Meet the Bloggers

Vaune Carr, Principal Consultant, BT Global Services

Rob Jamison, Manager, Network Intelligence, Managed Security Solutions Group, BT Global Services

Jill Knesek, Chief Security Officer, BT Global Services

Sushila Nair, Product Manager, Managed Security Solutions Group, BT Global Services

Ben Rothke, Senior Security Consultant, BT Global Services

Pete Russo, Senior Marketing Manager, BT Global Services

Bruce Schneier, Chief Security Technology Officer, BT Global Services

Ray Stanton, Global Head of BT’s Business Continuity, Security & Governance Customer Capability Unit

Jim Tiller, Vice President, Security Professional Services, North America, BT Global Services

Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

Twitter Blogroll About BT

SecureThinking

Thursday, July 22, 2010

Is a hack into our nation’s domestic infrastructure possible?

By Toby Weir-Jones, Vice President of Product Development, Managed Security Solutions Group, BT Global Services

The National Security Agency recently unveiled a program to help secure the networks of crucial domestic infrastructure, including the networks of electrical companies and nuclear power plants. Called “Perfect Citizen,” the program is geared to bring attention to the possibility of grid hacking.

Interestingly, a recent Wired article asked, “…if it’s so easy to turn off the lights using your laptop, how come it doesn’t happen more often?”  According to the article (“Hacking the Electric Grid? You and What Army?” (July 13, 2010):

Your average power grid or drinking water system isn’t analogous to a PC or even to a corporate network. The complexity of such systems, and the use of proprietary operating systems and applications that are not readily available for study by your average hacker, make the development of exploits for any uncovered vulnerabilities much more difficult than using Metasploit.

To start, these systems are rarely connected directly to the public Internet. And that makes gaining access to grid-controlling networks a challenge for all but the most dedicated, motivated and skilled — nation-states, in other words.

Let’s pretend for a moment that hackers were planning to attack the U.S.  What would they need to do to gather enough information necessary to take out the electrical power in key parts of the country?  They don’t want to fiddle at the edges, mind you.  They want to have enough data to build the technical capability necessary to shut out the lights in Washington or New York or California at precisely the time and for exactly the duration they want.

For starters, they would need to know things like:  Where are the power plants?  What kind of plants are they? What sort of fuel do they use?  Who built them and when?  What sort of materials and technology were used when they were built?  Who manufactured the generators, turbines and other key equipment?  Whose SCADA software are they running?  Who runs the plants?  How does fuel, people, supplies get into or out of the plant? What sort of security do they have?  And perhaps most importantly: which plants supply power to which parts of the country?

While the Wired article included a lot of questions that are interesting, we ask: Are foreign attacks on our nation’s crucial infrastructure possible?  Our answer is absolutely. This is a real security threat and one that shouldn’t be taken lightly.

In fact, The New York Times reported last week that a new virus targets the computers used to manage large-scale industrial control systems used by manufacturing and utility companies. While the SCADA systems that run the software are not typically connected to the Internet, this specific virus spreads when an infected USB stick is inserted in the computer.

To assist these organizations, BT Managed Security Solutions Group offers a multi-layered, holistic approach to secure critical network infrastructure (CNI) and organizational monitoring. This offering enables any organization to have a view of its security posture as it relates to its critical infrastructure (substations, control centers, energy management systems) and its interconnectivity with the organization.

With a holistic approach, the footprints of an attack may be discovered across multiple systems or even across multiple operating areas.  As organizations merge to achieve economies of scale, disparate geographic operating regions become interconnected via common enterprise environments.  

In today’s regulatory-driven environment, an organization must consider its entire critical infrastructure – from the substation to the control center and out to the enterprise network – when making security monitoring decisions.

The fast and accurate detection of security-related events is an organization’s first line of defense against security intrusions.  This can only be achieved through a holistic solution that provides enterprise-wide security by aggregating and correlating information from both critical network infrastructure and enterprise networks, providing organizations transparency into their security posture.

Posted at 3:04 PM
Tags: , , , , , , , ,

Bookmark and Share

Leave a Reply

subscribe - log in