Saturday, January 19, 2008

Hacking the Power Grid

Here is one to keep any data center manager up at night. Speaking at a security conference, CIA analyst Tom Donahue gave information about attacks (regions outside the U.S.) where criminals hacked into systems and cut power to several cities. All attacks were intrusions via the Internet, and the goal was extortion.

On Thursday The Federal Energy Regulatory Commission (FERC) approved approved new standards to protect the nation's bulk power systems against cyber attacks. The eight new standards are:

  • Critical Cyber Asset Identification
  • Security Management Controls
  • Personnel and Training
  • Electronic Security Perimeters
  • Physical Security of Critical Cyber Assets
  • Systems Security Management
  • Incident Reporting and Response Planning
  • Recovery Plans for Critical Cyber Assets
In November 2007 President Bush asked congress to move $152 million into cybersecurity programs for 2008. Given what the CIA has known (presumably for some time), it's no surprise that investigation, new technologies and protection methods are crucial.

The PC World article quotes a conference attendee as saying that this "came as news" to many professionals in attendance. I'm no security expert, but come on.... this is nothing new. The U.S. has had any number of reports on potential infrastructure attacks and we have been pouring money into cybersecurity for many years -- the Clinton administration announced a $1.46 Billion initiative for cybersecurity in 1999, there was project Eligible Reciver in 1997, and countless others since then. Just last September there was a demonstration at the Idaho National Laboratory of the effects of a software vulnerability attack on infrastructure systems.

The power grid hacking is still pretty scary to think about though....and good reason for all of these alternative power sources to gain popularity.

Check out the PC World article here

No comments: