New report from the Public Utilities Regulatory Authority highlights the risks of the power grid to cyber attack: Cyber Security and Connecticut’s Public Utilities <read>
There is a profound distance in perspective between the consume r of electricity, natural gas and water , who sees consumption as a normal, secure part of life, and the U.S. Intelligence Community , which sees threats to such consumption. The latter witnesses sophisticated, daily probes and penetrations of U.S. institutions , including not only corporate information technology networks but also regional electric distribution networks and private utilities. In the August 16, 2013 New York Times , reporter Matthew L. Wald noted that both government and private experts describe the U.S. electric grid as “the glass jaw of American industry.” Such experts fear that a successful strike by an adversary “could black out vast areas of the continent for weeks; interrupt supplies of water, gasoline, diesel fuel and fresh food; shut down communications; and create disruptions of a scale that was only hinted at by Hurricane Sandy and the attacks of September 11.”…
Efforts to hack into public utilities are significant , and by many reports , growing both in volume and sophistication. Public utility regulators and state authorities ould be dereli t to ignore what national security personnel call ongoing “battlefield preparation”…
The stark fact is that the United States is vulnerable; probes are active, dangerous and widespread. T his national pregnability pertains directly to Connecticut. There is no option but to acknowledge this reality and resolve to resist, defend and take countermeasures to ensure operational security in our public utilities
The report mentions the NIST (National Institute of Standards) Cybersecurity Framework and concerns within Homeland security.
As the Legislature considers for the third year in a row, passing legislation that would enable Internet voting, ignoring the concerns of our Secretary of the State, Department of Defense, experts from NIST and Homeland Security. In 2012 Governor Malloy was concerned and vetoed the bill based on security concerns, yet in 2013 he signed a similar bill. Now the Legislature is considering a bill to eliminate our constitutional right to a secret vote. You could say the State’s concern with Electoral attack is of Biblical proportions, i.e. criticizing utilities while not noticing the XP in our own systems.
As we were saying, CT State Computers and Municipal Computers running XP could be vulnerable. In fact, all computers running Microsoft Internet Explorer are vulnerable. For the latest bug XP computers may never be “safe(*)” again. Washington Post: Hackers targeting newly discovered flaw in Internet Explorer <read>
This is the first major security disaster for users who still run Microsoft XP, the 12-year-old operating system that Microsoft discontinued support for earlier this month. The short-term solutions do not work with the old operating system, and no patches will be released to fix it.
Many federal agencies still use XP despite repeated advance warnings from Microsoft that impending discontinuance of support would leave their computers vulnerable.
About 10 percent of government computers still run XP, including thousands of computers on classified military and diplomatic networks
* Remember all computers and browsers are vulnerable to as bugs and traps, as yet undiscovered by good guys.
