A CIA analyst speaking at the SANS 2008 SCADA and Process Control Summit in New Orleans has admitted that hackers have not only been able to penetrate the power grids of several countries, but also successfully cut power to several cities, all from the relative safety of the Internet.

Central Intelligence Agency analyst Tom Donahue was quick to point out that all the attacks were external to the United States, but not so quick to provide specifics of the incidents. According to reports Donahue claimed the objective was simple criminal extortion rather than being driven by a terrorist agenda. Conference organisers, the SANS Institute, posted a statement by Donahue which stated that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." The SANS Institute added that according to Mr Donahue the CIA "actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure."

According to Brian Contos, Chief Security Officer at Arcsight which is an active member of all these cybersecurity consortia, there are a whole host of projects underway in the US to ensure that such penetration of national infrastructure utility services is made as difficult as possible:

  • Project LOGIIC has been created to minimise the opportunity for a cyber attack to severely damage America's oil and gas infrastructure.
  • DATES is a Department of Energy initiative to integrate technologically-advanced controls and cyber-security devices into the electricity grid and energy infrastructure.
  • I3P is bringing together various national organisations to make use of the cross-disciplinary research available to ensure that control systems used in critical national infrastructures are made more resilient to attack and just as importantly allow for a more rapid recovery if any attack proved to be successful.

And finally, the Federal Energy Regulatory Commission (FERC) has approved eight new mandatory critical infrastructure protection (CIP) reliability standards to protect the nation's bulk power system against potential disruptions from cyber security breaches. FERC Chairman Joseph T. Kelliher says it has achieved a milestone "by adopting the first mandatory and enforceable reliability standards that address cyber security concerns on the bulk power system in the United States.The electric industry now can move on to the implementation of the standards in conjunction with improvement of these standards in order to increase the security and reliability of the bulk power system."

The eight CIP reliability standards address the following topics:

  1. Critical Cyber Asset Identification
  2. Security Management Controls
  3. Personnel and Training
  4. Electronic Security Perimeters
  5. Physical Security of Critical Cyber Assets
  6. Systems Security Management
  7. Incident Reporting and Response Planning
  8. Recovery Plans for Critical Cyber Assets
About the Author

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

Great article! We provide you 20% discount for all packages and services on our website during these days, and will provide more promotion. Besides,we also want to buy gold from you! Every server is OK. In the end, have you imagined that there is power leveling for free before?wow power leveling Now it happens on www.gmlvl.com 12 hours Free!!!
hurry up