High-ranking military: Further cyber security protections necessary for critical infrastructures
SUBNET Solutions Inc | Friday, July 15, 2011
The high-profile cyber security infiltrations of large companies that have occurred over the past few months have only served to underscore the need for tighter regulations. According to a published report, one of the highest-ranking Pentagon officials said the U.S. approach to cyber security protocols for its critical infrastructures is woefully shortsighted.
The Washington Post reports that the nation's second-highest military official, General James Cartwright, affirmed this week that the U.S. is deploying anti-hacking cyber security platforms that are neither complex nor sophisticated enough to protect against hackers.
General Carwright, who is the vice chairman of the Joint Chiefs of Staff, told defense reporters on Thursday that the systems currently used to protect U.S. computer systems are "too predictable" and could easily be infiltrated by skilled hackers.
"We're on a path is too predictable, way too predictable," he said. "It's purely defensive. There is no penalty for attacking us now. We have to figure out how to change that."
As a result, many government officials are scrambling to overhaul cyber security measures aimed at protecting a host of protected data. Critical infrastructure protection (CIP) has long been ignored by the utility industry, according to experts, and many power generators, transmitters and suppliers are failing to protect their power supply networks from foreign hacking attacks.
The military also acknowledged that it was was hacked back in March. During that incident, a foreign intelligence service had hacked into a defense contractor's system and stolen some 24,000 computer files related to a weapons system under development, according to reports. That cyber security breach serves as one of the largest known attacks on the U.S. military ever.
What's more, the Stuxnet worm that disabled more than 20 percent of the computers running Iran's nuclear program is evidence that hackers no longer need direct access to a network to wreak havoc, industry analysts assert. While the U.S. and Israel are suspected to have masterminded the Stuxnet, it is still unknown from where it originated.
The military is now advocating a more proactive cyber security defense, according to the news provider, one where systems are doing more to protect a computer network rather than merely detecting an intrusion.
"If an attack will not have its intended effect, those who wish us harm will have less reason to target us through cyberspace in the first place," Deputy Defense Secretary William J. Lynn III said during a presentation.
Still, critics argue that even more must be done to protect U.S. computer systems, especially ones as vitally important as utilities. The development of the smart grid presents myriad benefits to both consumers and power providers, but it must also be met with stringent cyber security measures to ensure that customer data and the grid itself is protected.
"What are acceptable red lines for actions in cyberspace? . . . Does data theft or disruption rise to the level of warfare, or do we have to see a physical event, such as an attack on our power grid, before we respond militarily?" Representative Jim Langevin, the co-founder of the Congressional Cybersecurity Caucus, said of the further action that needs to be taken.
Last month, the Pentagon said that certain acts of cyber security infiltrations could be viewed as acts of war, depending on what systems were struck.
Substation Cyber Security
Substation Automation & Remote Access