietary technolog, FINX SHIELD, by utilizing big data, blockchain combined with artificial intelligence.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

Triangle

Triangle

Triangle enable innovative business transformation by ensuring critical hybrid infrastructures are optimised, interoperable and secure.

EasySec Solutions

EasySec Solutions

EasySec Solutions provides a cyber-security platform, based on a combination of the zero trust model and the software-defined security management.