criticism

Federal regulators charged with overseeing the reliability of the electrical grid expressed concerns about proposed cybersecurity standards and warned that existing law may not protect "against fast-moving cybersecurity threats."

Yesterday's statement from the Federal Energy Regulatory Commission came in a response to pointed questions from two senators, Joseph Lieberman (I-CT), the chairman of the Senate Homeland Security Committee, and Susan Collins (R-ME), the panel's senior Republican. The senators made their inquiries in July, a few weeks after CNET published an article on the topic.

Lieberman and Collins had asked for an "expeditious comprehensive investigation" … Read more

A Democrat-backed cybersecurity measure that the Obama administration calls necessary to protect the nation's infrastructure was blocked by Republicans opposed to what they considered to be undue regulation.

The Cybersecurity Act of 2012 needed 60 votes to move to a vote by the full Senate, thanks to a Republican filibuster of the measure. It mustered only 52 votes in favor, which in the Senate's upside down world allowed a minority of 46 opponents to defeat the measure. The vote mostly fell along party lines, according to Bloomberg. Senate Democrats had hoped to have a vote on the measure … Read more

Two U.S. senators are calling for a federal investigation of the power grid's potential cybersecurity vulnerabilities after a CNET article last month raised security concerns.

The request for a probe comes from Sens. Joseph Lieberman (I-CT), the chairman of the Senate Homeland Security Committee, and Susan Collins (R-ME), the panel's senior Republican, who warned that lapses "could undermine part of the security system protecting our grid."

They sent a letter yesterday to the Federal Energy Regulatory Commission asking for an "expeditious comprehensive investigation into these allegations," which deal with digital signatures the industry … Read more

It's no secret we're big fans of backups. Frequent and thorough, data and system, partial and full; we just can't get enough of them (is that possible?) but our enthusiasm is based on hard-won experience. NCH's FileFort Backup Software is a free backup utility that creates full and incremental backups. It doesn't create a system image, so it's not a substitute for a full backup solution that can completely restore your system to a new disk, if necessary. It protects your critical data from damage or loss on a regularly scheduled basis, quickly and … Read more

Security technology used by U.S. electric utilities is flawed and could increase the odds of computer intrusions or sabotage, the chairman of an industry standards group warns.

Jesse Hurley, co-chair of the North American Energy Standards Board's Critical Infrastructure Committee, says the mechanism for creating digital signatures for authentication is insufficiently secure because not enough is being done to verify identities and some companies are attempting to weaken standards to fit their business models.

"These certificates protect access to control systems," Hurley told CNET. "They protect access to a $400 billion market. They protect access … Read more

LOS ANGELES--As E3 2012 shuts its doors, we're not entirely sure we ever want them to open up again. Scott and Jeff spent a day going to press conferences and two full days on the show floor. It wasn't pretty and what follows is a brutally honest take on the show.… Read more

U.S. gas pipeline operators have been targeted in sophisticated phishing attacks since at least December, with the Department of Homeland Security helping firms deal with the incidents since March, the DHS and an industry expert said.

"DHS's Industrial Control Systems Cyber Emergency Response Team has been working since March 2012 with critical infrastructure owners and operators in the oil and natural gas sector to address a series of cyber intrusions targeting natural gas pipeline companies," DHS spokesman Peter Boogaard said in an e-mail sent to CNET today.

"The cyber intrusion involves sophisticated spear-phishing activities targeting … Read more

A twentysomething hacker said today that he hacked into a South Houston water utility to show that it can easily be done, after U.S. officials downplayed the risks from a report yesterday of an intrusion at an Illinois water plant.

The hacker, using the alias "pr0f," said he has hacked other SCADA (supervisory control and data acquisition) systems too.

He tweeted on November 5 links to public posts with what he identified as PLC configurations for a Polish waste-water treatment plant; SCADA data from an HMI (human-machine interface) box possibly for a generator used for research purposes … Read more

LAS VEGAS--Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

Acknowledging that he wouldn't click on any link results to avoid breaking the law by accessing a network without authorization, researcher Tom Parker typed in some search terms associated with a Programmable Logic Controller (PLC), an embedded computer used for automating functions of electromechanical processes. Among the results was one referencing a "RTU pump status&… Read more