Monday, November 16, 2015

October news roundup: U.S. tackles critical infrastructure cybersecurity

The mounting fear of inefficient critical infrastructure security set the tone for October when researchers from the U.K.-based Chatham House, an independent policy institute based in London, announced nuclear power plants are at an increasingly high risk of a cyberattack. Headlines highlighted this cautionary theme throughout the month, culminating in President Obama’s criticism of the United States’ insufficient cyber defenses. As researchers and security experts continue to raise awareness of the growing threat to critical infrastructure, we’ll share them with you here:

In a statement on Oct. 29, President Obama warned the U.S. isn’t spending enough on cybersecurity for the power grid, citing the devastation that technologically advanced countries like China could cause. In an effort to promote the need for more funding for the nation’s energy systems, Obama declared November “Critical Infrastructure Security and Resilience Month.”   

A new report from the FBI stated ISIS hackers are attempting to attack the U.S. power grid to take down parts of the country’s energy supply. While the hackers have yet to be successful, there is increasing concern that they will purchase highly capable software on the black market that could help them cause a catastrophic power outage. 

Over the last four years, hackers have stolen code and blueprints to American oil and water pipelines and power grids. In 2014, the number of attacks on industrial control systems increased fourfold to 675,186 from 163,228 in 2013. The question now – what are hackers going to do next?

National Grid has identified a number of attacks on the company’s computer systems coming from the Middle East and China. Fewer than five attempts have actually gotten into the system, but they’re still there, which means an increased chance of one successfully paralyzing the power grid.

As critical infrastructure becomes more dependent on digital systems, most of the world’s nuclear power plants have failed to establish sufficient cybersecurity protocols. An 18-month-long study from the Chatham House found nuclear facilities generally are not doing enough to protect themselves from a cyberattack that could cause irreparable damage.

That said, there are significant differences between nuclear generation industries, cybersecurity regulations and security postures in different parts of the world. The report frequently paints all nuclear generators in all parts of the world with the same brush, which is not fair to those jurisdictions with strong cybersecurity programs in place. Nonetheless, the Chatham House report is detailed and worth reading.

For more industrial cybersecurity news, check out last month’s news roundup.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.