Industrial Defender - Cyber Security Intelligence for Critical Infrastructure/SCADA

2010.08.25 - Industry News - Defense official discloses cyberattack

Wed, 25 Aug 2010 16:54:10 -0400

Ellen Nakashima,
The Washington Post,
25 August 2010

Defense official discloses cyberattack

Now it is official: The most significant breach of U.S. military computers was caused by a flash drive inserted into a U.S. military laptop on a post in the Middle East in 2008.

2010.08.04 - Industry News - DHS quietly dispatching teams to test power plant cybersecurity

Wed, 4 Aug 2010 19:55:45 -0400
Jaikumar Vijayan,
ComputerWorld.com,
04 August 2010

DHS quietly dispatching teams to test power plant cybersecurity

The Department of Homeland Security (DHS) is quietly creating specialized teams of experts to test industrial control systems at U.S power plants for cybersecurity weaknesses.

2010.08.03 - Industry News - New threat: Hackers look to take over power plants

Wed, 4 Aug 2010 19:55:43 -0400
Lolita C. Baldor,
The Associated Press,
03 August 2010

New threat: Hackers look to take over power plants

WASHINGTON - Computer hackers have begun targeting power plants and other critical operations around the world in bold new efforts to seize control of them, setting off a scramble to shore up aging, vulnerable systems.

2010.07.16 - Industry News - ARC says Electric Power SCADA Market to grow 9%

Fri, 16 Jul 2010 14:56:52 -0400
Automation.com,
16 July 2010

ARC says Electric Power SCADA Market to grow 9%

July 15, 2010: The worldwide Electric Power SCADA market will grow at a compound annual growth rate (CAGR) of 9.3 percent from 2009 through 2014.

2010.07.15 - Industry News - Experts Warn of New Windows Shortcut Flaw

Fri, 16 Jul 2010 13:38:43 -0400
krebsonsecurity.com,
15 July 2010

Experts Warn of New Windows Shortcut Flaw

Researchers have discovered a sophisticated new strain of malicious software that piggybacks on USB storage devices and leverages what appears to be a previously unknown security vulnerability in the way Microsoft Windows processes shortcut files.

2010.07.08 - Industry News - U.S. Plans Cyber Shield for Utilities, Companies

Mon, 12 Jul 2010 10:30:28 -0400
Siobhan Gorman,
Wall Street Journal,
08 July 2010

U.S. Plans Cyber Shield for Utilities, Companies

The federal government is launching an expansive program dubbed "Perfect Citizen" to detect cyber assaults on private companies and government agencies running such critical infrastructure as the electricity grid and nuclear-power plants, according to people familiar with the program.

2010.06.23 - Incidents - Computer failure interrupts flow from city water plant

Mon, 28 Jun 2010 10:36:06 -0400
Erinn Unger,
Lake Chelan Mirror,
2010.06.23

Computer failure interrupts flow from city water plant

There was no flow for some early bird Chelan residents in the small hours of Saturday, June 13, because of a computer failure at the city's water treatment plant. The plant is now operating on a backup computer.

2010.06.08 - Industry News - Small And Midsize Companies Take New Directions On SIEM

Tue, 8 Jun 2010 16:43:11 -0400
Tim Wilson,
Darkreading.com,
08 June 2010

Small And Midsize Companies Take New Directions On SIEM

Security information and event management becoming less about compliance, more about forensics and incident response, studies say

2010.06.02 - Industry News - New Report Identifies Threat Environment and Next Steps for Addressing Key High-Impact, Low-Frequency Risks to the North American Electric Grid

Wed, 2 Jun 2010 12:13:08 -0400
NERC.com,
02 June 2010

New Report Identifies Threat Environment and Next Steps for Addressing Key High-Impact, Low-Frequency Risks to the North American Electric Grid

WASHINGTON, D.C., June 2, 2010 - The North American Electric Reliability Corporation (NERC) and the U.S. Department of Energy (DOE) released a report today that identifies a certain class of high-impact, low-frequency risk shown to have the potential to significantly affect the reliability of the North American bulk power system...

2010.05.13 - Industry News - Cybersecurity summit pays little attention to control system's security

Thu, 13 May 2010 15:02:59 -0400
Homeland Security Newswire,
13 May 2010

Cybersecurity summit pays little attention to control system's security

Despite threats of infrastructure attacks, scant attention was paid to control systems during a global security conference; the problem is safeguarding infrastructure's control systems against attackers is that such protection requires a different approach to securing PCs or networks; Windows-based security products will not help; says one expert: "All the devices that sense things -- temperature, pressure, flow, and things like that -- are not Windows, those are proprietary, real-time or embedded, and there's no security there"

2010.04.20 - Industry News - 'Cyber War' by Richard Clarke

Tue, 20 Apr 2010 17:55:59 -0400
Good Morning America,
20 April 2010

'Cyber War' by Richard Clarke

In "Cyber War," author Richard Clarke explores the newest front of modern war: the Internet and how America could already be on the losing side.

2010.04.20 - Industry News - Richard Clarke On The Growing 'Cyberwar' Threat

Tue, 20 Apr 2010 17:55:05 -0400
NPR,
20 April 2010

Richard Clarke On The Growing 'Cyberwar' Threat

Richard Clarke served as a counterterrorism adviser to Presidents Bill Clinton and George W. Bush. He spent much of 2001 warning members of the Bush administration about the possibility of an impending al-Qaida attack.

2010.04.09 - Industry News - Securing the smart grid

Fri, 9 Apr 2010 11:24:16 -0400
Elinor Mills,
CNET,
09 April 2010

Securing the smart grid

Smart meters are arriving at homes and causing a stir. Consumers in California and Texas have complained about higher bills due to smart meters not working properly. And for a second time in about a year, researchers discovered holes in the meters.

2010.04.05 - Industry News - Hacking the Smart Grid

Fri, 9 Apr 2010 11:22:23 -0400
Robert Lemos,
Technology Review,
05 April 2010

Hacking the Smart Grid

Components of the next-generation smart-energy grid could be hacked in order to change household power settings or to spoof communications with a utility's network, according to a study of three pilot implementations.

2010.03.23 - Industry News - Journal of Energy Security

Tue, 30 Mar 2010 13:25:09 -0400
Francois Gaspard and Alain Hubrecht,
Journal of Energy Security,
23 March 2010

Tackling Critical Energy Infrastructure Network Interdependencies

Over the past decade, the energy sector, and more particularly the energy security sector, has received considerable attention from the public and governments around the world. Physical security is of course one of the main focus areas in energy security, however, another emerging area is cyber security.

2010.03.17 - Industry News - CORRECTION - House Passes Cybersecurity Bill

Fri, 19 Mar 2010 10:12:27 -0400
Reuters.com
17 March 2010

CORRECTION - House Passes Cybersecurity Bill

A new version of a cybersecurity bill was introduced in the Senate on Wednesday that may eliminate some opposition to the measure from the tech industry. The bill would give the president a Senate-confirmed national security advisor to lead "all cybersecurity matters," whether in defense or civilian areas, according to a summary of the bill.

2010.03.08 - Industry News - NERC, FERC, FRCC Reach Agreement Regarding 2008 Florida Outage

Tue, 9 Mar 2010 10:36:13 -0500
Transmission & Distribution World,
08 March 2010

NERC, FERC, FRCC Reach Agreement Regarding 2008 Florida Outage

The North American Electric Reliability Corp., the Federal Energy Regulatory Commission, and the Florida Reliability Coordinating Council have reached an agreement regarding the role of the FRCC Reliability Coordinator in the Feb. 26, 2008, power outage that left nearly one million homes and businesses in the state without electricity.

2010.03.05 - Industry News - FERC Approves Settlement on FRCC’s Role in Florida Blackout

Tue, 9 Mar 2010 10:34:18 -0500
FERC.gov,
05 March 2010

FERC Approves Settlement on FRCC’s Role in Florida Blackout

The Federal Energy Regulatory Commission (FERC) today approved a settlement under which the Florida Reliability Coordinating Council (FRCC) will pay a $350,000 civil penalty and undertake specific reliability improvements stemming from the Feb. 26, 2008, blackout that lost power for millions of Florida consumers.

2010.02.23 - Industry News - Experts warn of catastrophe from cyberattacks

Thu, 25 Feb 2010 11:23:44 -0500
Elinor Mills,
CNET,
23 February 2010

Experts warn of catastrophe from cyberattacks

Computer-based network attacks are slowly bleeding U.S. businesses of revenue and market advantage, while the government faces the prospect of losing in an all-out cyberwar, experts told Senators in a hearing on Tuesday.

2010.02.18 - Industry News - Broad New Hacking Attack Detected

Fri, 19 Feb 2010 11:13:42 -0500
Siobhan Gorman,
Wall Street Journal,
18 February 2010

Broad New Hacking Attack Detected
Global Offensive Snagged Corporate, Personal Data at nearly 2,500 Companies; Operation Is Still Running

Hackers in Europe and China successfully broke into computers at nearly 2,500 companies and government agencies over the last 18 months in a coordinated global attack that exposed vast amounts of personal and corporate secrets to theft, according to a computer-security company that discovered the breach.

2010.02.16 - Industry News -Fact Check: Cyberattack threat

Thu, 18 Feb 2010 19:47:28 -0500
Jim Dexter,
CNN,
16 February 2010

Fact Check: Cyberattack threat

A Washington think tank staged a mock cyberattack on the United States on Tuesday in a bid to evaluate strategies for fighting cyberterrorists. Former senior government officials gathered at the Bipartisan Policy Center to play the roles of Cabinet members responding to a simulated attack on the nation's computer infrastructure.

2010.02.11 - Industry News - Critical infrastructure is a primary cybercriminal target

Fri, 12 Feb 2010 19:04:36 -0500
Help Net Security
11 February 2010

Critical infrastructure is a primary cybercriminal target

Critical infrastructure such as energy, pharmaceutical and government assets are more than twice as likely to be targeted by cybercriminals than other organizations, according to a ScanSafe report.

2010.02.04 - Industry News - House Passes Cybersecurity Bill

Thu, 4 Feb 2010 17:32:22 -0500
Janie Lorber,
The New York Times,
04 February 2010

House Passes Cybersecurity Bill

Update | 12:46 p.m. The House today overwhelmingly passed a bill aimed at building up the United States’ cybersecurity army and expertise, amid growing alarm over the country’s vulnerability online.

2010.01.25 - Industry News - US oil industry hit by cyberattacks: Was China involved?

Wed, 27 Jan 2010 13:35:38 -0500
Mark Clayton,
The Christian Science Monitor,
25 January 2010

US oil industry hit by cyberattacks: Was China involved?

At least three US oil companies were the target of a series of previously undisclosed cyberattacks that may have originated in China and that experts say highlight a new level of sophistication in the growing global war of Internet espionage.

2010.01.20 - Industry News - Fearing Hackers Who Leave No Trace

Wed, 20 Jan 2010 10:24:13 -0500
John Markoff and Ashlee Vance,
The New York Times,
20 January 2010

Fearing Hackers Who Leave No Trace

MOUNTAIN VIEW, Calif. - The crown jewels of Google, Cisco Systems or any other technology company are the millions of lines of programming instructions, known as source code, that make its products run.

