Ageing Energy Systems Hold Huge Potential For Cyber Attack

Uploaded on 2017-04-18 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

The digital systems that run the electricity grid, gas pipelines and other critical infrastructure in the US have 25 years’ worth of fundamental weaknesses to hacking that need fixing.

That’s a main finding in a report from MIT’s Internet Policy Research Initiative by a former National Security Agency inspector general, Joel Brenner, with input from industry experts.

“Controls on an oil pipeline can use the same hardware as your teenager’s computer,” says Brenner. Suppliers make the most profit by selling general hardware components that have various uses, but they have security flaws. “We know how to fix the vulnerabilities, but there’s no market incentive for companies to do so,” he says.

Around 85 per cent of critical infrastructure in the US is privately owned, so the report says the Trump administration could offer tax breaks to companies that improve their security. That way there would be greater financial value in choosing more secure hardware.

The report also proposes a mandatory minimum security standard for critical infrastructure components. “In the US, we have a body that will tell you if the cord on your toaster is safe to use, but there is no comparable body to say, for example, if a controller on a pipeline is safe,” says Brenner.

Isolation Drive

Key parts of the digital systems should be isolated from the main network to make them less susceptible to attacks from hackers, the report suggests.

Alongside incentives, regulation and penalties could help improve critical infrastructure cyber-security, but they will only be useful for the worst offenders, says Eric Johnson at Vanderbilt University in Tennessee. “While regulation with penalties can help the really poor firms, providing incentives will have the biggest overall impact.”

Another way to boost cyber-security is to improve the sharing of information between firms about the latest threats, the report says. This should be a “cornerstone” for cyber-security initiatives, says Raghav Rao at the University of Texas.

But fixing all the weaknesses in the digital systems that control critical US infrastructure will require a coordinated, long-term effort. “We’ve taken 25 years to get into this predicament. We’re not going to get out of it overnight,” says Brenner.

New Scientist

You Might Also Read:

Malware Targeting Energy Companies:

Infrastructure Security in the Age of Ransomware:

Air Gapping Critical Process Control Networks:

 

« WikiLeaks Has Published The CIA’s Secrets For Infecting Windows
Cyber War Calls For A New Look US Soldier »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clearpath Solutions Group

Clearpath Solutions Group

Clearpath Solutions Group expertise covers virtualization and data storage technologies, networking, security and cloud computing.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

Evok

Evok

EVOK is an IT Service provider specialized in installing, maintaining and supporting IT infrastructures for SMB's in Switzerland.

ASU Online - Information Technology Program

ASU Online - Information Technology Program

The Information Technology program at ASU Online provides you with the expertise to design, select, implement and administer computer-based information solutions.

Compass Security

Compass Security

Compass Security is a specialist IT Security consultancy firm based in Switzerland. Services include pentesting, security assessments, digital forensics and security training.

Datacom Systems

Datacom Systems

Datacom Systems is a leading manufacturer of network visibility solutions.

Industrial Networking Solutions (INS)

Industrial Networking Solutions (INS)

INS Services specializes in designing, deploying and providing on-going support for critical OT (Operational Technology) and IIoT (Industrial Internet of Things) networks.

Uleska

Uleska

Uleska is a scalable platform that provides automated and continuous software security testing whilst translating cyber risk.

CyberMDX

CyberMDX

CyberMDX delivers proactive security built for hospital devices. 360° visibility, insight, and protection for all connected hospital technologies.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Meditology

Meditology

Meditology Services is a top-ranked provider of information risk management, cybersecurity, privacy, and regulatory compliance consulting services exclusively for healthcare organizations.

Communicate Technology

Communicate Technology

Communicate Technology are IT, telecoms and cyber-security specialists, keeping over 500 businesses and 50,000 users connected and secure across the UK.

Devolutions

Devolutions

Devolutions make best-in-class Privileged Access Management, Password Management, and Remote Connection Management solutions available to ALL organizations — including SMBs.

Arelion

Arelion

Arelion is a leading light in global connectivity and we've been keeping the world connected for nearly three decades.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.