National laboratory finds critical infrastructure at risk for cyber attacks
SUBNET Solutions Inc | Monday, June 18, 2012
A recent report from Pacific Northwest National Laboratory (PNNL), which was co-sponsored by McAfee, uncovered a startling increase in cyber threats and sabotage on U.S. critical infrastructure.
PNNL, a federal contractor of the U.S. Department of Energy, released on June 18 the findings of the report, titled "Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems: McAfee Application Control, Change Control, Integrity Control." The paper identifies the security challenges currently confronting the smart grid, and potential ways to mitigate their risk.
The report also identifies the most pressing issues that are affecting critical infrastructure, and the vulnerabilities that have surfaced as the cyber security landscape continues to evolve. The value and effectiveness of various cyber security solutions are broken down to determine how strongly they contribute to national security and security of industrial control systems, such as the country's power network.
The report found that the largest problem faced by the critical infrastructure and energy industry is how to put strong cyber security measures in place that meet national regulations and integrate with existing infrastructure.
"When early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered," said Philip A. Craig Jr., senior cyber security research scientist at the Pacific Northwest National Laboratory. "Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure."
PNNL and DOE identified several vulnerabilities that may affect smart grid cyber security. As more communication networks are linked together, more access points will be created, resulting in higher exposure to attacks. The growing complexity of the grid also increases vulnerabilities as more substation are linked together.
Substation automation will also expose utilities to more vulnerabilities, as improper use of the huge amounts of data that are gathered by such systems could lead to new potential risks to the grid and the nation.
However, installing substation intelligence that meets NERC CIP standards can help utilities ensure their operation remains secure. SUBNET has developed several products that help utilities automate their substations while complying with these standards.
Substation Cyber Security