If hackers could steal those key instructions and copy them, they could easily dull the company’s competitive edge in the marketplace. More insidiously, if attackers were able to make subtle, undetected changes to that code, they could essentially give themselves secret access to everything the company and its customers did with the software.

2010.01.05 - Industry News -Energy set to form new group to protect electric grid from cyberattacks

Wed, 6 Jan 2010 17:53:22 -0500
Jill R. Aitoro,
NextGov,
05 January 2010

Energy set to form new group to protect electric grid from cyberattacks

A public-private group the Energy Department is forming to better secure the nation's electric grid from cyberattacks must be given strong regulatory and budgetary authority to drive sweeping changes to computer networks, security specialists said.

2009.12.14 - Industry News - U.S. and Russian officials talk cyberissues

Wed, 6 Jan 2010 17:50:16 -0500
Angela Moscaritolo,
SC Magazine,
14 December 2009

U.S. and Russian officials talk cyberissues

In a notable policy shift, American and Russian officials have met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.

2009.12.08 - Industry News - Cyberattacks against critical U.S. networks rising at a faster rate

Wed, 16 Dec 2009 13:09:14 -0500
Jill R. Aitoro,
NextGov,
08 December 2009

Cyberattacks against critical U.S. networks rising at a faster rate

The number of cybersecurity attacks against computer networks that operate the nation's critical infrastructure such as transportation systems and water treatment and power plants, has increased dramatically, mostly because these industries rely on legacy technologies that don't protect systems from sophisticated attacks.

2009.11.19 - Industry News - As Smart Grid Expands, So Does Vulnerability to Cyber Attacks

Wed, 16 Dec 2009 13:09:03 -0500
Peter Behr,
The New York Times,
19 November 2009

As Smart Grid Expands, So Does Vulnerability to Cyber Attacks

As he prepares to leave office as head of the nation's electric grid operations monitor, Rick Sergel is warning the power industry that if it doesn't move faster and harder to protect itself against cyber threats, Congress and federal regulators will increasingly impose their own rules.

2009.11.19 - Industry News - FBI Suspects Terrorists Are Exploring Cyber Attacks

Wed, 16 Dec 2009 13:01:19 -0500
Siobhan Gorman,
Wall Street Journal,
19 November 2009

FBI Suspects Terrorists Are Exploring Cyber Attacks

The Federal Bureau of Investigation is looking at people with suspected links to al Qaeda who have shown an interest in mounting an attack on computer systems that control critical U.S. infrastructure, a senior official told Congress Tuesday.

2009.11.09 - Industry News - House Passes Chemical Site Security Rules

Thu, 19 Nov 2009 11:27:22 -0500
Mickey McCarter,
Homeland Security Today,
09 November 2009

House Passes Chemical Site Security Rules

Thompson hails bill as protecting US citizens
Stringent chemical facility security standards passed the House of Representatives Friday, 230-193, in a bill (HR 2868) that would require chemical manufacturers to evaluate the use of inherently safer technology to make their plants safer for people and the environment and that would extend the standards to drinking water and wastewater facilities.

2009.11.08 - Industry News - Cyber War: Sabotaging the System

Thu, 19 Nov 2009 11:25:06 -0500
www.cbsnews.com,
08 November 2009

Cyber War: Sabotaging the System

(CBS) Nothing has ever changed the world as quickly as the Internet has. Less than a decade ago, "60 Minutes" went to the Pentagon to do a story on something called information warfare, or cyber war as some people called it. It involved using computers and the Internet as weapons.

2009.10.30 - Industry News - Secretary Napolitano Opens New National Cybersecurity and Communications Integration Center

Thu, 19 Nov 2009 11:23:23 -0500
Department of Homeland Security-Office of the Press Secretary,
www.dhs.gov,
30 October 2009

Secretary Napolitano Opens New National Cybersecurity and Communications Integration Center

Arlington, Va. - Department of Homeland Security (DHS) Secretary Janet Napolitano today opened the new National Cybersecurity and Communications Integration Center (NCCIC) - a 24-hour, DHS-led coordinated watch and warning center that will improve national efforts to address threats and incidents affecting the nation's critical information technology and cyber infrastructure.

2009.10.29 - Industry News - Regulators Want More Authority Over Grid Security

Thu, 19 Nov 2009 11:21:40 -0500
SGN Staff,
SmartGridNews.com,
29 October 2009

Regulators Want More Authority Over Grid Security

Regulators from the Federal Energy Regulatory Commission (FERC), DOE, and the North American Electric Reliability Corp. (NERC) told a House subcommittee this week that they do not currently have the authority to move quickly against threats to the electric grid, and offered support for legislation that could correct the deficiency.

2009.10.08 - Industry News - NERC, FERC, FPL Reach Agreement on Reliability Enhancements

Fri, 9 Oct 2009 11:42:28 -0400
Press Release,
www.nerc.com,
08 October 2009

NERC, FERC, FPL Reach Agreement on Reliability Enhancements Standards

The North American Electric Reliability Corporation (NERC), the Federal Energy Regulatory Commission (FERC), and Florida Power & Light Company (FPL) have reached a key agreement that will result in important reliability enhancements in Florida. The agreement closes a joint NERC-FERC investigation of the February 26, 2008 outage that resulted in the loss of 22 transmission lines and 4,300 MW of generation and caused nearly one million homes and businesses in the state to lose power.

2009.09.24 - Industry News - Obama Admin Releases Initial 'Smart Grid' Standards

Fri, 9 Oct 2009 11:40:48 -0400
Katherine Ling,
New York Times,
24 September 2009

Obama Admin Releases Initial 'Smart Grid' Standards

The Commerce Department unveiled the first 77 "smart grid" standards today aimed at removing a major barrier to the implementation of digital grid technologies.

2009.09.15 - Industry News - U.S. Reviewing Cyber Threat to Power Grid

Fri, 9 Oct 2009 11:38:52 -0400
Larry Barrett,
Internetnews.com,
15 September 2009

U.S. Reviewing Cyber Threat to Power Grid

Officials at the U.S. Department of Homeland Security Tuesday said they are reviewing a startling report by a Chinese research scientist that outlines just how vulnerable information systems responsible for maintaining the grid powering the entire West Coast are to a possible cyber terrorism attack.

2009.08.26 - Industry News - DHS' Cyber Storm III to test Obama's national cyber response plan

Fri, 9 Oct 2009 11:37:08 -0400
Jill R. Aitoro,
NextGov,
26 August 2009

DHS' Cyber Storm III to test Obama's national cyber response plan

The Homeland Security Department's third large-scale cybersecurity drill in September 2010 will test the national cyber response plan currently being developed by the Obama administration, said industry and government participants in the simulation exercise during a conference on Tuesday.

2009.08.25 - Industry News - DHS official: Agencies must make high-risk cyber threats top priority

Wed, 26 Aug 2009 16:20:52 -0400
Jill R. Aitoro,
NextGov,
25 August 2009

DHS official: Agencies must make high-risk cyber threats top priority

Federal agencies should prioritize their information security requirements to ensure mission-critical operations are protected first, and delineate between "that which is aggravating and that which is truly dangerous," the Homeland Security Department's cyber chief Greg Schaffer said during a conference on Tuesday.

2009.08.25 - Industry News - Insider risk problem revealed

Wed, 26 Aug 2009 16:22:30 -0400
Maggie Shiels,
BBC News,
25 August 2009

Insider risk problem revealed

The security vendor RSA revealed that the majority of breaches are actually caused unintentionally by employees.

2009.08.12 - Industry News - NIST publishes final version of new cybersecurity recommendations

Tue, 11 Aug 2009 16:18:21 -0400
Homeland Security News Wire,
12 August 2009

NIST publishes final version of new cybersecurity recommendations

NIST's cybersecurity recommendations for government aim to create a unified framework which will result in the defense, intelligence and civil communities using a common strategy to protect critical federal information systems and associated infrastructure

2009.08.03 - Industry News - Smart grid saves power, but can it thwart hackers?

Wed, 5 Aug 2009 13:54:35 -0400
Tyler Hamilton,
TheStar.com,
03 August 2009

Smart grid saves power, but can it thwart hackers?

The illegal access of 179,000 Toronto Hydro e-billing accounts last week may be written off by some as just another privacy breach in an increasingly interconnected world, but it also raises a red flag in the rush toward the "smart grid."

2009.07.31 - Industry News - Security researchers offer caution on smart grids

Wed, 5 Aug 2009 13:52:22 -0400
Jordan Robertson
Associated Press,
31 July 2009

Security researchers offer caution on smart grids

The race to build a "smarter" electrical grid could have a dark side. Security experts are starting to show the dangers of equipping homes and businesses with new meters that enable two-way communication with utilities.

2009.07.30 - Industry News - Protecting Industrial Networks against Evolved Cyber Threats: Air Liquide

Wed, 5 Aug 2009 13:48:06 -0400
Charles Neely Harper,
Manufacturing Business Technology,
30 July 2009

Protecting Industrial Networks against Evolved Cyber Threats: Air Liquide

A defense-in-depth security strategy protects Air Liquide against hackers. The head of its U.S. Operations Control Center explains.

2009.07.28 - Industry News - Black Hat: Smart Meter Worm Attack Planned

Wed, 5 Aug 2009 13:46:47 -0400
Thomas Claburn,
Information Week,
28 July 2009

Black Hat: Smart Meter Worm Attack Planned

IOActive's Mike Davis intends to unleash a worm on a smart meter at the Black Hat security conference on Thursday.

2009.07.28 - Industry News - 'Smart Grid' Raises Security Concerns

Tue, 28 Jul 2009 12:29:13 -0400
Brian Krebs,
Washington Post,
28 July 2009

'Smart Grid' Raises Security Concerns

Electric utilities vying for $3.9 billion in new federal "smart grid" grants will need to prove that they are taking steps to prevent cyberattacks as they move to link nearly all elements of the U.S. power grid to the public Internet.

2009.07.27 - Industry News - U.S. seeks 'top guns' for cybersecurity

Tue, 28 Jul 2009 12:28:02 -0400
Grant Gross,
ComputerWorld,
27 July 2009

U.S. seeks 'top guns' for cybersecurity

Amid concerns that the U.S. has a shortage of cybersecurity professionals, a new consortium of U.S. government and private organizations aims to identify students with strong computer skills and train them as cybersecurity guardians, warriors and "top guns."

2009.07.24 - Industry News - Independent commission plans second report on cybersecurity requirements

Tue, 28 Jul 2009 11:41:15 -0400
Jill R. Aitoro,
NextGov,
24 July 2009

Independent commission plans second report on cybersecurity requirements

The commission that provided the Obama administration with widely lauded recommendations for cybersecurity policies will develop recommendations for how the government can address possible issues such as privacy protection that could hinder the implementation of a plan to protect federal computer networks, commission members and industry representatives said on Thursday.

2009.07.22 - Industry News - Report: Shortage of cyber experts may hinder government

Tue, 28 Jul 2009 11:40:00 -0400
Lolita C. Baldor (AP)
NextGov,
22 July 2009

Report: Shortage of cyber experts may hinder government

Federal agencies are facing a severe shortage of computer specialists, even as a growing wave of coordinated cyberattacks against the government poses potential national security risks, a private study found.

