Could we be hacked back in time?

Friday - 4/10/2009, 1:21pm EDT

Greg Garcia

Looking at real threats in an ether-based world

Download mp3

By Suzanne Kubota
Senior Internet Editor
FederalNewsRadio.com

The news earlier this week about a potential attack on America's electric grid are raising questions about vulnerabilities throughout the system.

FederalNewsRadio asked Greg Garcia, president of Garcia Strategies and former Assistant Secretary of Cybersecurity and Telecommunications at the Department of Homeland Security, if the "news" is much ado about nothing.

"This is where cyber exploitation penetrates our physical security," says Garcia. "It is a new form of wargame, if you will, and we need to be more vigilant."

Garcia is careful to note that the vulnerability isn't just in the electrical grid: it's everywhere.

I think the electrical grid is vulnerable, and it's not just the electric grid. It is all of our critical infrastructures that rely on digital control systems. It is very simply the valves and switches that control any kind of process such as:

  • electrical power generation and distribution,
  • chemical manufacturing,
  • water purification,
  • transportation services.

Many of our critical infrastructures rely on these systems that are increasingly interconnected with their corporate networks, and their corporate networks are connected to the internet. So there you have a portal though which hackers are able to get into a corporate network, worm their way to the critical infrastructure - the power substations, the chemical plants, et cetera - and alter the settings of those valves and switches to corrupt the system or to bring it down.

The private sector is pushing back a bit about proposed legislation which would put authority over the security of both government and private networks in the hands of the federal government. Garcia says the grumbling isn't just about money.

The objection is cost and the objection is endemic doubt about the government to be able to devise a standard that is a) effective and b) is not counterproductive. You can actually impose security standards that can cause other systems within a network to break, so we have to be very careful about that; about devising standards that, it isn't necessarily the most security that's important, but the best security, and the most security can actually cause other software systems, operating systems, to fail.

As of this writing, bills S 778, which would establish an Office of National Cybersecurity Advisor within the Executive Office of the President, and S 773, "The Cybersecurity Act of 2009", have both been referred to Senate committees.

-----
On the Web:

Center for Strategic and International Studies - Securing Cyberspace for the 44 Presidency

(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)