In a recent ?annual?review, a team at the Department of Homeland Security that works to counter ?the threat of attacks ?on critical computer infrastructure counted 198 incidents in fiscal 2012. The events reported ranged from the use of malware to sabotage systems to phishing attacks for retrieving ?sensitive information. In roughly 40 percent of those cases, the target was the energy sector ? ?an alarming rate,? the report said.
Last year the Obama administration championed passage of a ?Cybersecurity Act, which would have helped companies that operate critical infrastructure to improve the security of their computer systems and share information about attacks on their networks with the federal government. ?But Senate Republicans succeeded in fending off the bill last August, arguing that it would have imposed a financial burden on companies.
In November, a White House draft executive order ?picked up the baton by calling for concerted agency action on the issue.
The order describes the attacks on critical infrastructure, which have risen exponentially over the last five years, as ?one of the most serious national security challenges we must confront.? Last year, for example, the natural gas industry fought off a lengthy and ultimately unsuccessful series of attacks on its pipeline infrastructure, with the Department of Homeland Security issuing three amber alerts, the second-highest level of warning.
The Transportation Security Administration wields authority over pipeline security but has yet to promulgate industry-wide standards for computer security, relying instead on the voluntary adoption of best practices.
Pipeline vulnerability is a particular concern because of the ubiquity of supervisory control and data acquisition, or Scada, software systems, which are used to monitor variables like pressure and flow rates. Pipeline operators can respond to any unexpected changes through remote management of valves, pumps and compressor stations.
But, like any software, Scada systems are susceptible to hacking and viruses. The Stuxnet computer worm, designed jointly by the United States and Israel to attack Iran?s main nuclear enrichment facility in 2008, is a prime example of how such attacks can disrupt and destroy physical infrastructure. In the case of pipelines, the attacks could come in the form of unauthorized commands or false reports to operators, resulting in spills, fires or explosions.
Investigators have so far not linked any historical pipeline problems to malicious activity, but software malfunctions have illustrated the potential threat.
In the summer of 2010, problems in a Scada control center contributed to the spill of more than one million gallons of crude oil outside the small town of Marshall, Mich. Coursing through local waterways, the oil made its way into the Kalamazoo River and now ranks as one of the largest inland spills in the nation?s history.
Debate over security regulation remains fiercely split along party lines, with Senate Republicans casting ?40 of the 46 nay votes against last year?s Cybersecurity Act. A recent letter from Congressional Republicans to the president attacked his draft order as a ?backdoor regulatory framework.?
One of the central concerns of those who oppose cyber security standards is that the ?threats morph ?too quickly for notoriously slow bureaucrats to keep up with.
In Canada, however, the National Energy Board published regulatory standards for pipelines in 2010 after a three-year rule-making process that drew heavily on industry expertise. The regulation was motivated by security assessments in 2004 and 2005 that exposed a ?security vacuum ?at companies across the country.
?Industry had input all through development of the standard,? said Wes Elliott, technical leader for security at the National Energy Board. ?It proved a commonsense approach that has worked well for us.?
All Canadian pipeline operators must now devise management plans to meet certain performance standards. Field visits by personnel from the National Energy Board are used to confirm that the management plans are put into action.
Regardless of the prospects for federal computer security regulation, ?pipeline managers in the United States face severe resource constraints: the equivalent of only 13 full-time employees in the Transportation Security Administration are responsible for overseeing nearly 1.5 million miles of pipeline.
In a letter last year to Senate majority and minority leaders, security experts ?including ?former directors of the National Security Agency and Department of Homeland Security warned of ?the imminent danger of a ?cyber 9/11.?
?It is not a question of ?whether? this will happen,? they wrote. ?It is a question of ?when.? ?
laura dekker stephen colbert south carolina seal seal and heidi klum drew peterson untouchable herman cain south carolina palmetto
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.