Print 10 comment(s) - last by Reclaimer77.. on Apr 19 at 7:18 PM

The U.S. and UK governments have invested billions over the last few years in spying on their citizens (so called "domestic surveillance" programs).  (Source: 911 Visibility)

Unfortunately, they haven't been putting anywhere near as much effort into safeguarding vital U.S. infrastructure like power, gas, and water.  (Source: U.S. Dept. of Labor)

Three quarters of U.S. advisors on a recent panel thought a catastrophic cyberattack would strike the U.S. within two years, due to the nation's weak defenses.  (Source: WTL Firm)
Hackers from Russia, China, and elsewhere target U.S.; defenses are weak even as domestic spying efforts soar

The U.S. recently was accused of unleashing the Stuxnet worm, a virus capable of affecting a variety of industrial systems.  The worm sought to make its way through systems at Iran's Bushehr or Natanz nuclear facilities -- and apparently it succeeded, doing major damage to these systems, once it infected them.

In the process, the worm infected approximately 40 percent of utilities' computers worldwide.  Some speculate the worm's authors underestimate the number of industrials systems it would infect or how far outside Iran it would spread. 

U.S. cybersecurity expert Stewart Baker, a former US national security advisor to President George W Bush, describes in an interview with BBC News, "It probably didn't result in any obvious interference with the systems, because it wasn't designed to do that. But the fact that it spread so widely and could have done so if it had been differently designed is very, very troubling if you are worried about cyber attacks by hostile nations or extortion attempts by well organized criminal gangs."

Cybersecurity experts are concerned about a growing number of attacks on critical infrastructure.  And the U.S. is not alone in being suspected of conducting attacks on other nations' infrastructure.  Russia and China are both suspected of targeting critical foreign infrastructure, including U.S. utilities, with cyber-attacks.

In a 2009 survey by security firm McAffee (a division of Intel Corp. (INTC)) only half of utilities reported their networks were being targeted by hackers.  By last year [press releasePDF] that number rose to 8 out of 10.  The survey polled 200 IT executives working for utility companies in 14 countries.

The vast majority of attacks affected the websites of utilities.  Most did not succeed in penetrating actual critical systems, as the Stuxnet worm did.  Still the attacks give cause for concern.  

Mr. Baker says that an upcoming distributed denial of service attack (DDoS) has a very real possibility of causing much more serious damage in the near future.  He comments, "We asked what the likelihood was of a major attack that causes significant outage. That is one that causes severe loss of services for at least 24 hours, loss of life or personal injury or failure of a company. Three quarters thought it would happen within the next two years."

McAffee's 2010 survey also asked customers how much support they received from their government.  It found that the Japanese government ranked highest in the support it provided, followed by China and the United Arab Emirates.  The United States score very low and its close ally Britain scored even worse, receiving the very lowest mark.  

In short, the U.S. and British governments aren't doing much to protect their nations' businesses even in the face of serious attacks on critical infrastructure.

Both nations have promised to reevaluate their cybersecurity efforts in statements.  However, those promises might be familiar.  In recent years both the U.S. and Britain have released constant promises that they will "try harder" when it comes to cybersecurity.  While both nations dramatically expanded their domestic surveillance programs, their efforts to fight foreign attacks have been weak at best.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Raiders12 on 4/19/2011 9:49:06 AM , Rating: 2
Wait, the same businesses our politicians get nice gentle back rubs and generous contributions aren't being protected by the same govt? So who is really looking out for who? The politicians don't care about the constiuents, business, or national security? Surprise, the jokes always on us.

RE: Hypocrits?
By amanojaku on 4/19/11, Rating: 0
RE: Hypocrits?
By Raiders12 on 4/19/2011 10:14:44 AM , Rating: 3
It kind of goes into the grey area of too much govt and free business. When it affects national security and the sovereignty of our nation, then it is the Govt's job, free market or not.

RE: Hypocrits?
By knutjb on 4/19/2011 11:00:37 AM , Rating: 2
But we have no trouble enacting energy efficiency policy on the power grid. They are doing some improvements, woefully too little.

The political interest is on where the power comes from and how "green" it is. That is forcing far greater expense than security controls.

RE: Hypocrits?
By spread on 4/19/2011 11:29:31 AM , Rating: 2
When it affects national security and the sovereignty of our nation, then it is the Govt's job, free market or not.

Pretty sure they used that excuse for the bank bailouts and look how that turned out.

RE: Hypocrits?
By WoWCow on 4/19/2011 4:28:06 PM , Rating: 2
Mixed result; all the government did was pretty much stuff the bloated bureaucracy and market with cash and stemming the tide of a massive market crash that would have forced more people out of homes.

The problem is the banks with the bundled wads of cash isn't lending them out to people who needs them.

