RSS Alerts

Share

More services

Related Stories

  • Year of the Hack
    Commonly referred to as the year of the hack, it is no secret what 2011 has become famous for in the information security industry. This year’s headlines, reports Fred Donovan, have been made up of data breaches, hacks, APT attacks and mergers and acquisitions
  • Obstacles Facing the US Cybersecurity Initiatives
    Although the US government is paying more attention than ever to the issue of cybersecurity, the recent battles in Washington over budgets and austerity measures mean that funding could potentially dry up in an instant. Fred Donovan surveys the experts to get their take on where the nation’s cybersecurity program is heading
  • House bill would expand DHS authority over private networks
    Rep. Jim Langevin (D-RI) has introduced legislation that would expand the Department of Homeland Security’s authority over private networks determined to be part of US critical infrastructure.
  • Editorial: Time to Refocus on Cybersecurity
    October was recently declared National Cyber Security Awareness month by President Obama. Let’s hope that his commitment to cybersecurity is not merely lip service.
  • Cyber weapon Stuxnet hits China
    Stuxnet, the computer worm considered to be the world's first cyber weapon, has hit millions of computers in China.

Top 5 Stories

News

CIA claims hackers attack global power grid

25 January 2008

The US Central Intelligence Agency (CIA) says criminals hacked into the computer systems of utilities, cutting the power to several international cities.

Speaking at the SANS Process Control and SCADA (supervisory control and data acquisition) Summit 2008, CIA cybersecurity analyst Tom Donahue told attendees that the attackers made demands of the utilities and in one case caused a power outage that affected multiple cities.

“We have information, from multiple regions outside the US, of cyber intrusions into utilities, followed by extortion demands,” Donahue told an audience of about 300 US and international security officials from governments as well as electric, water, oil and gas companies. “We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge.”

According to Donahue, all the attacks involved intrusion through the internet and the goal of the attacks was extortion. He did not specify which countries were affected by the attack, when the outages took place or for how long power was cut.

“We do not know who executed these attacks or why,” Donahue said.

He indicated the CIA actively and thoroughly considered the benefits and risks of making this information public and “came down on the side of disclosure.”

According to some estimates, cyber attackers continue to make increasingly sophisticated intrusions into corporate computer systems, with costs worldwide climbing to roughly $20 billion each year.

Alan Paller, director of the SANS Institute, said hackers have in the past two years successfully penetrated and extorted multiple utility companies that use SCADA systems.

“Donahue would not have said it publicly if he didn’t think the threat was very large and that companies needed to fix things right now,” he told The Washington Post.

A CIA spokesperson declined to provide additional details, saying that “the information that could be shared in a public setting was shared.”

Meanwhile, on January 17, the US Federal Energy Regulatory Commission (FERC) approved eight new mandatory critical infrastructure protection reliability standards to protect the nation’s bulk power system against potential disruptions from cyber security breaches.

The eight standards address topics that include Critical Cyber Asset Identification; Security Management Controls; Personnel and Training; Electronic Security Perimeters and Physical Security of Critical Cyber Assets.

Systems Security Management; Incident Reporting and Response Planning and Recovery Plans for Critical Cyber Assets are the remaining three standards.

The mandatory standards require certain users, owners and operators of the bulk power system to setup policies, plans and procedures that maintain physical and electronic access to control systems.

This article is featured in:
Internet and Network Security

 

Comment on this article

You must be registered and logged in to leave a comment about this article.

Terms & Conditions |Privacy |Website Design|Reed Exhibitions. All rights reserved. Copyright © 2012