Pacific Northwest National Laboratory Report Reveals
Dramatic Increase in Cyber Threats and Sabotage on Critical Infrastructure and
Key Resources
Report,
Co-Sponsored by McAfee, Further Identifies Challenges Facing the Energy Smart
Grid
India – June 20, 2012 - The
Pacific Northwest National Laboratory (PNNL), a federal contractor to the U.S.
Department of Energy (DOE), in conjunction with McAfee, recently revealed the
findings from a report entitled “Technology
Security Assessment for Capabilities and Applicability in Energy Sector
Industrial Control Systems: McAfee Application Control, Change Control,
Integrity Control.”
For the first time, the report
fully examines the current challenges facing critical infrastructure and key
resources as well as identifying specific risks and vulnerabilities in the
evolving cyber threat landscape. It analyzes the value and effectiveness
carefully integrated security solutions necessary to support the national
security mission to secure industrial control system environments. In addition,
the big challenge for critical infrastructure and energy sector owners and
operators, as identified by the report, is how to effectively secure their
control systems within their governance and technical domains in an active and
capable advanced persistent threat environment.
“When early critical infrastructure
systems were created, neither security nor misuse of the interconnected network
was considered, said Philip A. Craig Jr, Senior Cyber Security Research
Scientist, a researcher within the National Security Directorate at the Pacific
Northwest National Laboratory. “Today, we are still focused on enhancing the
security of control systems. Outdated security methods that use a maze of
disparate, multi-vendor, and stacked security tools will only delay a cyber
attack, providing numerous opportunities for a more advanced and modern cyber
adversary to attack cyber security postures throughout critical
infrastructure.”
In the report, PNNL and the DOE
have identified the following vulnerabilities to control systems environments:
·
Increased Exposure: Communication networks linking smart grid devices and systems will
create many more access points to these devices, resulting in an increased
exposure to potential attacks.
·
Interconnectivity: Communication networks will be more interconnected, further exposing
the system to possible failures and attacks.
·
Complexity:
The electric system will become significantly more complex as more subsystems
are linked together.
·
Common Computing
Technologies: Smart grid systems will increasingly
use common, commercially available computing technologies and will be subject to
their weaknesses.
·
Increased Automation: Communication networks will generate, gather, and use data in new
and innovative ways as smart grid technologies will automate many functions.
Improper use of this data presents new risks to national security and our
economy.
The report also examines how
emerging vulnerabilities of control systems continue to accelerate. Today’s
cyber attack has evolved into a sophisticated and carefully designed
digital-weapon tasked for a specific intent, such as the Stuxnet and Duqu virus.
“Infrastructures that control
systems affecting our everyday lives, such as smart grids, are rising in
adoption yet still lack the proper security needed to prevent sophisticated
cyber attacks, “said Dr. Phyllis Scheck, Vice President and Chief
Technology Officer, Global Public Sector, McAfee. “Achieving security by
design is essential in securing critical infrastructure. Cybersecurity must be
embedded into the systems and networks at the very beginning of the design
process so that it becomes an integral part of the systems functioning.”
In addition to control systems, the
report also examines the impact of new technologies impacting the Energy sector.
As information and communication technology advances and becomes integrated into
power system operations and planning functions, smart grids are created, which
yield greater visibility into the state of the system and advancements in
control to enhance system efficiencies. Despite the significant benefits of the
dynamic nature of the power grid, it was not designed with cyber security in
mind.
The report cites the following
solutions in an effort to prevent vulnerability and mitigate attacks to control
systems:
·
Dynamic Whitelisting –Provides the ability to deny unauthorized applications and code on
servers, corporate desktops, and fixed-function devices.
·
Memory Protection – Unauthorized execution is denied and vulnerabilities are blocked
and reported.
·
File Integrity
Monitoring – Any file change, addition, deletion,
renaming, attribute changes, ACL modification, and owner modification is
reported. This includes network shares.
·
Write Protection – Writing to hard disks are only authorized to the operating system,
application configuration, and log files. All others are denied.
·
Read Protection – Read are only authorized for specified files, directories, volumes
and scripts. All others are denied
The Department of Energy’s key
objective to secure the critical infrastructure and key resources includes our
Nation’s electric generation, transmission, distribution resources, as well as
key oil and natural gas assets. The Pacific Northwest National Laboratory seeks
to continue to improve the value of security technologies as they are
implemented in these critical infrastructure and key resources areas.
About McAfee, Inc.
McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC),
is the world's largest dedicated security technology company. McAfee delivers
proactive and proven solutions and services that help secure systems, networks,
and mobile devices around the world, allowing users to safely connect to the
Internet, browse and shop the Web more securely. Backed by its unrivaled Global
Threat Intelligence, McAfee creates innovative products that empower home users,
businesses, the public sector and service providers by enabling them to prove
compliance with regulations, protect data, prevent disruptions, identify
vulnerabilities, and continuously monitor and improve their security. McAfee is
relentlessly focused on constantly finding new ways to keep our customers safe.
About Pacific Northwest National
Laboratory
Interdisciplinary teams at Pacific Northwest National Laboratory address many of America's most pressing issues in energy,
the environment and national security through advances in basic and applied
science. PNNL employs 4,700 staff, has an annual budget of nearly $1.1 billion,
and has been managed for the U.S. Department of Energy by Ohio-based Battelle
since the laboratory's inception in 1965
No comments:
Post a Comment