Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Critical infrastructure protection: Are we prepared for a massive cyberattack on U.S. systems?

Taylor Armerding | July 2, 2013
One expert says the financial system deserves more attention, but others say if the power grid goes down, so does everything else. Is there a cyber 9/11 in our future? If so, what is the plan for defense?

"So, it's not like if we break one, we can go down to the hardware store and get a replacement. If somebody really thought about this, they could knock a generator out, they could knock a power plant out for months. And that's the real consequence."

Weiss adds that the power grid equipment supports just about every critical service -- water, oil and gas systems, manufacturing, telecommunications, transportation and yes, banking.

Sparkman, in an interview, said he had no problem with what Weiss had written.

"I just thought that the potential for attacks on the financial system needed more attention," he said.

And most in the security community think both Sparkman and Weiss have legitimate points. Chris Petersen, CTO and cofounder of LogRhythm, said both are correct, in the sense that both the financial system and ICS need aggressive protection from what he called "very severe threats."

He said in many ways the financial system is much more secure than ICS since, "from the moment banks were created, their mission was to protect assets. So they've been working on securing themselves since the beginning. For physical infrastructure, the priority is not security, its availability. They don't operate in a secure mindset because they were never designed that way."

But he agrees with Weiss that, as secure as banking systems may be, none of that will matter if the power goes out.

"It would be like a big, brick building on a foundation of sand," he said. "A prolonged power outage would be catastrophic to the banking system."

Francis Cianfrocca, founder and CEO of Bayshore Networks, said there are actually "a lot of points of contact between them (the banking/financial system and the power grid)."

And he suggested that banks have a direct interest in maintaining the security of the grid.

"Who owns a lot of the power systems?" he said. "Banks do. They are big-time owners of power generation, so they are very involved in their security."

But he, like Petersen, Sparkman and Weiss, agrees that the, "potential for catastrophic impact, including loss of life and illness is real and very significant."

How real was demonstrated in 2007 at the Idaho National Labs in what was called the Aurora Project, where a cyber attack destroyed a diesel generator.

"If you can hack into that control system, you can instruct the machine to tear itself apart. And that's what the Aurora test was, said James Lewis, speaking on 60 Minutes.

At the time, CNN quoted economist Scott Borg, who produces security data for the federal government, saying that if a third of the country lost power for three months, the economic price tag would be $700 billion, or, "the equivalent of 40 to 50 large hurricanes striking all at once."

 

Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.