Ageing Energy Systems Hold Huge Potential For Cyber Attack

Uploaded on 2017-04-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

The digital systems that run the electricity grid, gas pipelines and other critical infrastructure in the US have 25 years’ worth of fundamental weaknesses to hacking that need fixing.

That’s a main finding in a report from MIT’s Internet Policy Research Initiative by a former National Security Agency inspector general, Joel Brenner, with input from industry experts.

“Controls on an oil pipeline can use the same hardware as your teenager’s computer,” says Brenner. Suppliers make the most profit by selling general hardware components that have various uses, but they have security flaws. “We know how to fix the vulnerabilities, but there’s no market incentive for companies to do so,” he says.

Around 85 per cent of critical infrastructure in the US is privately owned, so the report says the Trump administration could offer tax breaks to companies that improve their security. That way there would be greater financial value in choosing more secure hardware.

The report also proposes a mandatory minimum security standard for critical infrastructure components. “In the US, we have a body that will tell you if the cord on your toaster is safe to use, but there is no comparable body to say, for example, if a controller on a pipeline is safe,” says Brenner.

Isolation Drive

Key parts of the digital systems should be isolated from the main network to make them less susceptible to attacks from hackers, the report suggests.

Alongside incentives, regulation and penalties could help improve critical infrastructure cyber-security, but they will only be useful for the worst offenders, says Eric Johnson at Vanderbilt University in Tennessee. “While regulation with penalties can help the really poor firms, providing incentives will have the biggest overall impact.”

Another way to boost cyber-security is to improve the sharing of information between firms about the latest threats, the report says. This should be a “cornerstone” for cyber-security initiatives, says Raghav Rao at the University of Texas.

But fixing all the weaknesses in the digital systems that control critical US infrastructure will require a coordinated, long-term effort. “We’ve taken 25 years to get into this predicament. We’re not going to get out of it overnight,” says Brenner.

New Scientist

You Might Also Read:

Malware Targeting Energy Companies:

Infrastructure Security in the Age of Ransomware:

Air Gapping Critical Process Control Networks:

 

« WikiLeaks Has Published The CIA’s Secrets For Infecting Windows
Cyber War Calls For A New Look US Soldier »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Trusted Knight

Trusted Knight

Trusted Knight is a leading provider of security software solutions focused on defeating newly developed malware and crimeware trojans.

Avansic

Avansic

Avansic is a leading provider of e-discovery and digital forensics services to attorneys, litigation support teams, and business communities.

NSIDE Attack Logic

NSIDE Attack Logic

NSIDE Attack Logic simulates real-world cyber attacks to detect vulnerabilities in corporate networks and systems.

BrandShield

BrandShield

BrandShield is an anti-counterfeiting, anti-phishing and online brand protection solution.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

SecSign Technologies

SecSign Technologies

SecSign Technologies delivers user authentication, messaging, file sharing, and file storage with next generation security for company networks, websites, platforms, and devices.

Pelion

Pelion

Pelion Connected Device Services are the easiest way to securely connect and manage your devices, allowing you to focus on forging your future.

EnigmaSoft

EnigmaSoft

EnigmaSoft is known for its PC anti-malware remediation utility and service under the tradename SpyHunter.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

CyberNews

CyberNews

Cybernews.com is a research-based online publication that helps people navigate a safe path through their increasingly complex digital lives.

Financial Services Information Sharing and Analysis Center (FS-ISAC)

Financial Services Information Sharing and Analysis Center (FS-ISAC)

The Financial Services Information Sharing and Analysis Center is the only global cyber intelligence sharing community solely focused on financial services.

Ermetic

Ermetic

Ermetic’s identity-first cloud infrastructure security platform provides holistic, multi-cloud protection in an easy-to-deploy SaaS solution.

IntegraONE

IntegraONE

IntegraONE is a IT solutions provider offering a full range of networking and technology solutions.

Resourcive

Resourcive

Resourcive is the first Value Added Sourcing “VAS” consultancy. We deliver strategic IT sourcing solutions to mid-market and enterprise clients.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.