back to article Energy sector under increasing attack: DHS

The Department of Homeland Security, via its ICS-CERT group, is reporting growing attacks against critical infrastructure with the energy sector leading the way. Its most recent ICS-CERT Monitor report states that of more than 200 incidents it investigated between October 2012 and May 2013, 53 percent were in the energy sector. …

COMMENTS

This topic is closed for new posts.
Silver badge

Makes sense

The energy sector is one of the oldest so they're probably the most bone headed.

0
1
Anonymous Coward

Northeast blackout of 2003

Solution, don't connect your SCADA units to the Internet, especiallly in the middle of a virus/worm infestation.

0
0
IT Angle

Attack of the cyberbullshit ..

"The Department of Homeland Security, via its ICS-CERT group, is reporting growing attacks against critical infrastructure with the energy sector leading the way."

What in the name of the Flying Spaghetti Monster are you doing with critical infrastructure such as power grids and pipelines on the open Internet.<quote/unquote>

See also ...

"If I could, I would repeal the Internet. It is the technological marvel of the age, but .. it brings with it a terrifying danger: cyberwar .. By cyberwarfare, I mean the capacity .. to attack, disrupt and possibly destroy .. power grids, pipelines, communication and financial systems, business record-keeping and supply-chain operations, railroads and airlines, databases of all types (from hospitals to government agencies). The list runs on" .. link

Is it a co-incident that a number of these cyberscare stories are appearing in the aftermath of the Snowden revelations regarding PRISM

ps: elRegister could you collect these cyberscare stories under the one title so as the rest of us can avoid them ...

1
0
Facepalm

Re: Attack of the cyberbullshit ..

In my experience the reason PLC's etc are connected to the internet is to allow potentially distant engineers and systems experts to access the control system in the middle of the night or from great distance to "frig" out some snafu in the system which is preventing a power generating unit getting on the bars. The age and complexity of most turbo generators mean that certain instruments or interlocks failing to register in the correct state holds up the sequence. Most power companies in the UK (probably nuclear excepted) can't afford to emply enough staff and particulalry on shift who are capable of dealing with this on site. So some poor bugger gets a phone call and it is explained he can come in or he can dial in. The company supports dial in because then they don't lose him the next day which they would if he came in to work.

But I agree it is vaguely mad to have critical equipment internet connected.

2
0
Silver badge

Re: Attack of the cyberbullshit ..

Its very easily sorted by using a firewall on each device.

So connections can only be established from trusted sources. If that means you have to VPN into HQ and use that as a proxy, so be it.

Ok, the VPN proxy is now the target, but that is one area where you CAN have 24x7 monitoring and active security alerts going on.

1
1
Silver badge

I'd advise against sending

state of the art viruses to upset computer controlled things in other countries. They don’t self destruct like physical stuff and once reverse engineered might just come back to haunt us - haunting being one game you can play in the dark!

1
0
Gold badge
Unhappy

Virus and trojan writing is a game for *any* number of players.

and of course if the US tax payer picks up the pieces (and the bill) why should the companies invest in making their systems any less vulnerable.

Unless of course the Directors face criminal negligence charges.

1
0
Silver badge
Unhappy

Re: Virus and trojan writing is a game for *any* number of players.

Err.. blame the utilities, eh?

Who started this cyber war business with SCADA then? Wouldn't be a certain Washington DC based government, who came up with a scheme to interfere with centifuges in a distant country?

1
1
Silver badge

Poor Choices

Regardless of the lunacy of attaching critical infrastructure to the Internet, the graph seems to indicate that targeting the energy sector is largely ineffective and efforts on that front are likely chosen because they have spotlight appeal.

The graph shows the sectors that aren't experiencing many attacks and whose disruption would cause far more chaos and concern than turning off a small section of a resilient system (like energy). Go for the health sector or the transportation sector if you want to screw with people. Deleted health records or a subway system put out of commission is the kind of thing that makes the news and is hard to explain away. Turning the lights off for a few minutes is easy to fix and easy to excuse; hell, the power here was out for 5+ hours the other day and still nobody knows why or even cares.

These attacks are by amateurs who don't even know why they're doing it. Silly idiots.

1
0
Silver badge

Re: Poor Choices

Generally correct, though note this data refers to industrial control systems. So the low number of attacks on government ICS (2%) isn't an error, it reflects the limited number of government SCADA installations. Accordingly, it doesn't show data attacks to delete health care records as in your example,or more routine DDOS, espionage or similar. And in that respect, the DHS having only investigated 200 attacks in six months, we should compare that to the number of other electronic attacks, which I'm guessing are vastly higher in number.

At the root of this, there's not much money to made interfering in SCADA, there's not much to be learned, and both the machinery and the end to end systems are less vulnerable than people suppose. Electricity supply is robust and resilient. Even a successful attack is unlikely to cause catastophic damage, and the "cure" is simply disconnecting the SCADA if you don't trust firewalls and encryption, with the main downside being a very small increase in costs and some personal inconvenience to the professional staff. Even the Stuxnet attack could have been mitigated by a simple speed controller added to the centrifuge drives, at a cost a few dollars a piece. We'll just have to take Washington's word that Stuxnet destroyed thousands of centrifuges, and set back the Iranian nuclear programme, but an interesting exercise is to put yourself in the place of the engineers and scientists running the enrichment programme, and ask yourself if you'd have sat and done nothing whilst the centifuges kept over-speeding and self destructing?

I've no doubt there's a few enbarassing holes to be found, but the idea that Western (or Eastern, or anywhere's) critical infrastructure is all connected to the web, completely open and unprotected, and at high risk of catastrophic attack is just rubbish, used to persuade the public that they are under continuous attack, and in need of government protection.

1
0
Silver badge
Happy

Re: Poor Choices

You're right. There would be no need for SCADA systems in healthcare (unless we really are living in the Matrix). I always thought the physical impact of Stuxnet was suspect. As you say, I can't see them just sitting there and watching the centrifuges fail, highly unlikely. Maybe they were union workers :)

0
0
Silver badge

Re: Poor Choices

"Maybe they were union workers"

Or just that Iranian government employees are as competent, committed and motivated as our own public servants?

1
0
This topic is closed for new posts.

Forums