IT security in energy sector to come under scrutiny
Massive blackout highlights need for better security protections
Computerworld - WASHINGTON -- As the blame game continues surrounding Aug. 14's regional blackout, Congress is planning a series of hearings not only to find out what caused the cascading power failure but also to examine a pressing security issue that experts have been warning of for years: the power grid's vulnerability to intentional cyber-based disruptions.
During the first week in September, the House Committee on Energy and Commerce plans to hold hearings into the massive power failure that struck the Northeast, Midwest and parts of Canada to determine the likely causes and what can be done to prevent future failures. In a letter, committee Chairman W.J. "Billy" Tauzin (R-La.) requested information on the blackout from all of the utility companies and various industry councils affected.
In addition, officials from the House Committee on Government Reform want to study the security of the national power grid's cyber-based control systems. The concern is that an equally devastating series of failures could be triggered by relatively minor disruptions to the control systems that manage the power grid, a Capitol Hill source said.
Such incidents are exactly what security experts from the IT and energy industries have been warning about for years. The issue came to the forefront during the California energy crisis in 2001. For 17 days, between April 25 and May 11 of that year, hackers managed to remain undetected after they breached the network of the Folsom, Calif.-based California Independent System Operator (ISO), which manages that state's electric grid. Although no damage was reported, officials traced the intrusion back to a system in China (see story).
The problem, however, is that electrical grids such as California ISO's are highly integrated and dependent on other regional grids, and all are managed using technology known as Supervisory Control and Data Acquisition (SCADA) systems. Once highly proprietary, SCADA systems are increasingly being deployed using commercial off-the-shelf technologies that rely on public Internet protocols and connections for ease of management and cost savings, experts said.
"The [energy] sector has always contained security vulnerabilities, but these vulnerabilities have been compounded by the introduction of new networking technologies, deregulation and structural changes in the industry," according to a report released in December by the Institute for Security Technology Studies at Dartmouth College. "There have been dozens of cases where [SCADA] systems -- in the electric power, water, wastewater, oil, gas and paper industries -- have been intentionally or unintentionally impacted by electronic means," the report states.
In addition, testimony received by the institute from utility companies "clearly shows that the electric energy sector is
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Addressing the Broken State of Backup with a New Category of Disk-Based Backup Solutions Today, IT organizations are faced with a number of challenges when managing backup processes, including the need for faster backup, restore, tape copy,...
- Optimizing Approaches to Enterprise Backup and Recovery IT organizations are faced with ensuring that backups occur in the shortest amount of time and are not operationally disruptive as well as...
- How Backup Disk Architecture Impacts the Backup Window This paper compares disk based backup architectures, the impact that data deduplication has on backup performance, and how well the solution scales as...
- How Data Deduplication Impacts Recovery Data deduplication has clear benefits when it comes to efficiently retaining backup data on disk and replicating data offsite for disaster recovery --...
- Pre-Engineered solutions from VCE Simplify Core Infrastructure Implementation In this video, the CTO of Purdue Pharma, a privately held pharmaceutical company explains how Purdue transformed their data center infrastructure with VCE.
- Data Protection and Disaster Recovery with iSCSI and VMware Get this on demand webcast now All Disaster Recovery White Papers | Webcasts