FBI Say ISIS Is Going After US Vulnerabilities

ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country's energy supply, CNN Money reports.

Law-enforcement officials shared the information about attempted cyberattacks at a conference on October 14 with American energy firms about potential national-security issues.
"Strong intent. Thankfully, low capability," John Riggi, a section chief in the FBI's cyber division, told CNN about ISIS' hacking attempts.
"But the concern is that they'll buy that capability."
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.
Because of the size and complexity of America's utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities.
A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level because of the large number of various providers and their own infrastructure and networks.
 
"Hackers can't take down the entire, or even a widespread portion of the US electric grid," Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. "From a logistical standpoint, this would be far too difficult to realistically pull off — and it's not what we should be devoting our attention to.
"What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level."
The likeliest outcome of a cyberattack against US infrastructure, Pollet contends, is "localized disruptions in service — not a widespread outage."
"It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country," he writes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyberattack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
"They'd love to do damage, but they just don't have the capability," Mark Lemery, the critical infrastructure protection coordinator for Utah, told CNN. "Terrorists have not gotten to the point where they're causing physical damage."
BusinessInsider: http://bit.ly/1jQAbR3

« Israel: The Cyber Power
China Still Hacking US Firms Despite Xi’s Vow »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Nimbusec

Nimbusec

Nimbusec scans your website around the clock and informs immediately if it has been hacked or manipulated

BlueID

BlueID

BlueID is an IDaaS technology product which enables your objects to securely connect and interact with your users’ smart phones and smart watches.

NextVision

NextVision

NextVision is a Cybersecurity and Technology company offering a range of solutions and services for Security, Compliance and IT Infrastructure Management.

Asia Data Destruction (ADD)

Asia Data Destruction (ADD)

ADD is the leading IT Assets Disposal and Data Destruction Company in Thailand.

spiderSilk

spiderSilk

spiderSilk is a Dubai-based cybersecurity firm, specializing in simulating the most advanced cyber offenses on your technology so you can build your best security defenses.

Elevate Security

Elevate Security

Elevate is the leading Security Behavior Platform, changing employee security habits while giving security teams unprecedented visibility.

Everbridge

Everbridge

Everbridge provides enterprise software applications that automate and accelerate organizations’ operational response to critical events in order to keep people safe and businesses running.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

Testhouse Ltd

Testhouse Ltd

Testhouse is a thought leader in the Quality Assurance, software testing and DevOps space. Founded in the year 2000 in London, UK, with a mission to contribute towards a world of high-quality software

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Creative Destruction Lab (CDL)

Creative Destruction Lab (CDL)

Creative Destruction Lab is a nonprofit organization that delivers an objectives-based program for massively scalable, seed-stage, science- and technology-based companies.

Zitec

Zitec

One of Europe's largest and most prominent full-cycle software development services companies, Zitec is the digital transformation partner to companies in the EU, UK, USA, Canada and ME.

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

National Coordinator for Security and Counterterrorism (NCTV) - Netherlands

The NCTV serves the Netherlands’ national security. We protect national interests, identify threats and strengthen resilience.

Action Fraud

Action Fraud

Action Fraud is the UK’s national reporting centre for fraud and cyber crime where you should report fraud if you have been scammed, defrauded or experienced cyber crime.

Security Compliance Associates (SCA)

Security Compliance Associates (SCA)

The sole focus of SCA is safeguarding critical information and complying with information security regulations.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.