Control systems open to attack
Hot on the heels of Jerry Dixon's warnings of inadequately secured control systems
, a spokesperson from the Central Intelligence Agency disclosed that extortionists have threatened to disrupt power-generating equipment in other unnamed countries, by means of computer-based infiltration. And in one case, they may have actually done so.
"We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet," said CIA senior analyst Tom Donahue
at the SANS security summit for Supervisory Control and Data Acquisition systems.
One of the reoccurring themes we heard repeatedly at the SANS Security 2008 summit this week in New Orleans is how pitiful the security is on the control systems used to run the country's power stations, water systems, transit systems and other basic infrastructure. In many cases, these systems just weren't designed to be operated on a network, and their defenses would make the average desktop computer look like Fort Knox.
Posted by Joab Jackson on Jan 19, 2008 at 9:39 AM