On Jan. 22, 2008, the CIA reported that hackers had caused a power outage that ended up affecting multiple cities outside the United States. There was no announcement of responsibility, but there was evidence that an extortion attempt had been made by the hackers who gained control of the power infrastructure. Officials suspect that inside information would have been necessary to pull off the attack, but no suspects have been named or arrested.
CIA: Cyberattack caused multiple-city blackout (News.com)
On Jan. 17, 2008, the Federal Energy Regulatory Commission approved eight standards intended to keep the U.S. power grid safe from cyberattacks, this list included identifying and physically securing cyberassets, training personnel, and planning for recovery of critical cyberassets. The Air Force alone has plans for 5,000 to 10,000 workers in its “Cyber Command” office by October of 2008. Even the civilian world is not immune to infrastructure concerns, as FAA officials fear the possibility of hackers intercepting and perhaps manipulating the data stream between the new Boeing 787 Dreamliner and ground stations.
Group Defines Cyberattack Prevention Rules for U.S. (PC World)
Head of Air Force Cyber Command discusses new role, cyberattack defenses (Network World)
FAA worries on-board Net opens jets to cyberattack (USA Today)
I always figured that critical infrastructure installations were kept off of the commodity Internet and not allowed to connect except through privately-leased lines, until I read a recent report (which I can’t find at the moment) that many pieces of critical national infrastructure were put onto unsecured networks to keep costs down and as testbeds for future applications.
In my opinion, critical infrastructure elements for things like the power grid should remain off of the Internet, despite the higher costs involved in the leased lines. No matter what security has been implemented, eventually it can be compromised, leading to attacks that may severely affect millions. What do you think needs to be done to protect these infrastructure elements?