2009.07.21 - Industry News - Congress must do more to protect grid from cyber, nuclear attacks

Tue, 28 Jul 2009 11:38:41 -0400
Jill R. Aitoro,
NextGov,
21 July 2009

Congress must do more to protect grid from cyber, nuclear attacks

Congress should pass measures to protect the nation's electric grid against electromagnetic pulses emitted after a nuclear blast, witnesses told a hearing on Tuesday.

2009.07.21 - Industry News - Lawmakers: Electric utilities ignore cyber warnings

Tue, 28 Jul 2009 11:37:04 -0400
Grant Gross,
ComputerWorld,
21 July 2009

Lawmakers: Electric utilities ignore cyber warnings

The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S. lawmakers said today.

2009.07.14 - Industry News - Cybersecurity: Senate bill would make international cooperation a priority

Fri, 17 Jul 2009 11:48:32 -0400
Ben Bain,
Federal Computer Week,
14 July 2009

Cybersecurity: Senate bill would make international cooperation a priority

A new Senate bill would encourage the secretary of state to work with other governments to further cooperation on cybersecurity and would require the secretary to submit a report to Congress about those efforts.

2009.07.14 - Industry News - Probe into cyberattacks stretches around the globe

Fri, 17 Jul 2009 11:47:22 -0400
Jeremy Kirk,
ComputerWorld,
14 July 2009

Probe into cyberattacks stretches around the globe

British authorities have launched an investigation into the recent cyberattacks that crippled Web sites in the U.S. and South Korea, as the trail to find the perpetrators stretches around the world.

2009.07.14 - Industry News - Automatic control system eyed in US metro crash

Fri, 17 Jul 2009 11:45:04 -0400
AFP,
14 July 2009

Automatic control system eyed in US metro crash

WASHINGTON (AFP) - The US transportation safety board has urged Washington Metro officials to upgrade remote train controls as investigators eyed the current system as the possible cause of last month's deadly subway train crash.

2009.07.14 - Industry News - Defense Dept. Seeks Cyberattack Protection

Fri, 17 Jul 2009 11:43:46 -0400
J. Nicholas Hoover,
Information Week,
14 July 2009

Defense Dept. Seeks Cyberattack Protection

The Department of Defense is looking for new ways to protect its sensitive but unclassified network against distributed denial of service (DDOS) attacks, the same type of cyberattacks that took aim at several federal government Web sites last week.

2009.07.10 - Industry News - If this is cyber war, possible U.S responses are limited

Fri, 17 Jul 2009 11:42:22 -0400
Pauline Jelinek (AP),
NextGov,
10 July 2009

If this is cyber war, possible U.S responses are limited

A lot of people are saying this is cyber war. But if the Internet attack on U.S. Web sites was an assault by North Korea or some other foreign government, what good responses are in America's arsenal?

2009.07.09 - Industry News - Experts work to untangle US, Korea cyber attack

Fri, 17 Jul 2009 11:40:09 -0400
Lolita C. Baldor and Jordan Robertson,
Associated Press,
09 July 2009

Experts work to untangle US, Korea cyber attack

U.S. authorities trying to unravel the widespread cyber attacks against government Web sites in the United States and South Korea this week are facing a lengthy, complex investigation that may never identify a culprit, at least not one they would be willing to reveal.

2009.07.09 - Industry News -NTSB to look at possible computer role in D.C. crash

Fri, 17 Jul 2009 11:38:42 -0400
Martyn Williams,
Computerworld,
09 July 2009

Cyber attack in South Korea set to resume, says AhnLab

A denial of service attack that took down some of South Korea's highest profile Web sites on Wednesday is set to resume Thursday evening, according to computer security specialist AhnLab.

2009.07.08 - Industry News - Cyberattacks on federal Web sites may be smokescreen

Fri, 17 Jul 2009 11:13:24 -0400
Jill R. Aitoro,
NextGov,
08 July 2009

Cyberattacks on federal Web sites may be smokescreen

The type of cyberattack that took down multiple federal Web sites this week is more of a nuisance than a threat to national security, according to computer security experts, but it can be used to conceal more serious attacks on networks and systems.

2009.07.08 - Industry News - 'Noisy' cyberattacks have little effect

Fri, 17 Jul 2009 11:10:02 -0400
William Jackson,
Federal Computer Week,
08 July 2009

'Noisy' cyberattacks have little effect

Denial-of-service attacks against government Web sites in this country and South Korea appear to have had little impact and are not particularly sophisticated, experts say.

2009.07.08 - Industry News - North Korea suspected of attacking government Web sites

Fri, 17 Jul 2009 11:08:04 -0400
Lolita C. Baldor,
NextGov,
08 July 2009

North Korea suspected of attacking government Web sites

WASHINGTON (AP) -- A widespread computer attack that began July 4 knocked out the Web sites of the Treasury Department, the Secret Service and other U.S. government agencies, according to officials inside and outside the government.

2009.07.08 - Industry News - Cyberattack bogs down Web sites

Wed, 8 Jul 2009 10:31:17 -0400
United Press International,
08 July 2009

Cyberattack bogs down Web sites

A cyberattack during the last few days targeted Web sites run by major U.S. government departments and agencies, several computer security researchers said.

2009.07.07 - Industry News - Online attack hits US government Web sites

Wed, 8 Jul 2009 10:28:41 -0400
Robert McMillan,
Computerworld,
07 July 2009

Online attack hits US government Web sites

A botnet comprised of about 50,000 infected computers has been waging a war against U.S. government Web sites and causing headaches for businesses in the U.S. and South Korea.

2009.07.06 - Industry News - Troubles Plague Cyberspy Defense

Wed, 8 Jul 2009 10:25:36 -0400
Siobhan Gorman,
Wall Street Journal,
06 July 2009

Troubles Plague Cyberspy Defense

The flagship system designed to protect the U.S. government's computer networks from cyberspies is being stymied by technical limitations and privacy concerns, according to current and former national-security officials.

2009.06.26 - Industry News - Wide-ranging changes might be sought for cybersecurity

Wed, 8 Jul 2009 10:23:11 -0400
Andrew Noyes with Chris Strohm contributing,
NextGov,
26 June 2009

Wide-ranging changes might be sought for cybersecurity

The Obama administration could ask Congress for regulatory changes to create "far-reaching incentives" for prioritizing cybersecurity in the private sector, which controls much of the nation's critical IT infrastructure, a high-ranking Department of Homeland Security official said Thursday.

2009.06.24 - Industry News - NERC and Electric Industry Continue Efforts to Address Cyber Risk

Wed, 8 Jul 2009 10:21:47 -0400
Transmission & Distribution World,
24 June 2009

NERC and Electric Industry Continue Efforts to Address Cyber Risk

A number of ongoing and recently initiated programs have reached significant milestones in the effort to better secure the North American power grid from cyber attack, announced the North American Electric Reliability Corporation (NERC) last week

2009.06.24 - Industry News - Security experts warn of insider threat timebomb

Wed, 8 Jul 2009 10:20:03 -0400
Phil Muncaster,
V3.co.uk,
24 June 2009

Security experts warn of insider threat timebomb

Security experts have warned that the risk from insider threats may be more widespread than commonly thought, as criminals look to compromise sensitive company data through non-technical means.

2009.06.23 - Industry News -NTSB to look at possible computer role in D.C. crash

Wed, 8 Jul 2009 10:18:30 -0400
Patrick Thibodeau,
Computerworld,
23 June 2009

NTSB to look at possible computer role in D.C. crash

National Transportation Safety Board officials today said that the agency's investigators will examine whether computer systems, sensors or cell phones played a role in yesterday's Washington, D.C., Metrorail crash that killed nine people.

2009.06.22 - Industry News -Technical priorities for Smart Grid development outlined in new report

Wed, 8 Jul 2009 10:17:14 -0400
William Jackson,
Government Computer News,
22 June 2009

Technical priorities for Smart Grid development outlined in new report

Developing a consensus for the architecture of a secure, interoperable next-generation power distribution system might not be a simple process, according to a preliminary report produced for the National Institute of Standards and Technology.

2009.06.22 - Industry News -Multiple cybersecurity reforms launched

Wed, 8 Jul 2009 10:16:24 -0400
Gregg Carlstrom,
Federaltimes.com,
22 June 2009

Multiple cybersecurity reforms launched

The Obama administration and Congress have launched several initiatives that will radically transform the government’s approach to cybersecurity...Taken together, these initiatives will allow the government to be more aggressive and efficient in confronting cyberthreats. Critics have long argued such changes are needed to transform a cybersecurity regime that they call bureaucratic, sluggish and outdated.

2009.06.22 - Industry News -Multiple cybersecurity reforms launched

Wed, 8 Jul 2009 10:14:17 -0400
Gregg Carlstrom,
Federaltimes.com,
22 June 2009

Multiple cybersecurity reforms launched

The Obama administration and Congress have launched several initiatives that will radically transform the government’s approach to cybersecurity...Taken together, these initiatives will allow the government to be more aggressive and efficient in confronting cyberthreats. Critics have long argued such changes are needed to transform a cybersecurity regime that they call bureaucratic, sluggish and outdated.

2009.06.19 - Industry News -A Favorite Emerges in Obama's Cyberczar Search

Tue, 23 Jun 2009 10:44:34 -0400
Bobby Ghosh,
Time,
19 June 2009

A Favorite Emerges in Obama's Cyberczar Search

Tom Davis, a moderate Republican from Virginia, has emerged as a leading candidate for the Obama Administration's newly created position of cybersecurity czar. Sources familiar with the White House's deliberations on the subject say Obama officials feel a Washington power player would make a better candidate than a tech guru. "They want someone who understands technology issues, but more importantly, knows how to get things done in Washington," says a cybersecurity expert who has been consulted by the White House. "There are very few people who have that combination of skills, and Davis is at the top of that short list."

2009.06.18 - Industry News - Cybersecurity: Legislation, new security controls on same track

Tue, 23 Jun 2009 10:38:12 -0400
Wyatt Kash,
Federal Computer Week,
18 June 2009

Cybersecurity: Legislation, new security controls on same track

A new catalog of information and security controls co-developed by the National Institute of Standards and Technology, the Defense Department and the intelligence community, along with information security legislation gaining traction in Congress, are expected to significantly improve federal cybersecurity standards, according to government security experts.

2009.06.18 - Industry News - Electricity Industry to Scan Grid for Spies

Tue, 23 Jun 2009 10:37:35 -0400
Siobhan Gorman,
Wall Street Journal,
18 June 2009

Electricity Industry to Scan Grid for Spies

The electric-utility industry is planning a pilot initiative to see whether Chinese spies have infiltrated computer networks running the power grid, according to people familiar with the effort.

2009.06.16 - Industry News - Hathaway: National cyber incident response plan coming by year end

Tue, 23 Jun 2009 10:35:25 -0400
William Jackson,
Federal Computer Week,
16 June 2009

Hathaway: National cyber incident response plan coming by year end

The Cyberspace Policy Review released by the White House last month was only the beginning of an effort being driven by President Barack Obama to reshape and strengthen the nation’s cybersecurity, according to Melissa Hathaway, who headed up the review.

2009.06.15 - Industry News - Associations urge Congress to renew chemical facility security law

Tue, 23 Jun 2009 10:33:22 -0400
Nick Snow,
Oil & Gas Journal,
15 June 2009

Associations urge Congress to renew chemical facility security law

Thirty-four trade associations, including the American Petroleum Institute and six others from the oil and gas industry, asked Congress on June 11 to reauthorize the chemical facility security law without significant changes.

