CIA: Hackers to Blame for Power Outages

From Stiennon (here) via Hoff (here) – 2 dudes who go together like peas and carrots – turns out hackers broke into energy utilities and disrupted power in multiple cities as part of an extortion scheme (here)

WASHINGTON (AP) — Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in “several regions outside the United States.”

“In at least one case, the disruption caused a power outage affecting multiple cities,” Donahue said in a statement. “We do not know who executed these attacks or why, but all involved intrusions through the Internet.”

Is there any doubt that our reliance on digital technology for command and control of everything from chemical processing plants to airplane routing and scheduling to managing our energy utilities opens up the possibility for remote attacks which could result in service disruptions or lead to loss of life? If a 14 year old can derail a train system (here), and the US military faces ongoing and in some cases significant intrusions (here) why do we keep pretending that our critical infrastructure (transportation, energy utilities, financial services, emergency response, etc) is not vulnerable to a significant and coordinated digital attack?

Advertisements

5 thoughts on “CIA: Hackers to Blame for Power Outages

  1. Is there any doubt that our reliance on digital technology for command and control of everything from chemical processing plants to airplane routing and scheduling to managing our energy utilities opens up the possibility for remote attacks which could result in service disruptions or lead to loss of life?

    no – or rather yes – there IS doubt … i mean I disagree.

    The problem isn’t reliance on digital command and control, the problem is in having a connection of any kind between the internet and this stuff. It should not be possible even for an authorised person to access it from the internet

  2. although … the IR problem isn’t internet based. What I mean is that the general public should not have any physical access – Internet or light

  3. It is naive to think that companies will not find business reasons to use the Internet to access SCADA systems.
    Is a well configured IPSEC VPN less secure than, say, using leased lines?
    When the distances involved in managing SCADA systems are in the hundreds of square miles with roving operators, even companies that have a security mindset are going to implement the most expedient and cost effective methods.
    So, the question is not the access technology (i.e. using the Internet or TCP/IP) but the risk vs. cost involved in using it compared to all other options.

  4. I completely agree and that is the real crux of the problem – that difference between some SCADA systems, what they monitor or control and some typical commercial organizations is the threat of attack on a SCADA system could result in the loss of a life, or disruption of services in the physical world. When that is involved it is a very different risk vs. cost discussion to have at a petro-chemical plant, or transportation service provider than at your local retailer or video rental service.

    The other issue is that many not only do not understand the threats, they downplay the associated risks. The threats are real and the risks can be devastating

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s