Tag Archives: electricity

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] S. Korea nuclear hack ups aging reactor risks

http://www.japantimes.co.jp/news/2015/01/13/asia-pacific/s-korea-nuclear-hack-ups-aging-reactor-risks/ Reuters Jan 13, 2015 SEOUL – The hacking of South Korea’s nuclear operator means the country’s second-oldest reactor may be shut permanently due to safety concerns, said several nuclear watchdog commissioners, raising the risk that other aging reactors may also be closed. “The operator failed to prevent it (the hack) and they don’t know how much data has been leaked. If the old reactor is still allowed to continue to run, it will just hike risks,” said Kim Hye-jung, one of nine commissioners who will this month review an application to restart the Wolsong No. 1 reactor. The future of Wolsong No. 1, shut in 2012 after reaching its 30-year life span, is seen as critical to the fate of other reactors, including the oldest, Kori No. 1, which had its life span extended by 10 years to 2017. Nuclear power accounts for about a third of South Korea’s electricity supply. More nuclear closures would boost fuel imports, which had soared since late 2012 after some reactor closures forced Asia’s fourth-largest economy to replace nuclear power with liquefied natural gas and thermal coal. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Senate should demand electric grid reliability and security

http://thehill.com/blogs/congress-blog/energy-environment/211238-senate-should-demand-electric-grid-reliability-and By Thomas S. Popik and William R. Graham The Hill July 07, 2014 With a Senate vote on two nominees for commissioners of the Federal Energy Regulatory Commission (FERC) pending, there is unprecedented attention on this obscure regulator of interstate pipelines and electricity transmission. In 2005, Congress granted FERC additional authority to regulate electric grid reliability and security, but too often FERC has accommodated industry rather than enforce strict standards. Both FERC nominees, Cheryl LaFleur and Norman Bay, have long tenures as commissioner and director of Enforcement, respectively. Before a confirmation vote, Senators should examine FERC’s weak regulatory record and determine whether leadership and legislative fixes are necessary. Prior to the 2003 Northeast Blackout which affected 50 million people, electric grid reliability and security were unregulated. An industry trade association had set voluntary standards but compliance was spotty. After the Northeast Blackout, a special U.S.-Canada task force identified the voluntary standards system as a prime cause. In response, Congress designed a hybrid regulatory system, where a private successor to the trade association, the North American Electric Reliability Corporation (NERC), would set mandatory standards. FERC would have authority to request, review, and approve, but not change, NERC’s standards. Nominee and Acting FERC Chair LaFleur, formerly a senior utility executive, is a supporter of the hybrid FERC-NERC regulatory system. At an April Senate hearing entitled, “Keeping the lights on


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Vendor Breach Exposes Card Data, PII

http://www.bankinfosecurity.com/vendor-breach-exposes-card-data-pii-a-6221 By Tracy Kitten Bank Info Security November 14, 2013 The breach of an Ireland-based loyalty marketing company, which authorities confirm exposed payment card data on more than 376,000 consumers plus other personally identifiable information about more than 1 million, illustrates, yet again, the privacy vulnerabilities third parties pose, experts say. Ireland’s Office of the Data Protection Commissioner says card details on another 150,000 consumers “were potentially compromised.” For now, however, it’s offering few specifics. On Nov. 11, the commissioner confirmed only that card details for 70,000 customers of SuperValu, an Ireland-based grocer and food distributor, and 8,000 customers of AXA Insurance Ireland were exposed. Both used Loyaltybuild for holiday loyalty marketing programs. Additionally, some Electric Ireland customers who participated in a loyalty program run by the Electricity Supply Board in 2007 and 2008 also have been impacted by the breach, the commissioner noted. Loyaltybuild notified the utility that names, addresses, phone numbers, e-mail accounts and booking references for those customers may have been exposed, according to the commissioner’s office. But financial or card transaction data is not believed to have been affected. The commissioner has not yet identified what other companies’ customers had their card details exposed, including those elsewhere in Europe, but says the investigation into the breach is ongoing. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Call yourself a ‘hacker’, lose your 4th Amendment right against seizures

http://www.theregister.co.uk/2013/10/23/hacker_loses_4th_amendment_rights_case/ By John Leyden The Register 23rd October 2013 A US district court has ruled that anyone calling themselves a “hacker” loses their Fourth Amendment protections against unreasonable searches and property seizures. The court in Idaho decided that a software developer’s computer could be seized without him being notified primarily because his website stated: “We like hacking things and don’t want to stop.” The ruling [PDF] came down in a case brought by Battelle Energy Alliance against ex-employee Corey Thuen and his company Southfork Security. Thuen, while working for Battelle, helped develop an application today known as Sophia, which fires off alerts if it detects industrial control equipment coming under electronic attack. Battelle – which was tasked with beefing up the computer security of US electricity plants, energy sources and other critical sites – wanted to license this technology, but Thuen hoped to open source the code, according to the plaintiffs. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Shame on you NIST for DoS

