FBI Say ISIS Is Going After US Vulnerabilities

ISIS hackers are attempting to penetrate the US energy grid to carry out cyberattacks and take down parts of the country's energy supply, CNN Money reports.

Law-enforcement officials shared the information about attempted cyberattacks at a conference on October 14 with American energy firms about potential national-security issues.
"Strong intent. Thankfully, low capability," John Riggi, a section chief in the FBI's cyber division, told CNN about ISIS' hacking attempts.
"But the concern is that they'll buy that capability."
That concern is warranted, the FBI told CNN. Highly capable hacking software is available for purchase on the black market and could be used to hack networks associated with energy companies, fuel refineries, or water-pumping stations.
Because of the size and complexity of America's utility grids, and a lack of due diligence, US infrastructure is vulnerable to advanced cyberattacks — from terrorists or, more likely, from rival governments that already have the necessary capabilities.
A survey in 2013 found more than 500,000 potential targets for cyberattacks against computers associated with power plants, water treatment centers, traffic control towers, and various portions of the electrical grid.
As worrying as that sounds, however, the likelihood that ISIS could carry out a catastrophic cyberattack against the US energy grid remains incredibly small.
This is in large part because of just how complicated and disconnected power grids are at the national level because of the large number of various providers and their own infrastructure and networks.
 
"Hackers can't take down the entire, or even a widespread portion of the US electric grid," Jonathan Pollet, an ethical hacker and a founder of Red Tiger Security, wrote for Business Insider. "From a logistical standpoint, this would be far too difficult to realistically pull off — and it's not what we should be devoting our attention to.
"What is more realistic is for a cyberattack to cripple an individual utility, causing a blackout or disruption of service at the local level."
The likeliest outcome of a cyberattack against US infrastructure, Pollet contends, is "localized disruptions in service — not a widespread outage."
"It would be extremely difficult for hackers, without an almost superhuman effort, to cause a power outage that stretched across the country," he writes.
And that is still assuming that ISIS hackers ultimately reach the level of being able to conduct a cyberattack in the first place. As of now, ISIS is lacking in the technological capabilities and know how to carry out even a localized disruption.
"They'd love to do damage, but they just don't have the capability," Mark Lemery, the critical infrastructure protection coordinator for Utah, told CNN. "Terrorists have not gotten to the point where they're causing physical damage."
BusinessInsider: http://bit.ly/1jQAbR3

« Israel: The Cyber Power
China Still Hacking US Firms Despite Xi’s Vow »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

SecDev

SecDev

SecDev is a consulting firm working at the intersection of geopolitical, digital, urban, energy and cyber risk.

iXsystems

iXsystems

iXsystems is a leader in Open-Source enterprise server and storage solutions including Backup & Recovery to protect critical data.

Brookings Institution

Brookings Institution

The Brookings Institution is a nonprofit public policy organization. Cyber security is covered within the various study areas.

SKOUT Secure Intelligence

SKOUT Secure Intelligence

SkOUT Secure Intelligence (formerly Oxford Solutions) provides cyber security monitoring services to organizations around the globe.

WeSecureApp (WSA)

WeSecureApp (WSA)

WeSecureApp is specialized in providing Cyber Security Solutions to safeguard your applications and networks.

Cyberlitica

Cyberlitica

Cyberlitica (formerly iPhish) provides a Workforce Threat Intelligence application that significantly augments companies’ cyber threat prevention efforts.

Netsafe

Netsafe

Netsafe is an independent, non-profit New Zealand organisation focused on online safety. We help people stay safe online by providing online safety education, advice and support.

Rublon

Rublon

Rublon protects endpoints, networks and applications by providing trusted access via two-factor authentication (2FA).

Korn Ferry

Korn Ferry

Korn Ferry is a global organizational consulting firm, synchronizing strategy and talent to drive superior performance for our clients in key areas including cybersecurity.

Finosec

Finosec

Finosec's mission is to change the way information security and cybersecurity are managed in banking.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

Oort

Oort

Oort is an identity threat detection and response platform for enterprise security. The Oort platform is API-driven, cloud-native and agentless for rapid time to value and high scalability.

Paragon Cyber Solutions

Paragon Cyber Solutions

Paragon Cyber Solutions provides specialized security risk management and IT solutions to protect the integrity of your business operations.

Occentus Network

Occentus Network

Occentus Network is a telecommunications service provider specialized in High Availability Servers & managed Cloud services.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.

Pixee

Pixee

Pixee fixes vulnerabilities, hardens code, squashes bugs, and gives engineers more time to focus on the work that counts.