From: NetworkWorld
The Department of Homeland Security finds critical systems still lacking basic protections, despite years of warnings
By Taylor Armerding
CSO – The warnings of possible catastrophic cyberattacks on critical infrastructure in the U.S. have been issued for more than a decade. They were frequent and insistent in 2012, from high-ranking government officials and others.
Outgoing U.S. Secretary of Defense Leon Panetta warned in a speech in New York last October that cyberattacks by a hostile nation-state on critical infrastructure like transportation, water supply or the electric grid could amount to a “cyber Pearl Harbor.” He also said the U.S. was at “a pre-9/11 moment.”
It wasn’t just patriotic American officials either. A video obtained by the FBI in 2011, purportedly from al Qaeda, exhorted al Qaeda followers – the “covert Mujahidin” – who have the skill to commit “electronic jihad” — to launch cyberattacks on U.S. and other Western targets.
But the Department of Homeland Security (DHS) says that despite those warnings, the peril remains — thousands of domestic industrial control systems (ICS) remain vulnerable.
Some security experts have said that Panetta and others are going overboard with comparisons to acts of war or terror that leave thousands dead. Bruce Schneier, an author and chief security technology officer at BT, has said more than once that, “throughout history, the definition of a ‘major war’ has involved casualties in the hundreds of thousands. That means dead people.”
However, Schneier and others agree that there are real risks. And the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), which operates within DHS, said operators of ICS many times don’t even know if their systems are infected, don’t have effective security barriers in place and don’t have backups for critical systems.
The agency’s Monthly Monitor, covering October-December 2012, also reported that two researchers, “using only their wits, an extensive list of control systems related search terms, a paper clip, and the Internet-facing device search engine SHODAN,” compiled a list of about 500,000 devices with predicted control systems impact.
electronic jihad..love it!