In a recent ?annual?review, a team at the Department of Homeland Security that works to counter ?the threat of cyberattacks ?on critical infrastructure counted 198 ?incidents? in fiscal 2012. The events reported ranged from the use of malware to sabotage systems to phishing attacks for retrieving ?sensitive information. In roughly 40 percent of those cases, the target was the energy sector ? ?an alarming rate,? the report said.
Last year the Obama administration championed passage of a ?Cybersecurity Act, which would have made it easier for companies that operate critical infrastructure to improve the security of their computer systems and to share information about attacks on their networks with the federal government. ?But Senate Republicans succeeded in fending off the bill last August, arguing that it would have imposed a financial burden on companies.
In November, a White House draft executive order ?picked up the baton by calling for concerted agency action on the issue.
The order describes cyberattacks on critical infrastructure, which have risen exponentially over the last five years, as ?one of the most serious national security challenges we must confront.? Last year, for example, the natural gas industry fought off a lengthy and ultimately unsuccessful series of attacks on its pipeline infrastructure, with the Department of Homeland Security issuing three amber alerts, the second-most serious level of warning.
The Transportation Security Administration wields authority over pipeline security but has yet to promulgate industry-wide standards for cybersecurity. The agency relies instead on the voluntary adoption of best practices by industry.
Pipeline vulnerability is a particular concern because of the ubiquity of supervisory control and data acquisition, or Scada, software systems, which are used to monitor variables like pressure and flow rates. Pipeline operators can respond to any unexpected changes through remote management of valves, pumps and compressor stations.
But, like any software, Scada systems are susceptible to hacking and viruses. The Stuxnet computer worm, designed jointly by the United States and Israel to attack Iran?s main nuclear enrichment facility in 2008, is a prime example of how such attacks can disrupt and destroy physical infrastructure. In the case of pipelines, the attacks could come in the form of unauthorized commands or false reports to operators, resulting in spills, fires or explosions.
Investigators have so far not linked any historical pipeline problems to malicious cyberactivity, but software malfunctions have illustrated the potential threat.
In the summer of 2010, problems in a Scada control center contributed to the spill of more than one million gallons of crude oil outside the small town of Marshall, Mich. Coursing through local waterways, the oil made its way into the Kalamazoo River and now ranks as one of the largest inland spills in the nation?s history.
Debate over cybersecurity regulation remains fiercely split along party lines, with Senate Republicans casting ?40 of the 46 nay votes against last year?s Cybersecurity Act. A recent letter from Congressional Republicans to the president attacked his draft order as a ?backdoor regulatory framework.?
One of the central concerns of those who oppose cybersecurity standards is that the ?threats morph ?too quickly for notoriously slow bureaucrats to keep up with.
In Canada, however, the National Energy Board published regulatory standards for pipelines in 2010 after a three-year rulemaking process that drew heavily on industry expertise. The regulation was motivated by security assessments in 2004 and 2005 that exposed a ?security vacuum ?at companies across the country.
?Industry had input all through development of the standard,? said Wes Elliott, technical leader for security at the National Energy Board. ?It proved a commonsense approach that has worked well for us.?
All Canadian pipeline operators must now devise management plans to meet certain performance standards. Field visits by personnel from the National Energy Board are used to confirm that the management plans are put into action.
Regardless of the prospects for federal cybersecurity regulation, ?the managers ?of pipelines in the United States faces severe resource constraints: the equivalent of only 13 full-time employees in the Transportation Security Administration are responsible for overseeing nearly 1.5 million miles of pipeline.
In a letter last year to Senate majority and minority leaders, security experts ?including ?former directors of the National Security Agency and Department of Homeland Security warned of ?the imminent danger of a ?cyber 9/11.?
?It is not a question of ?whether? this will happen,? they wrote. ?It is a question of ?when.? ?
Samantha Steele Dec 21 2012 doomsday Is The World Going To End Mayans camilla belle NASA
কোন মন্তব্য নেই:
একটি মন্তব্য পোস্ট করুন