Cyber attacks on critical infrastructure targets. On Wednesday the Central Intelligence Agency (CIA) told an international gathering of government officials, engineers and security managers from electric, water, oil & gas and other critical industry asset owners that the CIA has information that cyber intrusions into utilities was responsible for at least three blackouts and then followed up with extortion demands. The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation’s power grid. The following are the eight areas addressed by these standards: 1. Critical cyber asset identification 2. Security management controls 3. Personnel and training 4. Electronic security perimeters 5. Physical security of critical cyber assets 6. System security management 7. Incident reporting and response planning 8. Recovery plans for critical cyber assets These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a countys critical infrastructure would have significant direct and indirect damages. Most of these damages would be…
[From More Cyber War Gouge]