No, I don't agree with the bailout still to this day but this is a different issue.

Money/economics support the development & maintenance of critical structures such as electricity and water.

You take away electricity and I'm pretty sure we'll be back to the 19th century at best. Take away water and we'll be back to an era without consistent clean water supply --- That is from the dark ages to pre-industrial revolution. The lack of clean water is really a big worrisome issue last I heard.

RE: Hypocrits?
By Reclaimer77 on 4/19/11, Rating: 0
RE: Hypocrits?
By stirfry213 on 4/19/2011 12:18:04 PM , Rating: 2
I think you comment is incredibly slighted and short sighted. If all we used electricity for was to power our Nissan LEAF and our iPods, then I would agree. However, this is truely a matter of local, state, and national security.

With government ran, owned, and/or overseen utilities, I think it is very prudent for all levels of government to not only be worried, but be directly involved with the security of these entities.

We are talking about systems that are at the very heart of how this country survives. If you were to take out many hundreds of square miles of electricity, gas, etc, it would cripple government capabilities on all levels. This issue makes us weak and vulnerable.

Unfortunately, our government is much better at being reactive, than proactive. We will wait until some critical failure happens. Then the politicians will get a blank check because of public outcry. Then and only then will anything happen.

RE: Hypocrits?
By WoWCow on 4/19/2011 5:05:10 PM , Rating: 3
I don't know what the intent of your comment is, but I'll bite and give it my answer(s).

Why would politicians protect businesses from technical assaults? It's up to the businesses to supply their own protections. I'm not thrilled with the government, which has its own security problems, offering "technical assistance" to companies that should have had these protections in place already. If anything, the politicians "protected" them by looking the other way, when any fool could have told you cyber threats would be problematic.

1. Government exists to protect the people and the property of the people they are responsible for (AKA Tax payers/Donors).

2. You may not be thrilled about the government rendering their service to companies, but would you be thrilled if the said companies didn't render their services to the people and the government? It is a complicated exchange of services.

3. I suppose the 'looking the other way' you meant government sanction of monopoly and oligarchy. Yes, this is despicable as it deprives the people (the government is responsible for) their personal and economic freedom to choose.

But here's one solution: get off the damn Internet. These companies make enough money that they can use private lines to exchange information between sites and companies, like the banks do. We're talking small amounts of data here; it's not like you need optical fiber with 10Gbit interfaces everywhere. And use encryption, firewalls, IDS/IPS, etc... These are standard items for any network.

1. I apologize, but I do not understand who you would want to get off the internet - where exchange of information takes place freely and quickly. Companies rely on the internet now to reduce cost and maximize profit.

2. Certainly, those companies can develop private lines - but who to develop and how to build it is another issue. Even the banks adhere to the government(s) and their laws last I recall. And in certain cases, governments ignore/sanction attacks on banks.

3. Evidently, critical structures responsible for millions of lives is a small amount of data to you. If you need to be reminded, some of the power structures in the US dates back to the early to mid 20th century - completely upgrading them is prohibitively expensive to local government and utility companies. A critical issue here is how and where can you get the money and transition procedure in place without bureaucracy and money.

A rose by any other name
By drycrust3 on 4/19/2011 2:24:28 PM , Rating: 2
In the process, the worm infected approximately 40 percent of utilities' computers worldwide.

What I find interesting about this is I think this is the first time I've read that the Stuxnet virus has had much more serious impact around the world than was previously thought.
My understanding is the Stuxnet virus NEEDS the Windows operating system, famed for its insecurity, so it can attack the Seimens PLCs used in the plant. Maybe I'm wrong, but wouldn't using an operating system other than Windows, e.g. a Linux distribution (which is free to download and doesn't require licence fees), thwart the Stuxnet virus?
I was speaking to an American some months ago and he said he believed the Stuxnet virus had affected the machines in the company he worked for. If what he said is correct, then maybe the Stuxnet virus is even more widespread than is stated here.
Not wanting to be unnecessarily alarmist, but what happens if the Stuxnet virus finds no PLCs? Does it delete itself or just hide away until the computer is shifted to a different network where there might be PLCs?
In a 2009 survey ... half of utilities reported their networks were being targeted by hackers.

It seems to me there are two issues here: 1) the Stuxnet virus is much more widespread and doing more damage than supposedly the writers expected; and 2) Hackers are attempting to access the networks of American companies.
The only saving grace in all this would seem to be that those hackers that are being detected haven't got hold of what makes the Stuxnet virus tick, because if they had then they wouldn't have been detected.

"Vista runs on Atom ... It's just no one uses it". -- Intel CEO Paul Otellini

Most Popular ArticlesTop 5 Smart Watches
July 21, 2016, 11:48 PM
Free Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki