IDG News Service - DUSSELDORF, Germany -- The arsenal of modern weapons that terrorists might someday use to disrupt power grids, gas lines and other parts of the nation's critical infrastructure includes conventional weapons as well as bits and bytes -- in other words cyberterror attacks. The cyberthreat to the electricity we use and the water we drink is real, experts say, but there's no need to panic -- at least not yet.
"Our research shows that terrorist groups are definitely interested in attacking critical infrastructures," said Eric Byres, research director at the Internet Engineering Laboratory of the British Columbia Institute of Technology in Burnaby. "The good news is that we don't think they have the technical ability yet -- in other words, the combined IT and control system skills needed to penetrate a utility network. The bad news is that they're beginning to acquire some of these skills."
Confidential documents about supervisory control and data acquisition (SCADA) systems, for instance, have been found in al-Qaeda hiding places in Afghanistan, while the Irish Republican Army has said it plans cyberattacks on crucial supply systems, according to Justin Lowe, principal consultant with PA Consulting Group.
Equally disturbing is that talented hackers in many parts of the world are willing to peddle their expertise for the right price or political cause, according to DK Matai, chairman of Mi2g Ltd., a London security service provider. "We have evidence of Russian hackers selling their skills to radical Islamic groups," he said.
Few, if any, of the industrial control systems used today were designed with cybersecurity in mind because hardly any of them were connected to the Internet. For the most part, these companies viewed their infrastructures as secure from cyberattacks because of their isolated structure.
However, utilities and factories are now using the Internet to carry SCADA messages from an increasing number of Web-enabled, remote-control systems, said Joe Weiss, who served as security director at the Electric Power Research Institute in Palo Alto, Calif., and its Enterprise Infrastructure Security Initiative before joining KEMA Consulting.
Not only that, but also many of their "private" networks now are built with the help of competitively priced fiber-optic connections and transmission services provided by telecom companies, which have become the frequent target of cyberattacks.
Last year, a power utility crash that was caused indirectly by the Slammer worm paralyzed a leased telecom service. For its SCADA communications network, the utility used a frame-relay service, which a carrier provided over its ATM ( Asynchronous Transfer Mode) backbone. The ATM network was overwhelmed by the worm, blocking SCADA traffic to substations.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts