UPI.com Reports Cyber Vulnerabilities for Water Systems

The information below was reported in the March 28 edition of UPI.com.

LOS ANGELES, March 28 (UPI) — Poor security has left U.S. electrical grids, pipelines, chemical plants and other infrastructure vulnerable to the threat of cyberattacks, experts say.

When a Southern California water utility wanted to test the security of its computer networks it hired Los Angeles hacker Marc Maiffret to have at it, the Los Angeles Times reported Monday.  In one day, Maiffret’s team was able to control the equipment responsible for adding chemicals to the drinking water.  The problem, Maiffret discovered, was the gaping security hole left by county employees logging into the network through their own home computers.  A few mouse clicks could have left the county’s water supply undrinkable for millions, the Times reported.  “There’s always a way in,” said Maiffret, who declined to identify the water system for its own protection.

The weaknesses he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.  Similar control systems vulnerable to the kind of hacking Maiffret was able to do also process electrical grids, pipelines, chemical plants and other infrastructure.  Designed in a more innocent age, those systems are exposed to cyberattacks with the overwhelming potential to cut power to large sections of the country, crash planes, erase bank data and blow up city blocks.

U.S. authorities say China, for example, already has managed to insert hidden malware in the national power grid and other systems that could be activated any time with devastating effect.  “If a sector of the country’s power grid were taken down, it’s not only going to be damaging to our economy, but people are going to die,” said Rep. Jim Langevin D-R.I., who has played a lead role on cybersecurity as a member of the House Intelligence Committee.

CIA Director Leon E. Panetta told Congress he worried about a cyber Pearl Harbor. Yet many who are concerned about cyberattacks assert an incident that large is what it will take to force Americans to awaken to the threat.  “The odds are we’ll wait for a catastrophic event,” said Mike McConnell, former director of National Intelligence and cybersecurity specialist, “and then overreact.””

Earlier this morning (March 30), in a news radio interview in Washington, DC, former DHS Secretary Michael Chertoff agreed that the tenets of effective cybersecurity are poorly understood.  He noted, however, that the attack threat is more likely to come from terrorists rather than other nation states such as China.  Those nations would hesitate to take such actions since similar malware insertions could be easily achieved…rather like a water standoff.

 

Advertisements

Comments are closed.