Cyber attacks on critical infrastructure targets. On Wednesday the Central Intelligence Agency (CIA) told an international gathering of government officials, engineers and security managers from electric, water, oil & gas and other critical industry asset owners that the CIA has information that cyber intrusions into utilities was responsible for at least three blackouts and then followed up with extortion demands.
The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation's power grid. The following are the eight areas addressed by these standards:
1. Critical cyber asset identification
2. Security management controls
3. Personnel and training
4. Electronic security perimeters
5. Physical security of critical cyber assets
6. System security management
7. Incident reporting and response planning
8. Recovery plans for critical cyber assets
These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a countys critical infrastructure would have significant direct and indirect damages. Most of these damages would be psychological, economic and financial. Analysis of a cyber attack on critical infrastructure targets resulted in the following data:
Target value: High
Impact analysis: Elevated
Required skills: Moderate
Attack costs: Low
Current defenses: Moderate (elevated for nuclear sites)
Facts
- Utilities across the world are being hit by an estimated 500 to 1,000 attacks from hackers and malicious code every year.
- Technolytics analysis found insider threats now account for over 80 percent of security breaches.
- The Spy-Ops Cyber Warfare CIP training program stated the two areas of greatest critical infrastructure cyber threat is equipment, hardware and software vendor management and human resource management.
- Technolytics analysis found physical and information security responsibilities must merge to improve security.
- Critical Infrastructure targets are on the top targets for terrorists and military cyber warfare units.
(Reference link here.)
-- Kevin Coleman
