Homeland Security warns on US power threat

By

The US Department of Homeland Security (DHS) has set out security requirements for automated control systems, principally in the power industry, to protect installations against physical and cyber-attacks.

Homeland Security warns on US power threat
Surprisingly for a document dealing with automated systems as opposed to data networks, it includes recommendations about protection against spam and social engineering, threats not normally associated with control systems.

Security firm Verisign expressed fears in its most recent weekly iDefense security bulletin that "so many of the problems that some hoped would either never migrate from the IT world into the control system world (social engineering, spam, etc) or be so rare as to be negligible, are apparently sufficient enough threats to be viewed as issues of concern for control systems."

Many of the recommendations in the Catalog of Control System Requirements (draft) July 2007 (PDF) report describe basic cyber-security measures.

These include installing antivirus software and ensuring that DNS is not used for control systems to protect against denial of service attacks.

Other recommendations include not using VoIP, IM, FTP, HTTP and file sharing on control systems.

The document also emphasises that remote updates for antivirus software are performed when the control system is offline, ie disconnected from the equipment it controls.

The draft Catalog was drawn up in consultation with the National Institute of Standards and Technology and four National Laboratories, which are effectively regional scientific arms of the US Department of Energy, often operated by private companies or major universities. These are Argonne, Idaho, Pacific Northwest and Sandia.

While the high level of cooperation is welcomed by the security sector, it highlights the growing fear that physical or cyber-attacks on the power infrastructure could cause enormous harm to the US.

Since its inception on 20 September 2001 in the wake of 9/11, the DHS has been granted enormous powers and has been growing in influence.

Although the recommendations of the draft Catalog are not intended to be legally binding, the fact that it has been issued by the DHS means that its recommendations will carry considerable weight for those responsible for the security of power generation and distribution installations.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
homelandonpowersecuritythreatuswarns

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?