“What will it take for people to wake up?” I was talking with Joe Weiss yesterday. He studies control system security vulnerabilities. He also sponsors a high-level cyber security conference, the most recent iteration was held recently at Davidson University.
Press is not allowed at his event, because all talks concern very sensitive security holes and no one will talk on record about them. However, Joe told me that several incidents were reported where hackers gained access to the control system. In some cases, no one can figure out how they got into the control system itself. Evidently, control system vendors are not talking.
The usual cybersecurity experts, valuable as they are, really stop at the network level. Weiss contends that there are holes inherent within the control system itself that also need to be addressed.
He says his recent ICS Cyber Security Conference hosted the first public discussions of Aurora. Aurora is a gap in protection of the electric grid. Aurora is starting Alternating Current (AC) equipment (generators, motors, etc) out-of-phase imposing a large torque which can cause significant loss of equipment life or damage. One way Aurora can be caused is by remotely manipulating relay configuration settings.
News from Bloomberg
Within a few hours of my conversation with Weiss, I received my daily update email from Jason Calacanis’ Launch ticker. He sent me to a U.S. Senate. “U.S. Senate Republicans yesterday killed cybersecurity legislation backed by President Barack Obama, increasing prospects the White House will implement some of the bill’s provisions through an executive order.”
The article continues, “Supporters failed 51-47 to get the 60 votes needed under Senate rules to bring the bill up for passage. Republicans blocked the same measure in August, saying it would lead to more government regulation of business.
“It to some degree hardens the lines of division, which makes it more likely we’ll see an executive order rather than an attempt to revive the legislation in the near term,” Stewart Baker, a former assistant secretary for policy at the Department of Homeland Security, said in an interview.
“The only other thing that can produce legislation is a major cyber security meltdown,” said Baker, a partner at the Steptoe & Johnson law firm in Washington.
Administration officials have continued to warn about cyber threats capable of widespread damage. Defense Secretary Leon Panetta in a speech in New York last month said computer assaults by other countries or extremist groups could be as destructive as the Sept. 11 attacks.”
Joe continues to preach that utility companies have their heads in the sand regarding the cyber security threat. He continues to document breaches. This article seems to confirm it.