There has been a dramatic increase in cyber threats and sabotage on critical infrastructure and key Resources, according to a latest report by the Pacific Northwest National Laboratory (PNNL), a federal contractor to the US Department of Energy (DOE) and McAfee.
The report, Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems: McAfee Application Control, Change Control, Integrity Control, examines the present challenges facing critical infrastructure and key resources and analyses the integrated security tools required to secure industrial control system environments.
A greater challenge for critical infrastructure and energy sector owners and operators, is how to effectively protect their control systems in a persistent threat environment.
The Pacific Northwest National Laboratory National Security Directorate researcher and senior cyber security research scientist Philip A. Craig Jr said when early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered.
"Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure," he added.
PNNL and the DOE have identified that communication networks linking smart grid devices and systems have led to a rise in access points to the devices and IT infrastructure, resulting in an increased exposure to potential attacks.
The report shows that communication networks will be more interconnected, further exposing the system to possible failures and attacks and the electric system will become significantly more complex as more subsystems are linked together.
It notes that the cyber attack has evolved into a sophisticated and carefully designed digital-weapon tasked for a specific intent, such as the Stuxnet and Duqu virus, and looks how emerging vulnerabilities of control systems continue to accelerate.
The research also examines the impact of new technologies impacting the Energy sector and reveals that the country’s power grid was not designed with cyber security in mind.