2009.06.15 - Industry News - US site security law likely to have safer technology mandate

Tue, 23 Jun 2009 10:31:14 -0400
icis.com,
15 June 2009

US site security law likely to have safer technology mandate

Federal security regulators likely will have new authority to impose inherently safer technology (IST) requirements on US chemical plants at risk of terrorist attack, industry officials said on Monday.

2009.06.15 - Industry News - UK set for national cyber-security centre

Tue, 23 Jun 2009 10:28:39 -0400
Dave Bailey,
Computing.co.uk,
15 June 2009

UK set for national cyber-security centre

Prime minister expected to announce new plan to combat e-crime attacks on UK IT infrastructure by foreign states and criminal gangs

2009.06.11 - Industry News - DOE, NIST aim to secure smart grid

Fri, 12 Jun 2009 09:57:51 -0400
William Jackson,
Government Computer News,
11 June 2009

DOE, NIST aim to secure smart grid

The smart grid that the Energy Department and electricity industry are building promises to be a more intelligent, more efficient system that will support a new generation of renewable energy sources. But it will also bring new challenges in ensuring the security of the grid itself and the information systems that will connect with it and control it.

2009.06.11 - Industry News - Ex-government cyber official, exec mulled for czar job

Fri, 12 Jun 2009 09:57:51 -0400
Diane Bartz,
Reuters,
11 June 2009

Ex-government cyber official, exec mulled for czar job

Microsoft's security chief and a veteran of Clinton's and Bush's national security teams are leading candidates for cybersecurity czar, a job that needs White House access and clout to protect networks that underpin the U.S. economy.

2009.06.10 - Industry News - Experts: U.S. needs to spend more on cybersecurity R&D

Thu, 11 Jun 2009 15:19:02 -0400
Grant Gross,
Computerworld,
10 June 2009

Experts: U.S. needs to spend more on cybersecurity R&D

The U.S. government needs to spend more money on cybersecurity research and development and on education programs in order to fight a rising tide of attacks against government and private groups, cybersecurity experts told U.S. lawmakers.

2009.06.09 - Industry News - Gates: Cybersecurity is a high priority for DOD

Wed, 10 Jun 2009 11:35:49 -0400
Doug Beizer,
Federal Computer Week,
09 June 2009

Gates: Cybersecurity is a high priority for DOD

The Defense Department is bolstering its responses to cybersecurity threats, Defense Secretary Robert Gates told the the Senate Appropriations Committee’s Defense Subcommittee today.

2009.06.02 - Industry News - Proposed bill addresses utilities’ chemical security

Wed, 10 Jun 2009 11:30:42 -0400
Water Tech Online,
02 June 2009

Proposed bill addresses utilities’ chemical security

American Water Works Association (AWWA) Legislative Director Tommy Holmes reported May 28 that two House committees are drafting legislation on chemical facility security that would significantly affect drinking water utilities.

2009.06.02 - Industry News - DHS names key cybersecurity staff

Wed, 3 Jun 2009 13:14:01 -0400
Jaikumar Vijayan,
Computerworld,
02 June 2009

DHS names key cybersecurity staff

U.S. Homeland Security Secretary Janet Napolitano tapped Philip Reitinger as director of the National Cybersecurity Center (NCSC), replacing Rod Beckstrom, who quit the post earlier this year citing turf battles with other agncies.

2009.05.29 - Industry News - Obama's cybersecurity plan gets cautious praise

Wed, 3 Jun 2009 13:14:01 -0400
Jaikumar Vijayan,
Computerworld,
29 May 2009

Obama's cybersecurity plan gets cautious praise

President Obama's plan for securing cyberspace and his creation of a new White House cybersecurity coordinator are being greeted with cautious optimism within the security industry.

2009.05.29 - Industry News - Ex-Employee Fingered in Texas Power Company Hack

Wed, 3 Jun 2009 13:11:56 -0400
Kevin Poulsen,
Wired,
29 May 2009

Ex-Employee Fingered in Texas Power Company Hack

The FBI is investigating a computer intrusion at a large Texas power company that crippled the firm’s energy forecast system for a day in March, costing it over $26,000.

2009.05.29 - Industry News - Cybersecurity Review Finds U.S. Networks ‘Not Secure’

Wed, 3 Jun 2009 13:10:19 -0400
Thomas Claburn,
InformationWeek,
29 May 2009

Cybersecurity Review Finds U.S. Networks ‘Not Secure’

The White House has released a report calling for urgent action to secure the nation's computer network infrastructure.

2009.05.29 - Industry News - Obama Releases Cybersecurity Report: ‘Much Work to Be Done’

Wed, 3 Jun 2009 13:06:59 -0400
Wall Street Journal,
29 May 2009

Obama Releases Cybersecurity Report: ‘Much Work to Be Done’

President Barack Obama said Friday that cybersecurity is critically important and an area that the U.S. isn’t "s prepared as we should be,"though he added that he remains committed to net neutrality and personal privacy for Americans.

2009.05.29 - Industry News - Obama calls for better security for computers

Wed, 3 Jun 2009 13:04:44 -0400
Lolita C. Baldor,
MSNBC.com,
29 May 2009

Obama calls for better security for computers

President Barack Obama says the nation for too long has failed to adequately protect the security of its computer networks, and he will name a new cyber czar to take on the job.

2009.05.29 - Industry News - President Barack Obama releases final report following a 60-day review of U.S. cyber security policy.

Wed, 3 Jun 2009 13:04:15 -0400
The White House,
29 May 2009

President Barack Obama releases final report following a 60-day review of U.S. cyber security policy.

2009.05.28 - Industry News - Will White House Czar Choose the Right Path?

Wed, 3 Jun 2009 12:58:31 -0400
Bill Brenner,
Computerworld,
28 May 2009

Will White House Czar Choose the Right Path?

In his 1981 inaugural address, President Ronald Reagan declared that government is not the solution to our problems, but that "government is the problem."

Fast-forward to 2009: A new president is in town who believes government can solve some of our problems, including cybersecurity. And he's getting ready to make some announcements on the matter.

2009.05.27 - Industry News - Bio-Labs Cyber Threats Ignored?

Wed, 3 Jun 2009 12:58:30 -0400
Bob Brewin,
NextGov,
27 May 2009

Bio-Labs Cyber Threats Ignored?

Laboratories that conduct research on dangerous biological agents such as anthrax have not paid much attention to the potential of cyber threats or cyber intrusions, the Defense Science Board said in a report released this week.

2009.05.26 - Industry News - Obama Set to Create A Cybersecurity Czar With Broad Mandate

Tue, 26 May 2009 10:57:58 -0400
Ellen Nakashima,
Washington Post,
26 May 2009

Obama Set to Create A Cybersecurity Czar With Broad Mandate

President Obama is expected to announce late this week that he will create a "cyber czar," a senior White House official who will have broad authority to develop strategy to protect the nation's government-run and private computer networks, according to people who have been briefed on the plan.

2009.05.22 - Industry News - Experts make push for cybersecurity coordination center

Tue, 26 May 2009 10:57:50 -0400
Andrew Noyes,
NextGov,
22 May 2009

Experts make push for cybersecurity coordination center

President Obama should create a national cybersecurity coordinating center with public and private sector representation that can provide near real-time warnings and share threat data with government and industry stakeholders about high-tech attacks against critical infrastructure, a panel of experts said Thursday.

2009.05.22 - Industry News - Experts make push for cybersecurity coordination center

Tue, 26 May 2009 10:56:38 -0400
Andrew Noyes,
NextGov,
22 May 2009

Experts make push for cybersecurity coordination center

President Obama should create a national cybersecurity coordinating center with public and private sector representation that can provide near real-time warnings and share threat data with government and industry stakeholders about high-tech attacks against critical infrastructure, a panel of experts said Thursday.

2009.05.18 - Industry News - Smart Grid Progress: DOE Announces First Standards, Raises Cap on Stimulus Funds

Tue, 26 May 2009 10:55:08 -0400
Reuters,
18 May 2009

Smart Grid Progress: DOE Announces First Standards, Raises Cap on Stimulus Funds

As we’ve pointed out in the past, policy makers and companies building out the smart grid are under the gun to produce a working set of standards by September in order to quickly and effectively allocate the over $4 billion in stimulus funds. Department of Energy Secretary Steven Chu sees the need to move quickly, and this morning he held a meeting with 60 or so smart-grid industry leaders to kick-start the standards process for industry workshops coming up later this week. At the meeting, the DOE announced the first 16 sets of standards that will make up the more than 100 standards for the Interim SmartGrid Roadmap that will be published by the National Institute of Standards in September.

2009.05.14 - Industry News - Defense networks breach reveals weaknesses in federal info security

Tue, 26 May 2009 10:53:19 -0400
Jill R. Aitoro,
NextGov,
14 May 2009

Defense networks breach reveals weaknesses in federal info security

Tighter information security controls on government computers could have prevented the leak of confidential documents by a Pentagon official to a Chinese operative, according to members of the security industry.

2009.05.14 - Industry News - Mark Weatherford: U.S. Must Protect Critical Infrastructure From Cyber-Threats

Tue, 26 May 2009 10:49:10 -0400
Jim McKay,
Government Technology,
14 May 2009

Mark Weatherford: U.S. Must Protect Critical Infrastructure From Cyber-Threats

The nation needs to do a better job of protecting critical infrastructure from cyberthreats, Mark Weatherford, chief security information officer of California, said Thursday at a security summit at Government Technology's Conference on California's Future in Sacramento.

2009.05.13 - Incidents - Information-sharing platform hacked - Homeland Security Information Network suffers intrusions

Thu, 14 May 2009 17:32:43 -0400
Ben Bain,
Federal Computer Week,
2009.05.13

Information-sharing platform hacked

The Homeland Security Department’s platform for sharing sensitive but unclassified data with state and local authorities was hacked recently, a DHS official has confirmed.

2009.05.12 - Industry News - Our infrastructure in their crosshairs

Thu, 14 May 2009 17:31:09 -0400
Stephen C. Miller,
The News Observer,
12 May 2009

Our infrastructure in their crosshairs

Last month The Wall Street Journal reported that the U.S. electrical grid had been penetrated by hackers and that software had been left behind that could be used to disrupt the systems. Utilities were unaware that their computer systems had been compromised, since the intrusions were discovered only after the utility companies gave the government permission to audit their systems.

2009.05.08 - Industry News - NERC president: Emergency cybersecurity help needed

Mon, 11 May 2009 17:26:19 -0400
Angela Moscaritolo,
SC Magazine,
08 May 2009

NERC president: Emergency cybersecurity help needed

Efforts of the North American Electric Reliability Corp. (NERC) to secure the nation's power grid against cyberthreats cannot substitute for additional emergency authority at the federal level, urged Richard Sergel, president and CEO of NERC, in testimony during a Senate hearing on cybersecurity Tuesday.

2009.05.07 - Industry News - Report: Web app hacks can invade air traffic control systems

Mon, 11 May 2009 17:24:51 -0400
Dan Kaplan,
SC Magazine,
07 May 2009

Report: Web app hacks can invade air traffic control systems

Web applications that are used to support the operations of the nation's air traffic control (ATC) systems are not properly secured nor configured to prevent attacks or improper access, and the Federal Aviation Agency (FAA) lacks robust intrusion detection, concluded a government report released this week.

2009.05.06 - Industry News - IG: Air traffic control system vulnerable to cyberattack

Thu, 7 May 2009 10:59:43 -0400
Kathleen Hickey,
Government Computer News,
06 May 2009

IG: Air traffic control system vulnerable to cyberattack

The Federal Aviation Administration’s air traffic control system is vulnerable to cyberattacks via Web applications that support the system, according to a new report released by the Transportation Department’s Office of Inspector General (OIG).

2009.05.06 - Industry News - NERC - Strengthened Cyber Security Standards Approved

Thu, 7 May 2009 10:45:10 -0400
NERC,
06 May 2009

Strengthened Cyber Security Standards Approved

PRINCETON, N.J., May 6, 2009 - Eight revised cyber security standards for the North American bulk power system were approved by the North American Electric Reliability Corporation’s (NERC) independent Board of Trustees today. Today’s action represents the completion of phase one of NERC’s cyber security standards revision work plan which was launched in July 2008. Work continues on phase two of the revision plan, with version three standards already under development.

2009.05.01 - Industry News - Critics: Cybersecurity standards for grid do not go far enough

Thu, 7 May 2009 10:43:16 -0400
HSDailyWire.com,
01 May 2009

Critics: Cybersecurity standards for grid do not go far enough

Legislators introduce the Critical Electric Infrastructure Protection Act, would require FERC to issue updated regulations for the U.S. power grid within 120 days of enactment, but critics say the bill is too limited

2009.04.30 - Industry News - Smart Grid offers savings, vulnerabilities

Thu, 7 May 2009 10:39:53 -0400
HSDailyWire.com,
30 April 2009

Smart Grid offers savings, vulnerabilities

A bill to be presented in Congress today aims to stop utility hackers; experts, legislators call for regulations on smart power meters to reduce new grid's vulnerability to hacking

2009.04.29 - Industry News - Critics say bill to protect electric grid from cyberattacks lacks teeth

Thu, 7 May 2009 10:25:37 -0400
Jill R. Aitoro,
NextGov,
29 April 2009

Critics say bill to protect electric grid from cyberattacks lacks teeth

A bill expected to be introduced in the House and Senate this week would help protect the computers that control the country's power grid, but it does not go far enough, security experts said on Wednesday.

2009.04.29 - Industry News - Lawmakers Seek to Tighten Cyber Regulation on Power Grids

Thu, 7 May 2009 10:12:35 -0400
Brian Krebs ,
Washington Post,
29 April 2009

Lawmakers Seek to Tighten Cyber Regulation on Power Grids

Key lawmakers in the House and Senate are seeking to grant federal regulators new powers to protect the U.S. power grid in the face of an imminent or actual cyber attack on the nation's electric infrastructure.

2009.04.28 - Industry News - U.S. Steps Up Effort on Digital Defenses

Tue, 28 Apr 2009 17:45:17 -0400
New York Times,
28 April 2009

U.S. Steps Up Effort on Digital Defenses

When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group’s computers and altered information that drove them into American gun sights.

2009.04.25 - Industry News - Cyber-Attacks and Cyber-Disasters: Are You Prepared?

Tue, 28 Apr 2009 17:44:17 -0400
Kevin Coleman,
TechNewsWorld,
25 April 2009

Cyber-Attacks and Cyber-Disasters: Are You Prepared?

In 2007, a denial-of-service attack was launched every 53 minutes. Earlier this year, the loss of an undersea cable resulted to the loss of Internet service for entire regions. Businesses that rely to any measure on the Web must secure their businesses against the possibility of large-scale cyber-attacks and disasters, writes strategic management consultant Kevin Coleman.

2009.04.24 - Industry News - Critical infrastructure central to cyber threat

Tue, 28 Apr 2009 17:43:27 -0400
Ben Bain,
FCW,com,
24 April 2009

Critical infrastructure central to cyber threat

The United States is increasingly vulnerable to cyberattacks that could have catastrophic effects on critical physical infrastructure, and severely damage the country’s economic, military and strategic interests, cybersecurity specialists said today.

2009.04.23 - Industry News - Hot or Not: SCADA security is hot

Tue, 28 Apr 2009 17:42:02 -0400
Amol Sarwate,
SC Magazine,
23 April 2009

Hot or Not: SCADA security is hot

The notion of supervisory-control and data-acquisition system security, SCADA, seemed not long ago to be a topic of interest only to those who ran complex industrial control systems, water treatment plants, and power generation – and in some ways it still is. But for anyone who attended the SANS 2009 SCADA and Process Control Summit recently, it became clear that the convergence of IT security and physical security is accelerating.

2009.04.22 - Industry News - The Cold War Moves To Cyberspace

Tue, 28 Apr 2009 17:40:52 -0400
Charles Cooper,
CBS News,
22 April 2009

The Cold War Moves To Cyberspace

Somewhere deep in Washington's national security apparatus, more than a few old-timers surely pine for the clarity of the Cold War. Black versus white, American versus Russian, spy versus spy - the good old days.

2009.04.21 - Industry News - We don't want to run U.S. cybersecurity efforts, NSA chief says

Tue, 28 Apr 2009 17:39:41 -0400
Jaikumar Vijayan,
Computer World,
21 April 2009

We don't want to run U.S. cybersecurity efforts, NSA chief says

The director of the National Security Agency (NSA) today downplayed widespread concerns about his agency's growing role in national cybersecurity affairs. Speaking at the security-oriented RSA Conference 2009 being held here this week, Lt. Gen. Keith Alexander stressed that the NSA has no desire to run cybersecurity for the federal government. Instead, the NSA wants to team up with the U.S. Department of Homeland Security in developing and enforcing cyberdefenses for government and military networks.

2009.04.16 - Industry News - Federal cybersecurity review drawing to a close

Tue, 28 Apr 2009 17:38:17 -0400
Jaikumar Vijayan,
Computer World,
16 April 2009

Federal cybersecurity review drawing to a close

A 60-day review of federal cybersecurity efforts that President Barack Obama ordered in February is scheduled to end this week, although it's unclear when the much-anticipated findings will be publicly released.

2009.04.15 - Industry News - How Vulnerable Is the Power Grid? Less Than Some Fear, Experts Say

Tue, 28 Apr 2009 17:36:39 -0400
Bobby Ghosh,
Time,
15 April 2009

How Vulnerable Is the Power Grid? Less Than Some Fear, Experts Say

The attack could come when we're most vulnerable - a blistering hot July afternoon or a freezing cold January night. Suddenly, vast sections of the U.S. power grid go black. The lights go out, air-conditioning (or heating) shuts down. Once it becomes clear that this is no temporary brownout, the public begins to panic. At the power utilities, engineers can't understand why the network shut off, and can't get it to start up again. It's hours before the truth emerges: a terrorist group (or a hostile country, or some evil-genius hacker) has broken into the computer networks that control the power grid, bringing the U.S. to its knees.

2009.04.13 - Industry News - President’s cybersecurity review covers a lot of ground, but doesn't plow deeply

Tue, 28 Apr 2009 17:34:38 -0400
William Jackson,
Government Computer News,
13 April 2009

President’s cybersecurity review covers a lot of ground, but doesn't plow deeply

The 60-day review of the country’s cybersecurity posture that President Barack Obama ordered in February is expected to be wrapped up this week. So far, the effort has received good reviews, but do not expect it to result in a detailed road map for securing our information infrastructure.

2009.04.10 - Industry News - Just how vulnerable is the electrical grid?

Fri, 17 Apr 2009 12:03:25 -0400
Elinor Mills,
CNET,
10 April 2009

Just how vulnerable is the electrical grid?

Smarter is not always better--at least when it comes to utilities. More than a decade after initial reports said critical infrastructure in the U.S. is vulnerable to cyberattack, the situation has only worsened as utilities move their control systems closer to the Internet and install smart-grid technology, according to security experts.

2009.04.09 - Industry News - Digital Pearl Harbor, Cyber 9/11, and E-Qaeda

Fri, 17 Apr 2009 12:03:25 -0400
Brian Krebs
Washington Post,
09 April 2009

Digital Pearl Harbor, Cyber 9/11, and E-Qaeda

From today's print edition of The Washington Post come a pair of alarming stories about how Chinese hackers and terrorist groups have infiltrated our electric power grid and are using our own digital infrastructure against us.

2009.04.08 - Industry News - Electricity Grid in U.S. Penetrated By Spies

Wed, 8 Apr 2009 10:29:32 -0400
Siobhan Gorman,
Wall Street Journal,
08 April 2009

Electricity Grid in U.S. Penetrated By Spies

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

2009.04.06 - Industry News - NIST ramps up work on standards for a Smart Grid

Wed, 8 Apr 2009 10:29:31 -0400
William Jackson
Government Computer News,
06 April 2009

NIST ramps up work on standards for a Smart Grid

Spurred by economic stimulus spending that will support the development of a nationwide Smart Grid for intelligent energy distribution, the National Institute of Standards and Technology is stepping up efforts to identify or create interoperability and security standards for the new infrastructure.

2009.04.02 - Industry News - CIA exercise turns up security concerns at N.C. water plant

Thu, 2 Apr 2009 12:18:14 -0400
PilotOnline.com,
02 April 2009

CIA exercise turns up security concerns at N.C. water plant

The Elizabeth City water plant is vulnerable to attack, most likely from vandals or someone with a grudge rather than from terrorists, a team from the CIA training base at Harvey Point found last week.

2009.04.01 - Industry News - Chairman Rockefeller and Senator Snowe Introduce Comprehensive Cyber Security Legislation

Thu, 2 Apr 2009 12:18:13 -0400
Senate Committee on Commerce, Science, and Transportation Press Release,
01 April 2009

Chairman Rockefeller and Senator Snowe Introduce Comprehensive Cyber Security Legislation

WASHINGTON, D.C. - Senator John D. (Jay) Rockefeller IV, Chairman of the Senate Committee on Commerce, Science, and Transportation and Senator Olympia Snowe (RME) today announced the introduction of comprehensive cybersecurity legislation to address our nation’s vulnerability to cyber crime, global cyber espionage, and cyber attacks that could potentially cripple the United States’ critical infrastructure.

2009.03.30 - Industry News - Government seizes opportunity to build security into new critical infrastructure

Tue, 31 Mar 2009 11:11:48 -0400
William Jackson,
Government Computer News,
30 March 2009

Government seizes opportunity to build security into new critical infrastructure

Development of a new generation of intelligent power grids for energy distribution is a high priority for President Barack Obama’s administration, and $4.5 billion has been included in the economic stimulus package for the Energy Department to pursue this goal.

2009.03.26 - Industry News - White House cyber adviser - more questions than answers

Fri, 27 Mar 2009 14:56:38 -0400
Stephanie Condon,
CNET,
26 March 2009

White House cyber adviser - more questions than answers

The comprehensive cybersecurity legislation currently in development in the Senate aims to bring high-level government attention to the serious problem of cybersecurity by giving one White House official oversight of critical network infrastructure.

