Aurora threatens US power grid
HACKERS could shut down US power stations from the comfort of their own homes, says the Department of Homeland Security.
Almost a year ago, the Department released a video showing how cyber criminals could hack into power plants and blow up generators remotely using a technique known as the Aurora Vulnerability.
Government researchers launched an experimental cyber attack causing a generator in Idaho to self-destruct in a cloud of smoke.
Setting aside the fact that the release of the information was an extremely dumb thing to do, apparently little has been done in the intervening months to prevent such a thing happening for real. Members of the House Committee on Homeland Security are now warning that regulatory bodies aren't moving fast enough.
"I think we could search far and wide and not find a more disorganised response to a national security issue of this import," said the chairman of the Subcommittee on Emerging Threats, Cybersecurity and Science and Technology, James Langevin. "Everything about the way this vulnerability was handled … leaves me with little confidence that we're ready or willing to deal with the cyber security threat," he told Forbes.
Langevin blamed the Department of Homeland Security for not providing enough detail on exactly how the attack was made, hampering efforts by the the power industry to take preventative measures. He also pointed the finger at the power companies for working too slowly and the North American Electric Reliability Corporation (NERC), for not doing its job as the regulatory body tasked with providing the nation's power.
NERC gave evidence to the US House of Representatives last October claiming that 75 per cent of the nation's power plants had made some progress in securing systems against cyber attack. But when the subcommittee checked the NERC survey, it discovered that it had only been thrown together a couple of days before the hearing.
"You are not going to sit there and waste my time telling us you're doing the job you're supposed to do," Bill Pascrell, another member of the House subcommittee, said. "Who do you think we are - a bunch of jerks?"
A number of serious security vulnerabilities at the USA's largest power company, Tennessee Valley Authority, were noted including a failure to implement simple security measures such as updating firewall and antivirus software. Much of the company's network had no password protection and provided links to TVA's power generation systems.
Joseph Kelliher, chairman of the Federal Energy Regulatory Committee, said that the industry's emergency response procedures were designed to protect the grid from the threat of tree branches falling on power lines, rather than cyber attacks.
"A process designed to guard against poor vegetation management is not well suited to guard against national security threats," he said.
New legislation is coming into force in 2010 which threatens power companies with fines of up to a million dollars a day for failing to meet security standards. µ
L'Inq
Forbes
Share this:
ShareBusiness Intelligence Software
Customer Relationship Management (CRM)
Enterprise Accounting Software
Enterprise Resource Planning (ERP)
Enterprise Systems Management
another frightener hacked together in a couple of days and thrown in front of Congress by the DHS in an effort to justify additional funding to an already bloated, unregulated and ineffective department.

The DHS motto is "Preserving our Freedoms, Protecting America" - yeah right, just ask the people who work there what they really think:
http://abclocal.go.com/wls/story?section=news/national_world&id=5017688
In fact, the Federal Energy Regulatory Commision (FERC) has written a substantial set of documents to address "Critical Cyber Assets" within the U.S. power grid.

In a nutshell, the standard requires that any computer equipment connected to critical electrical components and capable of routable electronic communication be on a seperate network and are not allowed to access the Internet. There are also substantial self-audit, testing, and logging requirements.

Audits begin this summer and will be ongoing.

P.S. this is also a result of 9/11 and the N.E. power blackouts of a couple years back.
Since the world is connected at the hip to the US should not the EU and britain etcetera do a little analysis of what would happen to them if america does crap out like that?
Will they crumble when the US has some downtime? will internet still work if the US is bereft of electrical power? It was designed for redundancy but then later many geniuses started to make much of it dependant on some single key setups that have no redundancy I understand, and what about wall street? can we do without it for a few weeks? We should, but can we?
Plus the UN is located in america too for instance.