Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"very good"
on Akonix RogueAware
by abc | Oct 13, 2008 7:42 PM
 
"It sounds very good if it lives up to the statements"
on Kaspersky sends SOS to crack 1024 bit encryption key
by John Williams | Oct 11, 2008 11:57 AM
 
"Any good log system is going to be modular (separate from the web site itself), and more than ..."
on Popular porn site hacked by prudes
by Russ | Oct 9, 2008 7:21 PM
 
"Good"
on Yahoo patches Messenger ActiveX control flaws
by Francis Ayitey | Oct 6, 2008 10:48 AM
 
"With regard to the battle against cybercrime, Kaspersky Labs, the creator of the famous and ..."
on Eugene Kaspersky on the cybercrime arms race
by Mr. Anonymous | Oct 4, 2008 9:08 AM
Smart Cards Tokens

Homeland Security warns on US power threat

  • Email a Friend
  • Print Page
Homeland Security warns on US power threat
Related Articles
By Andrew Charlesworth
Jul 31, 2007 9:13 AM
Tags: Homeland | Security | warns | on | US | power | threat
Surprisingly for a document dealing with automated systems as opposed to data networks, it includes recommendations about protection against spam and social engineering, threats not normally associated with control systems.

Security firm Verisign expressed fears in its most recent weekly iDefense security bulletin that "so many of the problems that some hoped would either never migrate from the IT world into the control system world (social engineering, spam, etc) or be so rare as to be negligible, are apparently sufficient enough threats to be viewed as issues of concern for control systems."

Many of the recommendations in the Catalog of Control System Requirements (draft) July 2007 (PDF) report describe basic cyber-security measures.

These include installing antivirus software and ensuring that DNS is not used for control systems to protect against denial of service attacks.

Other recommendations include not using VoIP, IM, FTP, HTTP and file sharing on control systems.

The document also emphasises that remote updates for antivirus software are performed when the control system is offline, ie disconnected from the equipment it controls.

The draft Catalog was drawn up in consultation with the National Institute of Standards and Technology and four National Laboratories, which are effectively regional scientific arms of the US Department of Energy, often operated by private companies or major universities. These are Argonne, Idaho, Pacific Northwest and Sandia.

While the high level of cooperation is welcomed by the security sector, it highlights the growing fear that physical or cyber-attacks on the power infrastructure could cause enormous harm to the US.

Since its inception on 20 September 2001 in the wake of 9/11, the DHS has been granted enormous powers and has been growing in influence.

Although the recommendations of the draft Catalog are not intended to be legally binding, the fact that it has been issued by the DHS means that its recommendations will carry considerable weight for those responsible for the security of power generation and distribution installations.

Copyright © 2008 vnunet.com

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
 
Access Control Whitepapers
 
Popular Tags
blink browser cisco computing control device endpoint enterprise gartner gfi information major mobile network security sophos threat virus warns web