U.S. Critical Infrastructure Vulnerable To Cyber Attacks
The U.S. cyber security community has been warning since long that the country's critical infrastructure including transportation, electric, banking and oil and gas sectors are susceptible to hackers' attacks or other nations seeking an opportunity to damage the computer networks that control the infrastructure. No attack has yet materialized.
But the attacks are very likely at some time, warns Aaron Turner, a cyber security expert with the Energy sector's Idaho National Laboratory (INL). In a certain posting on csoonline.com on May 4, 2007 Turner said the critical vulnerabilities in the U.S. infrastructure exist due to the constant use of technology, setting up of connectivity everywhere, and diminishing human oversight with regard to the control system.
The Department of Energy and Homeland Security conducted a security evaluation for 12 different control systems. In the process INL specialists have discovered that all those control systems are susceptible to security vulnerabilities capable of making high impact. Even a low-skilled attacker could exploit them with the help of techniques that he can operate remotely. While reviewing the get up and operation of these control systems, the INL found that it is not easy to implement enhanced security controls on existing systems while at the same time confirm functionality of the basic system.
Taking the clue from past incidents of cyber security, the improvements need to start from low-level incidents that target economic profit. The next corrections will likely be on vulnerability discovery appliances available openly and then moving on to large-scale incidents set up to lower confidence in the infrastructures.
Turner uses the reference of a paper that IBM recently published. The paper notes that hackers today are maturing with attempts to make monetary extortions from the proprietors and operators of the country's vital infrastructure. Turner wrote that attacks would begin at lower levels with economic interests to move to distribution of tools that would detect network vulnerability and then large-scale events that would bring down general confidence on infrastructure systems.
Turner emphasizes on U.S. educating all national sectors about the risks and then jointly with the private sector, provides the minimum technical protection against cyber attacks.
Related article: U.S. Businesses Lose $712 Per Worker Due to Spam
» SPAMfighter News - 17-05-2007