2009.03.24 - Industry News - Smart Grid will only be as good as security behind it

Fri, 27 Mar 2009 14:55:36 -0400
William Jackson,
Government Computer News,
24 March 2009

Smart Grid will only be as good as security behind it

The United States is at a critical juncture in the development and deployment of technology that will enable a new generation of smart power grids. The economic stimulus package includes $4.5 billion for Smart Grid projects and industry is developing and deploying some of the technology.

2009.03.21 - Industry News - 'Smart Grid' may be vulnerable to hackers

Fri, 27 Mar 2009 14:53:57 -0400
Jeanne Meserve,
CNN,
21 March 2009

'Smart Grid' may be vulnerable to hackers

Is it really so smart to forge ahead with the high technology, digitally based electricity distribution and transmission system known as the "Smart Grid"? Tests have shown that a hacker can break into the system, and cybersecurity experts said a massive blackout could result.

2009.03.19 - Industry News - Expert: Hackers penetrating industrial control systems

Fri, 27 Mar 2009 14:52:37 -0400
Grant Gross,
Computer World,
19 March 2009

Expert: Hackers penetrating industrial control systems

March 19, 2009 (IDG News Service) The networks powering industrial control systems have been breached more than 125 times in the past decade, with one resulting in U.S. deaths, a control systems expert said Thursday.

2009.03.19 - Industry News - Senator plans to promote cybersecurity education

Fri, 27 Mar 2009 14:51:18 -0400
Stephanie Condon,
CNET,
19 March 2009

Senator plans to promote cybersecurity education

The U.S. economy is suffering massive losses every year due to cyberattacks, yet most Americans are not aware of the gravity of the problem, cyber experts told Congress Thursday. Without more federal funding for educational reforms and basic research to promote cybersecurity, the nation will regularly suffer from attacks of serious consequence, they said.

2009.03.17 - Industry News - Pentagon Official Warns of Risk of Cyber Attacks

Fri, 27 Mar 2009 14:49:39 -0400
Walter Pincus,
Washington Post,
17 March 2009

Pentagon Official Warns of Risk of Cyber Attacks

The head of the Pentagon's Strategic Command warned Congress today that the United States is vulnerable to cyberattacks "across the spectrum" and that more needs to be done to defend against the potential of online strikes, which could "potentially threaten not only our military networks, but also our critical national networks."

2009.03.12 - Industry News - Web malware, more advanced and targeted than ever

Fri, 27 Mar 2009 14:48:26 -0400
Dan Kaplan,
SC Magazine,
12 March 2009

Web malware, more advanced and targeted than ever

End-users working in the energy-and-oil sector are most at-risk to succumbing to web malware, according to ScanSafe's annual threat report released this week.

2009.03.11 - Industry News - Security requirements defined for smart electrical meters

Fri, 27 Mar 2009 14:47:07 -0400
William Jackson,
Government Computer News,
11 March 2009

Security requirements defined for smart electrical meters

DOE and electric utilities establish baseline security needs for Advanced Metering Systems that are a part of the planned Smart Grid

2009.03.10 - Industry News - Government Needs To Get Its Cybersecurity In Gear, Experts Tell Congress

Fri, 27 Mar 2009 14:44:23 -0400
Tim Wilson,
Dark Reading,
10 March 2009

Government Needs To Get Its Cybersecurity In Gear, Experts Tell Congress

Some of the nation's top cybersecurity experts today told a congressional subcommittee that the United States isn't ready for a major online attack, and called on the White House and the rest of the federal government to get their acts together.

2009.03.10 - Industry News - Cyberattack mapping could yield blueprint for cyberdefense

Fri, 27 Mar 2009 14:40:01 -0400
Government Computer News
10 March 2009

Cyberattack mapping could yield blueprint for cyberdefense

Researchers at Sandia National Laboratories have been mapping out attacks against large-scale computer networks to develop massive cyberattack simulations to gain a better understanding of how automated cyberwarfare works and how to defend against coordinated cyberattacks, according to a report from Information Security magazine.

2009.03.09 - Industry News - Congressional Committees Work to Develop Chemical Security Bill Before Rules Expire

Fri, 27 Mar 2009 14:38:47 -0400
GAO,
09 March 2009

Congressional Committees Work to Develop Chemical Security Bill Before Rules Expire

Key Improvements Are Needed to Strengthen the Nation's Posture

2009.03.09 - Industry News - Tension mounts between agencies over cybersecurity oversight

Fri, 27 Mar 2009 14:37:56 -0400
Jill R. Aitoro,
NextGov,
09 March 2009

Tension mounts between agencies over cybersecurity oversight

An independent agency that reports directly to the White House should oversee federal cybersecurity efforts, said former government officials, a move that could relieve growing tension between the intelligence community and the Homeland Security Department over who leads such initiatives.

2009.03.09 - Industry News - New DHS Cyber-Security Working Group Links Agencies

Fri, 27 Mar 2009 14:35:22 -0400
Hilton Collins,
GovTech.com,
09 March 2009

New DHS Cyber-Security Working Group Links Agencies

The U.S. Department of Homeland Security has created a collaborative venture for public- and private-sector organizations in order to nip problems in the bud that are associated with industrial control systems -- at least the ones that can be nipped by computer.

2009.03.03 - Industry News - Lack of standards could stymie smart grid

Fri, 27 Mar 2009 14:33:25 -0400
Stephanie Condon,
CNET,
03 March 2009

Lack of standards could stymie smart grid

WASHINGTON--The Department of Energy will be pushing out $4.5 billion for smart grid investments as part of the federal government's economic stimulus plan, but unless smart-grid standards are developed quickly, the government risks wasting its money on soon-obsolete technologies that could be incompatible with one another, regulators and industry representatives warned Congress Tuesday.

2009.03.02 - Industry News - Spy agency gains support for key cyber role

Fri, 27 Mar 2009 13:27:08 -0400
Robert Lemos,
SecurityFocus.com,
02 March 2009

Spy agency gains support for key cyber role

The United States' top intelligence official argued last week that the National Security Agency should become the nation's cyber defender, adding his voice to the growing murmur of support for the agency's future role in cyberspace.

2009.02.26 - Industry News - Administration to request more for cybersecurity

Fri, 27 Mar 2009 13:18:44 -0400
Ben Bain,
Federal Computer Week,
26 February 2009

Administration to request more for cybersecurity

President Barack Obama wants $355 million for the Homeland Security Department’s cybersecurity efforts in fiscal 2010, according to an overview of his budget proposal released today.

2009.02.25 - Industry News - GE Energy Signs OEM Agreement with Industrial Defender, Helping to Protect the Power Industry’s Critical Infrastructure

Thu, 26 Feb 2009 12:11:40 -0500
Press Release,
GE Energy,
25 February 2009

GE Energy Signs OEM Agreement with Industrial Defender, Helping to Protect the Power Industry’s Critical Infrastructure

GE Energy will Offer Industrial Defender’s Technology Suite as a Value-Added Solution to Tackle Electric Industry’s Cyber Security and Compliance Challenges

2009.02.24 - Industry News - America's enemies have targeted its cyber vulnerabilities

Thu, 26 Feb 2009 12:11:40 -0500
James Jay Carafano,
United Press International,
24 February 2009

America's enemies have targeted its cyber vulnerabilities

WASHINGTON, Feb. 24 (UPI) -- Islamist hackers took their fight to the target-rich environment of the Internet years ago. Thanks to its low barriers to entry, the cyber environment has proven itself to be one of the most efficient asymmetric tools for Islamist terrorists to incite hatred and violence, and plan and carry out attacks.

2009.02.24 - Industry News - Gov't CIO Survey: Cybersecurity Still Needs Work

Thu, 26 Feb 2009 12:11:39 -0500
Grant Gross,
PC World,
24 February 2009

Gov't CIO Survey: Cybersecurity Still Needs Work

Cybersecurity continues to be a top concern among U.S. government CIOs, but agencies are still falling short of achieving good security results, according to a new survey of top government IT officials.

2009.02.23 - Industry News - Group unveils security controls to thwart cyberattacks

Tue, 24 Feb 2009 12:36:34 -0500
Jill R. Aitoro,
NextGov,
23 February 2009

Group unveils security controls to thwart cyberattacks

A consortium of federal agencies and private organizations released a set of guidelines on Monday aimed at protecting data and information systems from cyberattacks. The list of security controls eventually will be compared to global audit guidelines to determine whether they should be incorporated into assessments of information security.

2009.02.23 - Industry News - DHS to use more simulations in infrastructure protection

Tue, 24 Feb 2009 12:29:50 -0500
Jill R. Aitoro,
NextGov,
23 February 2009

DHS to use more simulations in infrastructure protection

The Homeland Security Department will rely more on simulations to test the integrity of critical infrastructure and key resources, according to a 175-page plan released last week. But one security specialist said the plan was thin on details.

2009.02.23 - Industry News - A National Clean-Energy Smart Grid 101

Tue, 24 Feb 2009 12:29:50 -0500
Center for American Progress,
23 February 2009

A National Clean-Energy Smart Grid 101

An Electricity Grid for the 21st Century

2009.02.20 - Industry News - Authorization and chemical security bills top panel agendas

Tue, 24 Feb 2009 12:29:43 -0500
Chris Strohm,
Government Executive,
20 February 2009

Authorization and chemical security bills top panel agendas

Top aides on the House and Senate Homeland Security committees Friday revealed plans for moving a Homeland Security authorization bill and legislation regulating security at the nation's chemical facilities, while acknowledging some potential obstacles ahead.

2009.02.19 - Industry News - U.S. DHS forms new industrial cyber security group

Tue, 24 Feb 2009 12:29:42 -0500
Control Engineering,
19 February 2009

U.S. DHS forms new industrial cyber security group

The U.S. Department of Homeland Security (DHS) Control Systems Security Program (CSSP) has established the Industrial Control Systems Joint Working Group (ICSJWG). This group will continue the successful public and private partnerships created by the Process Control System Forum (PCSF) which was disbanded. (See related developments at Control Engineering Industrial Cyber Security blog. Also read: Cyber security issues take center stage in 2009.)

2009.02.18 - Industry News - DHS relooking at how to classify cyber incidents

Thu, 19 Feb 2009 12:32:17 -0500
Jason Miller,
Federal News Radio,
17 February 2009

DHS relooking at how to classify cyber incidents

The Homeland Security Department's U.S. Computer Emergency Response Team (U.S.-Cert) will make suggestions about how to change the way the government tracks cyber attacks.

2009.02.18 - Industry News - U.S. must craft cyberwarfare battle strategy

Thu, 19 Feb 2009 12:32:18 -0500
William Jackson,
Government Computer News,
18 February 2009

U.S. must craft cyberwarfare battle strategy

America has to face up to the realities of cyberwarfare with tactical and strategic planning, Kurtz says.

2009.02.17 - Industry News - Number of reported cyber incidents jumps

Thu, 19 Feb 2009 17:09:31 -0500
Ben Bain,
Federal Computer Week,
17 February 2009

Number of reported cyber incidents jumps

Federal civilian agencies reported three times as many cyber-related incidents in fiscal 2008 as they did in fiscal 2006 to the Homeland Security Department's office that coordinates defenses and responses to cyberattacks. Meanwhile, an official says the office suspects the actual number of cyber incidents is higher.

2009.02.17 - Industry News - Cybersecurity workforce standards finalized

Thu, 19 Feb 2009 12:30:28 -0500
Jason Miller,
Federal News Radio,
17 February 2009

Cybersecurity workforce standards finalized

The Homeland Security Department Thursday issued its final version of cybersecurity workforce standards.

2009.02.17 - Industry News - US faces growing cyberattacks:

Thu, 19 Feb 2009 12:22:11 -0500
USA Today,
17 February 2009

US faces growing cyberattacks:

WASHINGTON (AFP) - The number of reported cyberattacks on US government computer networks rose by more than 40 percent last year, USA Today reported on Tuesday.

2009.02.16 - Industry News - PC virus invades Germany

Thu, 19 Feb 2009 12:20:45 -0500
The Times,
16 February 2009

PC virus invades Germany

BERLIN - A computer virus which has already hit defence computers in Britain and France has spread to German military systems, the Defence Ministry in Berlin said on Saturday.

2009.02.12 - Industry News - DOE seeks new approach to cybersecurity

Thu, 19 Feb 2009 12:19:39 -0500
William Jackson,
Government Computer News,
12 February 2009

DOE seeks new approach to cybersecurity

Reactive approaches to information security have not kept pace with the rapidly evolving information technology environment, and a panel of experts examining the state of security at the Energy Department has recommended a fundamentally different approach.

2009.02.09 - Incidents - Union: Hacker broke into FAA computers

Tue, 10 Feb 2009 12:04:49 -0500
MSNBC
2009.02.09

Union: Hacker broke into FAA computers

WASHINGTON - Hackers broke into the Federal Aviation Administration's computer system last week, accessing the names and national identification numbers of 45,000 employees and retirees, a union leader says.

2009.02.09 - Industry News - Obama hints at cybersecurity shake-up with review

Tue, 10 Feb 2009 12:03:15 -0500
Declan McCullagh,
CNET,
09 February 2009

Obama hints at cybersecurity shake-up with review

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities.

2009.02.08 - Industry News - Hathaway to Head Cybersecurity Post

Mon, 9 Feb 2009 10:39:10 -0500
Siobhan Gorman,
Wall Street Journal,
08 February 2009

Hathaway to Head Cybersecurity Post

WASHINGTON -- President Barack Obama will tap a top aide to President George W. Bush's intelligence director to head his cybersecurity effort, according to government officials familiar with the decision. An announcement is expected as early as Monday.

2009.02.03 - Industry News - White House to assume key role in cybersecurity

Wed, 4 Feb 2009 11:29:06 -0500
Gregg Carlstrom,
Federal Times,
03 February 2009

White House to assume key role in cybersecurity

The White House plans to appoint a national adviser to coordinate the government’s approach to cybersecurity, previously the responsibility of the Homeland Security Department.

2009.02.03 - Industry News - Nato's cyber defence warriors

Tue, 3 Feb 2009 11:26:08 -0500
Frank Gardner,
BBC News,
03 February 2009

Nato's cyber defence warriors

Nato officials have told the BBC their computers are under constant attack from organisations and individuals bent on trying to hack into their secrets.

2009.02.02 - Industry News - Buzz grows for modernizing energy grid

Mon, 2 Feb 2009 14:53:49 -0500
Paul Davidson,
USA Today,
02 February 2009

Buzz grows for modernizing energy grid

Alternative energy is taking it on the chin this recession, with solar and wind developers canceling projects and laying off workers. But a far more obscure slice of the energy sector is hotter than ever: the electricity grid.

2009.01.29 - Industry News - Hackers Crack Into Texas Road Sign, Warn of Zombies Ahead

Tue, 3 Feb 2009 11:25:12 -0500
Joshua Rhett Miller,
FOX News,
29 January 2009

Hackers Crack Into Texas Road Sign, Warn of Zombies Ahead

Transportation officials in Texas are scrambling to prevent hackers from changing messages on digital road signs after one sign in Austin was altered to read, "Zombies Ahead."

2009.01.28 - Industry News - Senate stimulus bill packed with IT spending

Thu, 29 Jan 2009 10:30:04 -0500
Gautham Nagesh,
NextGov,
28 January 2009

Senate stimulus bill packed with IT spending

The $365 billion stimulus bill the Senate Finance Committee approved on Jan. 27 is packed with IT spending, including incentives to encourage health information technology, expansion of broadband services and funds for modernization projects at numerous agencies.

2009.01.27 - Industry News - Obama outlines key security tasks

Thu, 29 Jan 2009 10:28:41 -0500
Dan Raywood,
SC Magazine,
27 January 2009

Obama outlines key security tasks

The new US administration has identified key areas for improvement in security.

Claiming that ‘the first responsibility of any president is to protect the American people', President Obama and Vice President Joe Biden have identified international terrorism, bio-chemicals, nuclear weapons and information networks as the key areas for homeland security research and protection.

2009.01.23 - Industry News - Napolitano issues first action directives

Thu, 29 Jan 2009 10:26:47 -0500
HS Daily Wire,
23 January 2009

Napolitano issues first action directives

On her first day in office, new DHS secretary issues five action directives centering on protection of critical infrastructure, transportation, and on better intelligence sharing among federal, state, and local levels of government

2009.01.22 - Industry News - Obama Administration Outlines Cyber Security Strategy

Thu, 29 Jan 2009 10:25:18 -0500
Brian Krebs,
Washington Post (Blog),
22 January 2009

Obama Administration Outlines Cyber Security Strategy

President Barack Obama's administration has sketched out a broad new strategy to protect the nation's most vital information networks from cyber attack and to boost investment and research on cyber security.

2009.01.22 - Industry News - President Obama's cybersecurity plan released

Thu, 29 Jan 2009 10:23:15 -0500
Angela Moscaritolo,
SC Magazine,
22 January 2009

President Obama's cybersecurity plan released

While campaigning, President Obama addressed the importance of cybersecurity.

On Wednesday, he made good on at least some of his promises when his administration posted to the White House website an outline for protecting the nation's homeland security. The strategy includes a six-step plan to safeguard information networks.

2009.01.15 - Industry News - Air Force planning to train hundreds yearly in cyber warfare skills

Thu, 22 Jan 2009 12:29:01 -0500
Trish Choate,
San Angelo Standard-Times,
15 January 2009

Air Force planning to train hundreds yearly in cyber warfare skills

WASHINGTON - Someday, somewhere, while the clock ticks relentlessly, an Air Force version of Jack Bauer - who does not engage in torture, of course, unlike the "24" character from television - might be waiting tensely, desperately for help from a cyber warrior who trained at Goodfellow Air Force Base.

2009.01.15 - Industry News - Smart grid, broadband appear in $825 billion 'stimulus' plan

Mon, 19 Jan 2009 15:47:31 -0500
Declan McCullagh,
CNET,
15 January 2009

Smart grid, broadband appear in $825 billion 'stimulus' plan

House Democrats on Thursday revealed details of a massive legislative effort they said would inject new life into a flagging U.S. economy, thanks to a combination of $825 billion in tax cuts and new government spending.

2009.01.15 - Industry News - The Threat of Cyberterrorism

Mon, 19 Jan 2009 15:45:59 -0500
James Loy,
World Politics Review,
15 January 2009

The Threat of Cyberterrorism

During the U.S. presidential election, the Republican National Committee made headlines with a campaign flyer it mailed out to voters in Missouri and Virginia. A photo on the front showed a plane with its nose pressed against the exterior of an airport terminal, presumably filled with travelers. The text, beside a picture of the Democratic nominee on the inside, read, "Barack Obama thinks terrorists just need a good talking to."

2009.01.12 - Industry News - Obama faces major Internet security challenges

Mon, 19 Jan 2009 15:44:44 -0500
Loren B. Thompson,
UPI.com,
12 January 2009

Obama faces major Internet security challenges

In 2008, the Bush administration during its last year in office began a Comprehensive National Cybersecurity Initiative that eventually will spend more than $10 billion strengthening defenses of U.S. government networks.

2009.01.12 - Industry News - 'Huge increase' in worm attacks plague unpatched Windows PCs

Mon, 19 Jan 2009 15:42:36 -0500
Gregg Keizer
Computer World,
12 January 2009

'Huge increase' in worm attacks plague unpatched Windows PCs

A computer worm that exploits a Windows bug Microsoft Corp. patched more than two months ago continues to wreak havoc, a security company said today, as it boosted its overall threat ranking and warned users to patch their PCs.

2009.01.07 - Industry News - 'Cybergeddon' fear stalks US: FBI

Wed, 7 Jan 2009 12:03:30 -0500
Sydney Morning Herald,
07 January 2009

'Cybergeddon' fear stalks US: FBI

Cyber attacks pose the greatest threat to the United States after nuclear war and weapons of mass destruction -- and they are increasingly hard to prevent, FBI experts said Tuesday.

2009.01.05 - Industry News - NIST spells out security requirements for wireless access

Wed, 7 Jan 2009 12:03:28 -0500
William Jackson,
Government Computer News,
05 January 2009

NIST spells out security requirements for wireless access

The increasing mobility of workers and the proliferation of powerful mobile networking tools has made wireless access to government information resources a given, and along with that has come security concerns. The National Institute of Standards and Technology addresses these concerns in a draft of a new publication.

2009.01.05 - Industry News - Cyber security issues take center stage in 2009

Wed, 7 Jan 2009 12:03:02 -0500
Control Engineering,
05 January 2009

Cyber security issues take center stage in 2009

The US chemicals industry is certain to face tougher anti-terrorism requirements in While cyber security issues have been lurking in the background for some time now, 2009 will be the year they step into the light and probably your plant. Here’s why.

First and foremost, the NERC CIP (National Electric Reliability Corporation Critical Infrastructure Protection) regulations are coming into effect now. This may only affect power plants and larger utilities for the time being, but what happens through this implementation could hit you sooner than later.

2008.12.30 - Industry News - OUTLOOK ’09: Tougher US chemical security rules ahead

Tue, 6 Jan 2009 14:35:23 -0500
ICIS.com,
30 December 2008

OUTLOOK ’09: Tougher US chemical security rules ahead

The US chemicals industry is certain to face tougher anti-terrorism requirements in 2009, perhaps to include first-time federal authority to dictate inherently safer technologies (IST) as part of security measures.

2008.12 - Industry News - Cyberattack simulation highlights security challenges

Fri, 19 Dec 2008 11:04:39 -0500
Roy Maurer,
SHRM.org,
December 2008

Chertoff: Cyber Security Is Shared Responsibility

The government and the private sector share the responsibility of cyber security, including reducing vulnerable access points, says U.S. Homeland Security Secretary Michael Chertoff.

2008.12.26 - Industry News - U.S. faces growing threats to Internet from many enemies

Tue, 6 Jan 2009 14:42:58 -0500
Loren B. Thompson,
UPI.com,
26 December 2008

U.S. faces growing threats to Internet from many enemies

Digital networks are the nervous system of our modern technological civilization, essential to commerce and culture. The entire global economy, from banking to utilities to manufacturing to healthcare, relies on Internet-style communications. Even the U.S. military has reorganized for what it calls "network-centric warfare."

