Washington, D.C.—The U.S. General Accounting Office says that, besides increasing general cyber threats, several factors are contributing to escalated risks of cyber attacks against control systems.
Washington, D.C.— The U.S. General Accounting Office says that, besides increasing general cyber threats, several factors are contributing to escalated risks of cyber attacks against control systems. These factors include adoption of standardized technologies with known vulnerabilities and increased connectivity of control systems to other systems, according to GAO’s report, “Critical Infrastructure Protection: Challenges and Efforts to Secure Control Systems,” released in March 2004.
GAO reports that control systems can be vulnerable to a variety of attacks, and that some examples of these have already occurred. Successful attacks on control systems could have devastating consequences, such as endangering public health and safety. GAO adds that computerized control systems perform vital functions across many of the nation’s critical infrastructures. For example, in the natural gas distribution industry, they can monitor and control the pressure and flow of gas through pipelines.
The report states the risk of a cyber-based attack persists because securing control systems poses significant challenges, including limited specialized security technologies and lack of economic justification. However, the government, academia, and private industry already have initiated efforts to strengthen the cyber-security of control systems. The President’s National Strategy to Secure Cyberspace establishes a role for the U.S. Department of Homeland Security (DHS) to coordinate with these entities to improve cyber-security of control systems.
While some cooperation is occurring, DHS’s coordination of these efforts could accelerate the development and implementation of more secure systems. GAO’s report adds that without effective coordination of these efforts, there is a risk of delaying the development and implementation of more secure systems to manage the nation’s critical infrastructures.
GAO recommends that the secretary of the DHS develop and implement a strategy for coordinating with the private sector and other government agencies to improve control system security, including an approach for coordinating the various ongoing efforts to secure control systems. DHS has concurred with GAO’s recommendation.
For more information or to read the latest version of the report, visit Control Engineering ’s new subscriber-based Resource Center online at www.controleng.com.
Control Engineering Daily News Desk
Jim Montague, news editor
[email protected]