Computers and electronics run our infrastructure and our world. Electronic signals support generation, transmission, and distribution of power that keeps our lights on and the water coming out of our taps. They also support the entire global industrial manufacturing infrastructure. They are so ubiquitous that at a recent industry conference, a top cyber agent at the FBI was quoted as saying, "Computers are everywhere. Most of you drove here in one."
Consider then the importance of availability and reliability of those electronic, or "cyber," systems that connect and, in some cases help to operate, critical infrastructure. Computers manage such important infrastructure as:
- Water distribution and wastewater collection systems
- Oil and gas pipelines
- Electrical utility transmission and distribution
- Rail and other public transportation
These systems are often interconnected and interdependent. Remember the power blackout in 2003 that started with one power station in Ohio, and eventually spread to darken seven US states and half of eastern Canada? It was caused by a cascading failure that impacted more than 508 generating units at 265 power plants, including 22 nuclear power plants. Power blackouts don't just affect the electricity to homes and retail businesses.
Outages also impact: - Oil and gas production
- Refinery operations
- Water treatment systems
- Wastewater collection
- Pipeline transportation systems
- Rail and most public transportation systems
Many of the companies who operate these critical infrastructure systems are now connecting them to their internal corporate networks, but without the customary security procedures that we are used to deploying in the typical IT environment. The purpose of this paper is to address the issue of cyber security currently lacking in control system environments today and the reasons behind these vulnerabilities. This document describes some actual events that demonstrate current control system vulnerabilities. This paper also discusses how an Internet Reputation Intelligence (a trusted Internet reputation system that augments the protection of all cyber systems) creates a proactive security model for control systems where other, traditional and reactionary, technologies fall short.
(PDF, 16 pages)
Posts
No comments:
Post a Comment