Forwarded from: Dean Bushmiller The Painpill- because no one takes vitamins regularly. This is a weekly security discussion and sometimes rant with a commercial at the end for training. Government shutdown, fiscal cliff… Everyone is talking about the government shutdown. It is important. I don’t want to play the blame-game, but I do want to talk about what I feel is an unnecessary Denial of Service attack by NIST on all of us. Let’s frame the conversation with a few questions? If you go on vacation or a break, Do you turn off your web server or website? If you cannot afford your power bill, do you light a neon sign that says “We’re Closed” ? If you set up your website and find you cannot do updates, Do you tear the whole site down? Everyone reading this would likely say NO to all the above. NIST said YES due to the government shutdown. Why are SP800 documents important? We all use the collective guidance of Special Publications to direct security decisions. For Expanding Security, we use Special Publications as part of classes. I share their importance and always tell students to get a copy. These documents were created and paid for with U.S. tax dollars. Done. Access to the documents should be… accessible no matter what current political problem is occurring. Here’s the thing, it costs nothing to let a website run. Well OK it costs server time and electricity. So if you ran out of money, you would turn off the server. But NIST tore down the main page and put up a big fat FINGER to all of us. What do I mean? The server doesn’t need to have a person feeding it data; there is no person on the other side of the server waiting to hand me my SP800-37.pdf. The documents and pages once built do not need any support. The correct way? I would have total respect for NIST if they turned off the server because they ran out of funding. But to leave it running and DoS people who need pages is just wrong. It goes against everything that information technology is about. Hey NIST if it’s really about running out of money, turn off your server instead of flipping everybody off.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Squirrel Power!

http://www.nytimes.com/2013/09/01/opinion/sunday/squirrel-power.html By JON MOOALLEM The New York Times August 31, 2013 SOME say the world will end in fire. Some say ice. Some say coordinated kamikaze attacks on the power grid by squirrels. At least, some have been saying that to me, when they find out I’ve spent the summer keeping track of power outages caused by squirrels. Power outages caused by squirrels are a new hobby of mine, a persnickety and constantly updating data set that hums along behind the rest of my life the way baseball statistics or celebrity-birthing news might for other people. It started in April, after I read about a squirrel that electrocuted itself on a power line in Tampa, Fla., cutting electricity to 700 customers and delaying statewide achievement tests at three nearby schools. I was curious, just enough to set up a Google news alert: squirrel power. But as the summer progressed, and the local news reports of power outages caused by squirrels piled up in my in-box, my interest in power outages caused by squirrels became more obsessive and profound. I know: it’s hard to accept that a single squirrel can disrupt and frustrate thousands of people at a time, switching off our electrified lives for hours. But since Memorial Day, I’ve cataloged reports of 50 power outages caused by squirrels in 24 states. (And these, of course, are only those power outages severe enough to make the news.) Fifteen hundred customers lost power in Mason City, Iowa; 1,500 customers in Roanoke, Va.; 5,000 customers in Clackamas County, Ore.; and 10,000 customers in Wichita, Kan. — and that was just during two particularly busy days in June. A month later, there were two separate P.O.C.B.S., as I’ve come to call power outages caused by squirrels, around the small town of Evergreen, Mont., on a single day. Squirrels cut power to a regional airport in Virginia, a Veterans Affairs medical center in Tennessee, a university in Montana and a Trader Joe’s in South Carolina. Five days after the Trader Joe’s went down, another squirrel cut power to 7,200 customers in Rock Hill, S.C., on the opposite end of the state. Rock Hill city officials assured the public that power outages caused by squirrels were “very rare” and that the grid was “still a reliable system.” Nine days later, 3,800 more South Carolinians lost power after a squirrel blew up a circuit breaker in the town of Summerville. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail