FBI Say ISIS Is Going After US Vulnerabilities

ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country's energy supply, CNN Money reports.

Law-enforcement officials shared the information about attempted cyberattacks at a conference on October 14 with American energy firms about potential national-security issues.
"Strong intent. Thankfully, low capability," John Riggi, a section chief in the FBI's cyber division, told CNN about ISIS' hacking attempts.
"But the concern is that they'll buy that capability."
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.
Because of the size and complexity of America's utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities.
A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level because of the large number of various providers and their own infrastructure and networks.
 
"Hackers can't take down the entire, or even a widespread portion of the US electric grid," Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. "From a logistical standpoint, this would be far too difficult to realistically pull off — and it's not what we should be devoting our attention to.
"What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level."
The likeliest outcome of a cyberattack against US infrastructure, Pollet contends, is "localized disruptions in service — not a widespread outage."
"It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country," he writes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyberattack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
"They'd love to do damage, but they just don't have the capability," Mark Lemery, the critical infrastructure protection coordinator for Utah, told CNN. "Terrorists have not gotten to the point where they're causing physical damage."
BusinessInsider: http://bit.ly/1jQAbR3

« Israel: The Cyber Power
China Still Hacking US Firms Despite Xi’s Vow »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

L3Harris United Kingdom

L3Harris United Kingdom

L3Harris UK (formerly L3 TRL Technology) designs and delivers advanced electronic warfare and cyber security solutions for the protection of people, infrastructure and assets.

Emerson Electric Co

Emerson Electric Co

Emerson provides industrial automation systems and associated cybersecurity solutions to protect critical process control systems from cyber attack.

First Response

First Response

First Response is a Cyber Incident Response and Digital Forensic Investigation company.

Massive Alliance

Massive Alliance

Massive is a global service agency providing internet monitoring, data & security threat surveillance and reputation management.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

CultureAI

CultureAI

CultureAI deliver intelligent cyber security awareness education and tools that build resilient security cultures where employees help defend.

Quantstamp

Quantstamp

Quantstamp are experts in Smart Contract Security Audits. We provide verification that your decentralized system works as intended.

MONITORAPP

MONITORAPP

MONITORAPP is responsible for complete web security. Protect your business environment with Application Security Solutions from MONTORAPP.

Billington CyberSecurity

Billington CyberSecurity

Billington CyberSecurity is a leading, independent education company with an exclusive focus on cybersecurity.

Kinetic Investments

Kinetic Investments

Kinetic Investments is a venture capital firm dedicated to early-stage companies that are transforming the digital landscape.

Quside

Quside

Quside, a spin-off from The Institute of Photonic Sciences in Barcelona, designs and manufactures innovative quantum technologies for a wide range of applications including cyber security.

7layers

7layers

7layers has established itself as one of the world’s leading test house groups for mobile devices and the growing number of wireless devices, modules and chipsets.

Alpha Mountain AI (alphaMountain)

Alpha Mountain AI (alphaMountain)

alphaMountain provides up-to-date domain and IP intelligence for cybersecurity investigational and protection platforms.

SeeMetrics

SeeMetrics

SeeMetrics is an automated cybersecurity performance management platform that integrates security data and business objectives into a simple interface.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.