Utilities could be open to attack

The movie Live Free or Die Hard featured the concept of the Fire Sale, a fictional coordinated plan to shut down the critical infrastructure by attacking its computer systems.

The Hollywood depiction was sensationalized, but the basic plan of attack could be feasible, at least given the state of security on utility control systems, said Jerry Dixon, former acting director of the Homeland Security Department's National Cyber Security Division. He is now director of analysis at Internet security consulting firm Team Cymru.

Dixon, speaking at the SANS Security 2008 conference last week in New Orleans, said the control systems of utility companies, many in remote locales, are often controlled by dial-in modems, and their systems have outdated or nonexistent security and authentication technologies.

Those on a network could be sharing equipment with other less-sensitive systems and, hence, vulnerable to a crossover attack.

Also, control system management software tends to be poorly designed and filled with points of vulnerability.

Dixon cited an infrastructure vulnerability found last fall by the Energy Department's Idaho National Laboratory, in research work funded by DHS. The work demonstrated how a megawatt generator could be broken from afar by calling into the substation system and executing a number of malicious commands to alter the workflow logic of the generator.

About the Author

Joab Jackson is the senior technology editor for Government Computer News.


  • senior center (vuqarali/Shutterstock.com)

    Bmore Responsive: Home-grown emergency response coordination

    Working with the local Code for America brigade, Baltimore’s Health Department built a new contact management system that saves hundreds of hours when checking in on senior care centers during emergencies.

  • man checking phone in the dark (Maridav/Shutterstock.com)

    AI-based ‘listening’ helps VA monitor vets’ mental health

    To better monitor veterans’ mental health, especially during the pandemic, the Department of Veterans Affairs is relying on data and artificial intelligence-based analytics.

Stay Connected