Senator Schumer: Utilities "potentially catastrophic" hacking targets, calls for utility worker background checks
SUBNET Solutions Inc | Tuesday, August 16, 2011
Industry experts have long warned that U.S. critical infrastructure - of which power supply networks are a component - are exceedingly vulnerable to hackers. With the success of the Stuxnet worm in Iran, the need to improve smart grid cyber security measures has intensified. According to a published report, a high-ranking U.S. lawmaker wants employees at power plants to pass enhanced background checks to ensure they remain safe.
According to a report from The Hill, Senator Charles Schumer of New York is proposing legislation that would effectively require potential utility employees to subject to an FBI background check, which is significantly more comprehensive than a standard one.
Schumer, who has long advocated for improved smart grid cyber security measures, said this week that he was moved to act following a report released by the Department of Homeland Security (DHS) last month that stated extremists are seeking to launch physical and cyber attacks from inside utilities.
The Stuxnet worm took out more than 20 percent of the computers charged with monitoring Iran's nuclear program. While no country has publicly announced that it was behind the Stuxnet, reports have suggested that it was crafted as a joint effort between Israel and the U.S. The Stuxnet is thought to have reached Iran's closed off computer network through physical means, with an employee likely launching it with USB technology.
A recently released report concluded that hackers have had months to ascertain how the Stuxnet takes out computer systems, giving them ample opportunity to tweak its design to attack U.S. critical infrastructure. Experts are worried that U.S. critical infrastructure protection (CIP) regulations are ill-equipped to combat such an attack, prompting Schumer to float the new background check legislation.
Only employees of nuclear power plants are subject to FBI testing, but Schumer hopes that all utility workers will have to pass such background tests in the future. He, along with a number of other public officials, are worried that a virus similar to the Stuxnet could be deployed at a physical site if enhanced background checks are not required.
Schumer said he aims to "close this major security loophole that would make it mandatory for all major utilities and critical infrastructure plants to run FBI background checks on employees with access to the most sensitive areas of utilities."
"Power plants and utilities present a tempting and potentially catastrophic target to extremists who are bent on wreaking havoc on the United States, which is why thorough background checks on all workers with access to the most sensitive areas of these operations are a must," he added.
The plan would require major utilities and critical infrastructure facilities to more actively look into the backgrounds of potential employees. By subjecting employees who would have access to sensitive information and systems to FBI-styled background checks, such employees would be checked "against the FBI’s criminal history record repository, the Interstate Identification Index (Triple I) system, that contains fingerprint records from all states, U.S. territories, federal and international criminal justice agencies," Schumer's bill states.
According to a report from Reuters, Schumer also said that reports have surfaced over the past year indicating that al Qaeda is actively recruiting extremists to infiltrate and work in sensitive areas, including those within utilities. Without improved background checks, critical infrastructure remain vulnerable, experts assert.
Substation Cyber Security
Substation Automation & Remote Access