Thursday, July 19, 2012

Energy grids are prime target for attack: McAfee

KOLKATA: If a rogue state, terrorist, or malcontent wanted to debilitate a major city or even an entire country, how could it make a widespread, immediate, and lasting impact? Quite simply, by striking at the facilities that produce and distribute the electrical power that everything else depends on!

"Anything from the lights and appliances in your home to heart monitors in hospitals to air defense systems-anything could be compromised by a single, targeted attack on the energy grid. Only today, the weapon of choice is not a rocket launcher, but rather, malicious software code-malware that is skillfully designed to destroy, disrupt, or take control of the complex systems on which the grid runs," Tom Moore, vice president, Embedded Security at McAfee said.

According to Moore, the safe and reliable flow of energy from supply to demand is increasingly dependent on automation and interconnected embedded systems. And it will inevitably become even more so, as the "smart grid" envisioned by energy producers and policymakers takes shape. The problem is that the very thing that makes the grid smart-the ability of myriad embedded systems to communicate with each other, often using a combination of legacy and proprietary equipment alongside more modern solutions-has created a duality where communications over serial, wired and wireless Ethernet, cellular, and dial-up modems being used with a combination of common TCP/IP and proprietary protocols. This has expanded the attack surface, making it vulnerable to cyberthreats.

Open systems invite hacking. More malware was detected on computer networks in 2011 than in all previous years combined, with critical infrastructure being a prime target. All of this begs the question in many minds: can a system with so many points of entry, like a house with all the doors and windows left open while the owner is on vacation, really be called "smart"?

McAfree, an Intel company, has announced a report looks at how legacy smart grids are a prime target for attack and how security needs to be built into these critical systems.

The most prevalent cyber threat reported by the global energy sector is extortion. Criminals gain access to a utility's system, demonstrate that they are capable of doing damage, and demand a ransom. Additional threats include espionage and sabotage all with the goal of financial gain, data theft and shutting down facilities.

The system turned out to be vulnerable one because of well-intentioned efforts to modernize energy distribution and make it safer, cleaner, more efficient, less costly, and open to more alternative forms of production.

An estimated 70% of the existing energy grid is more than 30 years old. In the effort to update it and integrate it with more modern installations, connecting aging systems to the internet without the benefit of encryption, security has largely been an afterthought.

Moving systems from a manual process to one that is internet connected gave energy grid operators real-time info and allowed administrators to telecommute and field workers to re-program systems from remote locations through their smartphones however this also opened all their systems to the outside world.

"Interconnection of embedded systems - the third and perhaps most alarming cause of vulnerability is the proliferation and increasing interconnection of embedded software and devices directing the flow of energy. While each of these built-in computers is typically single-function with a very specific task, more and more are being built with off-the-shelf rather than proprietary software, making them increasingly generic - and therefore vulnerable. As such, they are the prime targets of intruders seeking to gain control of or disrupt the delivery of energy," the McAfee report said.

"Security needs to be built into grid components at the planning and design phase," Moore said. "Because the grid relies heavily on embedded systems it makes them ripe targets for intruders thus it is imperative to integrate security solutions natively in these devices. McAfee is working with its partners in industry and government to make great strides on the technical front to mitigate the threats to these critical systems we all rely on," the report said.

Source: http://economictimes.feedsportal.com/fy/8av2Fvy0c2bUh2mT/story01.htm

new years eve party ideas strait of hormuz mars needs moms gary johnson gary johnson stephen curry hes just not that into you

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.