Henry Dalziel | Latest InfoSec News, SCADA News and Training | May 27, 2013
We blog about information security. That’s what we do.
Something that seems to be consistently in the news these days is the increasing amount of cyber security threats against our nations utilities. Seriously, we blog pretty much on a daily basis about many security issues and subjects (pentesting issues, defensive hacking tools, penetration testing tools etc) but recently we seem to read more about industrial cyber threats.
Our interest in industrial cyber attacks is predominantly a result of our SCADA/ ICS Training, but putting that aside, one thing that is 100% correct and factual is that there is absolutely an increase in cyber attacks on infrastructure. Point in case, May 16, 2013, the Department of Homeland Security testified that year-to-date (2013) there has been a 68% increase of hacking attempts involving Federal agencies, critical infrastructure, and other select industrial entities than ever before.
Security Gaps In The US Electrical Grid System: Hacking Report
150 utility organizations were contacted for a report commissioned by Congressman Ed Markey (D-Massachusetts) and Henry Waxman (D-California) asking how often their grid(s) come under cyber attack and what measures the utilities were taking to defend against hacking attempts. The report, titled: (pdf) Electric Grid Vulnerability: Industry Responses Reveal Security Gaps is an excellent report which clearly outlines all the weaknesses and vulnerabilities within utility and SCADA systems. Here is one stat that jumped out of the page right away: one utility reported that it was the target of approximately 10,000 attempted cyber-attacks each month!
Here are only a few key findings from the report:
– More than a dozen utility organizations that contributed to the report were quoted as saying that they experienced “daily,” “constant,” or “frequent” cyber-attacks
– Common security attacks included phishing, social engineering and malware infection
– A Northeastern utility provider mentioned that their organization was under “constant cyber attack from cyber criminals”
In summary, the US electrical grid (smart grid) is in urgent need of review and for security measures to be enhanced.