US Critical Infrastructure Is At Cyber Risk

There is universal agreement that modern warfare or crime fighting is not just about bullets, bombs and missiles in physical space. It’s also about hacking in cyber space.

But over the past decade there has been much less agreement over how much of a threat the hackers are.

On one side are those – some of them top government officials – who have warned that a cyber attack on the nation’s critical infrastructure could be catastrophic, amounting to a “cyber Pearl Harbor.”

Those warnings prompted the recent book by retired ABC TV “Nightline” anchor Ted Koppel titled, “Lights Out: A Cyberattack, A Nation Unprepared, Surviving the Aftermath.”

Other experts argue just as forcefully that, while the threats are real and should be taken seriously the risks are not even close to catastrophic. They say those who predict catastrophe are peddling FUD – fear, uncertainty and doubt.

A recent example of that view was an op-ed in the Christian Science Monitor by C. Thomas, a strategist at Tenable Network Security, who uses the nickname Space Rogue.

He argued that the biggest threat to the US power grid or other industrial control systems (ICS) is not a skilled hacker, but squirrels. They, along with other small animals, “cause hundreds of power outages every year and yet the only confirmed infrastructure cyberattack that has resulted in physical damage that is publicly known is Stuxnet (a computer worm that destroyed centrifuges used in the Iranian nuclear program),” he wrote.

That theory was immediately disputed by other experts, including Thomas P M Barnett of Resilient who said the cold is much more frequent, but is much less of a threat than cancer – or as he put it, cancer is “low probability but far higher impact.”

Still, growing evidence of intrusions into the power grid and other critical infrastructure by hostile foreign nation states is enough to make even anti-FUD experts wonder about how “low-probability” a major attack is.

The Associated Press reported last month on security researcher Brian Wallace’s discovery that hackers had penetrated Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

While accurate attribution of attacks is notoriously difficult, digital evidence pointed to Iran. Wallace found that the hackers had already taken engineering drawings, some labeled “mission critical,” that were detailed enough to let the intruders, “knock out electricity flowing to millions of homes.”

And this was just one incident of about a dozen during the past decade in which, “sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on,” the AP said, quoting anonymous experts.

CSO: http://bit.ly/1OzrBAZ

« After The OPM Hack Security Clearances Will Now Be Done By The Pentagon
GCHQ Telephone Security Is 'open to surveillance' »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Charlton Networks

Charlton Networks

Charlton Networks provide a complete range of IT infrastructure, network and security solutions aimed at SME companies.

Professional Information Security Association (PISA)

Professional Information Security Association (PISA)

PISA is an independent and not-for-profit organization for information security professionals, with the primary objective of promoting information security awareness and best practice.

Cymbel

Cymbel

Cymbel provides businesses and government agencies with the tools and expertise they need to manage the most complex security and compliance challenges.

Codified Security

Codified Security

Codified is a testing platform for mobile application software. We make it easier than ever for companies to detect and fix security vulnerabilities and ensure their applications are compliant.

Puleng Technologies

Puleng Technologies

Puleng provides customers with a client-centric strategy to manage and secure the two most valuable assets an organisation has - its Data and Users.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Get Safe Online

Get Safe Online

Get Safe Online is a leading source of unbiased, factual and easy-to-understand information on online safety.

Digital Fingerprints

Digital Fingerprints

Digital Fingerprints provides continuous authentication with behavioural biometrics. Protection against account takeover and session takeover. Compliant with GDPR and PSD2.

N8 Identity

N8 Identity

N8 Identity helps organizations realize the vision of Autonomous Identity Governance™ with AI-driven Identity solutions.

OmniCyber Security

OmniCyber Security

Omni is a cyber security firm specialising in Penetration Testing, Managed Security and Compliance.

ITProTV

ITProTV

ITProTV is part of the ACI Learning family of companies providing Audit, Cyber, and IT learning solutions for enterprise and consumer markets.

WithSecure

WithSecure

WithSecure (formerly F-Secure Business) is your reliable cyber security partner, providing outcome-based cyber security that protects and enables operations.

tTech

tTech

tTech is the first and foremost company providing outsourced Information Technology solutions to businesses in Jamaica.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Mesh Security

Mesh Security

Mesh Security transforms security data, tools, and infra for enterprise-wide visibility and control.