critical infrastructure

A Democrat-backed cybersecurity measure that the Obama administration calls necessary to protect the nation's infrastructure was blocked by Republicans opposed to what they considered to be undue regulation.

The Cybersecurity Act of 2012 needed 60 votes to move to a vote by the full Senate, thanks to a Republican filibuster of the measure. It mustered only 52 votes in favor, which in the Senate's upside down world allowed a minority of 46 opponents to defeat the measure. The vote mostly fell along party lines, according to Bloomberg. Senate Democrats had hoped to have a vote on the measure … Read more

Two U.S. senators are calling for a federal investigation of the power grid's potential cybersecurity vulnerabilities after a CNET article last month raised security concerns.

The request for a probe comes from Sens. Joseph Lieberman (I-CT), the chairman of the Senate Homeland Security Committee, and Susan Collins (R-ME), the panel's senior Republican, who warned that lapses "could undermine part of the security system protecting our grid."

They sent a letter yesterday to the Federal Energy Regulatory Commission asking for an "expeditious comprehensive investigation into these allegations," which deal with digital signatures the industry … Read more

Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, the chairman of an industry standards group warns.

Jesse Hurley, co-chair of the North American Energy Standards Board's Critical Infrastructure Committee, says the mechanism for creating digital signatures for authentication is insufficiently secure because not enough is being done to verify identities and some companies are attempting to weaken standards to fit their business models.

"These certificates protect access to control systems," Hurley told CNET. "They protect access to a $400 billion market. They protect access … Read more

U.S. gas pipeline operators have been targeted in sophisticated phishing attacks since at least December, with the Department of Homeland Security helping firms deal with the incidents since March, the DHS and an industry expert said.

"DHS's Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," DHS spokesman Peter Boogaard said in an e-mail sent to CNET today.

"The cyber intrusion involves sophisticated spear-phishing activities targeting … Read more

A twentysomething hacker said today that he hacked into a South Houston water utility to show that it can easily be done, after U.S. officials downplayed the risks from a report yesterday of an intrusion at an Illinois water plant.

The hacker, using the alias "pr0f," said he has hacked other SCADA (supervisory control and data acquisition) systems too.

He tweeted on November 5 links to public posts with what he identified as PLC configurations for a Polish waste-water treatment plant; SCADA data from an HMI (human-machine interface) box possibly for a generator used for research purposes … Read more

LAS VEGAS--Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status&… Read more

Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly.

"We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information."

Beresford said he and independent researcher Brian Meixell planned on … Read more

The U.S. government is warning critical-infrastructure operators of a serious hole in software used in oil and gas; water; electric utilities; and manufacturing plants around the world.

The stack overflow vulnerability affects the Genesis32 supervisory control and data acquisition (SCADA) and BizViz software sold by ICONICS, according to an advisory (PDF) released yesterday by the Department of Homeland Security's ICS-CERT (Industrial Control Systems Cyber Emergency Response Team). ICONICS has issued a patch to close the hole, which could allow an attacker to remotely execute code and take control of the computer.

Meanwhile, an exploit targeting the vulnerability was … Read more

Cyber attacks on critical infrastructure companies are on the rise, with a jump in extortion attempts and malware designed to sabotage systems, like Stuxnet, according to a new report.

While attacks are increasing, many companies aren't doing enough to protect their systems and are instead rushing to adopt new technologies--such as Smart Grid--without ensuring they adequately secure against cyber attacks, concludes "In the Dark: Crucial Industries Confront Cyberattacks."

The report, due to be released on Tuesday, was commissioned by McAfee and written by the Center for Strategic and International Studies (CSIS). It includes results from an electronic … Read more