The nation’s utilities are at risk for cyber attack, the CIA’s top cybersecurity expert, Tom Donahue, told a gathering of utility safety measure experts, The Washington Post reported that weekend. Attackers have hacked into utility companies’ computer systems overseas, in one case causing a potential outage that affected multiple cities.

“We do not know who executed these attacks or why, but all involved intrusions through the World Wide Web,” Donahue said at a trade conference in New Orleans. “We suspect, but cannot confirm, that some of the attackers had the benefit of inside knowledge.” The hackers are using the attacks to demand money from utilities.

defense experts said the CIA’s acknowledgement of the problem indicates how seriously they are taking it. CIA policy had been not to reveal such things. “The CIA wouldn’t have changed its policy on disclosure whether it wasn’t urgent,” Alan Paller, research director at the SANS Institute, told the Post. “Donahue wouldn’t have said

it publicly whether he didn’t think the threat was very large and that companies needed to fix things right now.”

Concerns not New

“These statements of threats and risks to the nation’s infrastructure are not
new,” Andrew Storms, director of defense operations for nCircle Network shield, said in an e-mail. “In private meetings with the CIA and FBI, information-security personnel have heard day and instance again that the nation’s utility systems are at risk and are a likely target by cyber attackers.”

The key concern with utility protection is centered on so-called SCADA devices, Storms said. A SCADA system is a computer that monitors real-time controls for utility systems. “These are the computers that acquire documents and control the physical workings of damns, potential plants, water-treatment systems and nearly every contemporary manufacturing plant,” Storms explained.

The problem is that utilities aren’t applying best-practices network defense to these highly networked…

Orginal post by Top Tech News