2008.12.22 - Industry News - Subway fare hackers to partner with transit agency

Tue, 6 Jan 2009 14:41:09 -0500
Jordan Robertson,
Business Week,
22 December 2008

Subway fare hackers to partner with transit agency

A trio of Massachusetts Institute of Technology students who found a way to hack into the Boston subway system's payment cards have agreed to partner with transit officials there to make the system more secure.

2008.12.19 - Industry News - U.S. not ready for cyber attack

Tue, 6 Jan 2009 14:38:52 -0500
Randall Mikkelsen,
Reuters.com,
19 December 2008

U.S. not ready for cyber attack

The United States is unprepared for a major hostile attack against vital computer networks, government and industry officials said on Thursday after participating in a two-day "cyberwar" simulation.

2008.12.18 - Industry News - Cyberattack simulation highlights security challenges

Tue, 6 Jan 2009 14:35:21 -0500
FCW.com,
18 December 2008

Cyberattack simulation highlights security challenges

Senior-level government and industry officials in a two-day cybersecurity simulation exercise that concluded today said it demonstrated the importance of a cross-sector, integrated approach to cybersecurity. The simulation also illustrated some challenges the Obama administration and next Congress will face in terms of cybersecurity, they said.

2008.12.16 - Industry News - Revised Phase I Cyber Security Standards Under Review by NERC

Fri, 19 Dec 2008 11:02:10 -0500
Transmission & Distribution World,
16 December 2008

Revised Phase I Cyber Security Standards Under Review by NERC

As part of its efforts to better address cyber security and critical infrastructure protection, the North American Electric Reliability Corp. and its Cyber Security Standard Drafting Team have recently released phase one of proposed revisions to eight Critical Infrastructure Protection reliability standards for industry comment and review. The standards (CIP-002 through CIP-009) are designed to ensure utilities and other users, owners, and operators of the bulk power system in North America have appropriate procedures in place to protect critical infrastructure from cyber attack.

2008.12.12 - Industry News - Leaders call for bolder security agenda

Tue, 16 Dec 2008 11:19:47 -0500
Wyatt Kash,
Government Computer News,
12 December 2008

Leaders call for bolder security agenda

A variety of existing measures could significantly improve the security of government information technology systems in the next two years, but agencies must look at IT security vulnerabilities as a threat to agency missions, not just their networks, if needed security improvements are to be made, experts said at a cyber security conference in Washington this week.

2008.12.10 - Industry News - Cyber Attack Linked to Company of Former Russian Spies

Tue, 16 Dec 2008 11:18:22 -0500
Jennifer Griffin,
FOX News,
10 December 2008

Cyber Attack Linked to Company of Former Russian Spies

The recent cyber attack on the U.S. military's classified computer network has been traced to a front company run by several former Russian KGB or Federal Security Service spies, FOX News has learned..

2008.12.10 - Industry News - Chertoff: Cyber defense must be wider

Thu, 11 Dec 2008 16:24:07 -0500
Doug Beizer,
FCW.com,
10 December 2008

Chertoff: Cyber defense must be wider

Cyber attacks against government and commercial networks aren't limited to traditional frontal attacks that attempt to create intrusion though vulnerabilities, Homeland Security Secretary Michael Chertoff said today at an event sponsored by AFCEA.

2008.12.08 - Industry News - More Cyber Security Regulations Recommended

Thu, 11 Dec 2008 16:24:05 -0500
Brian Krebs,
Washington Post,
08 December 2008

More Cyber Security Regulations Recommended

A bipartisan commission of computer security experts are recommending today that President-elect Barack Obama set up a high-level post to tackle cyber security, consider new regulations to combat cyber crime and shore up the security of the nation's most sensitive computer networks.

2008.12.08 - Industry News - CSIS releases government cybersecurity recommendations

Tue, 9 Dec 2008 10:52:45 -0500
Grant Gross,
Network World,
08 December 2008

CSIS releases government cybersecurity recommendations

The U.S. government should overhaul its approach to cybersecurity, with sweeping new regulations on private businesses and a new, centralized cybersecurity office in the White House, an all-star group of experts recommended Monday.

2008.12.08 - Industry News - New Cyber Security Push Is Urged

Mon, 8 Dec 2008 12:25:17 -0500
Siobhan Gorman,
Wall Street Journal,
08 December 2008

New Cyber Security Push Is Urged

WASHINGTON -- A commission of technology experts will propose consolidating cyber security work under a top White House official and using diplomatic, intelligence and military tools to confront threats in cyberspace.

2008.12.04 - Industry News - Security chief issues warning

Mon, 8 Dec 2008 12:24:20 -0500
Emily J. Hogan,
Politico,
04 December 2008

Security chief issues warning

At the dawn of a new political administration, the United States faces evolving security threats that must be addressed through dynamic intelligence practices, the director of national intelligence, Mike McConnell, said in a speech at the Harvard Kennedy School yesterday.

2008.12.04 - Industry News - Experts: US cybersecurity needs fresh ideas

Fri, 5 Dec 2008 11:56:09 -0500
ZDNET,
04 December 2008

Experts: US cybersecurity needs fresh ideas

A successful public-private partnership to combat cyberthreats will require more trust and forward-looking ideas, policy experts have said.

The US Department of Homeland Security is too reactionary in terms of cybersecurity threats, and needs to develop stronger incentives for the private sector to take preventative measures against cyberthreats, policy experts said on Wednesday.

2008.12.02 - Industry News - The promise of homeland security

Tue, 16 Dec 2008 11:16:02 -0500
David Fishering,,
SC Magazine,
02 December 2008

The promise of homeland security

Despite the numerous speeches and debates over the last year, little focus has been paid to homeland security. As a result, little could be gleaned as to how the candidates would shape homeland security policy and the industry. Now that Barack Obama has begun to build his cabinet and formulate his national security strategy, more can be assumed about the future of homeland security.

2008.12.02 - Incidents - Virus hits Islip Town, MacArthur Airport computers

Fri, 5 Dec 2008 11:57:37 -0500
Jennifer Maloney
Newsday.com
02 December 2008

Virus hits Islip Town, MacArthur Airport computers

A virus attack crippled computer systems in Islip Town offices and at Long Island MacArthur Airport for more than a week but did not compromise operations or security at the airport, officials said yesterday.

2008.12.01 - Industry News - Melding Security

Wed, 3 Dec 2008 12:01:06 -0500
NextGov,
01 December 2008

Melding Security

With computers now controlling critical assets, it's more important than ever for cyber and physical security managers to work together.

Linda Wilbanks can't fire a gun, but as chief information officer at the Energy Department's National Nuclear Security Administration, she's working with executives to ensure nuclear materials don't fall into the wrong hands. Why is the CIO involved in keeping nuclear materials secure? "Somewhere along the line, there's going to be IT controls" involved, Wilbanks says.

2008.11.30 - Industry News - Cyber attack has Pentagon worried

Tue, 2 Dec 2008 10:04:07 -0500
Julian E. Barnes,
Chicago Tribune,
30 November 2008

Cyber attack has Pentagon worried

Russia eyed in hit on Defense networks

WASHINGTON - Senior military leaders took the exceptional step of briefing President George W. Bush last week on a severe and widespread electronic attack on Defense Department computers that may have originated in Russia, posing unusual concern among commanders and potential implications for national security.

2008.11.28 - Industry News - Computer Virus Hits U.S. Military Base in Afghanistan

Tue, 2 Dec 2008 10:04:05 -0500
Anna Mulrine,
U.S. News & World Report,,
28 November 2008

Computer Virus Hits U.S. Military Base in Afghanistan

U.S. military officials speculate the cyber attack may have originated in China

KABUL - The largest U.S. military base in Afghanistan was hit by a computer virus earlier this month that affected nearly three quarters of the computers on the base, U.S. News has learned.

2008.11.26 - Industry News - Experts tackle guidance to stop cyberattacks

Mon, 1 Dec 2008 10:48:36 -0500
Mary Mosquera,
FCW.com,
26 November 2008

Experts tackle guidance to stop cyberattacks

A group of information security analysts in government and industry plans to publish guidance in six months to identify the most effective protections against the vulnerabilities most often exploited in cyberattacks, according to John Gilligan, president of the Gilligan Group and former chief information officer of the Air Force and Energy Department. He leads the effort.

2008.11.24 - Industry News - DoD confirms computer virus in networks

Tue, 25 Nov 2008 14:25:16 -0500
William H. McMichael and Bruce Rolfsen,
ArmyTimes.com,
24 November 2008

DoD confirms computer virus in networks

The Defense Department confirmed Friday that a virus has infected some of its computer networks but declined to identify the infection, say whether it was a direct attack on the networks or confirm published directives that ban the use of portable storage media such as thumb drives.

2008.11.24 - Industry News - IT czar could improve cyber security

Tue, 25 Nov 2008 14:25:15 -0500
William Jackson,
Government Computer News,
24 November 2008

IT czar could improve cyber security

When the Commission on Cyber Security for the 44th Presidency releases its recommendations for the President-elect Barack Obama next month, one of them will be that the issue be elevated to the White House and not left with the Homeland Security Department, which is the current lead.

2008.11.24 - Industry News - Making Cybersecurity More Attractive

Tue, 25 Nov 2008 14:25:07 -0500
William Mattews,
Defense News,
24 November 2008

Making Cybersecurity More Attractive

While American computer science majors study software development, network programming and system security, their counterparts at universities in China are learning techniques for cyber exploitation and attack.

2008.11.21 - Industry News - Details emerge about President’s Cyber Plan

Mon, 24 Nov 2008 11:24:55 -0500
Wyatt Kash,
Government Computer News,
21 November 2008

Details emerge about President’s Cyber Plan

A new layer of details surrounding President Bush’s Comprehensive National Cyber Security Initiative emerged from a speech delivered by a senior federal official in Washington yesterday.

2008.11.20 - Industry News - Network Security Breaches Plague NASA

Mon, 24 Nov 2008 11:24:53 -0500
Keith Epstein and Ben Elgin,
Business Week,
20 November 2008

Network Security Breaches Plague NASA

Repeated attacks from abroad on NASA computers and Web sites are causing consternation among officials and stirring national security concerns

2008.11.20 - Incidents - Pentagon Hit by Unprecedented Cyber Attack

Fri, 21 Nov 2008 10:43:15 -0500
FOX News
2008.11.20

Pentagon Hit by Unprecedented Cyber Attack

As a result of the cyber attack, the Defense Department has banned the use of external hardware devices throughout a vast network of military computers.

2008.11.19 - Industry News - Obama administration to inherit tough cybersecurity challenges

Thu, 20 Nov 2008 11:43:26 -0500
Jaikumar Vijayan,
Computer World,
19 November 2008

Obama administration to inherit tough cybersecurity challenges

There has been a 'fundamental ignorance' by the Bush administration on modern threats, says one expert.

2008.11.18 - Industry News - Industry group calls for cybersecurity partnership

Thu, 20 Nov 2008 11:37:37 -0500
Ben Bain,
FCW.com,
18 November 2008

Industry group calls for cybersecurity partnership

The market-based, voluntary approach that the Bush administration has used to encourage companies to improve cybersecurity is not sufficient and the incoming Obama administration should form a cybersecurity social contract with industry based on economic incentives, according to a new report by a trade association.

2008.11.18 - Industry News - Security industry calls on feds to invest in cybersecurity

Thu, 20 Nov 2008 11:31:32 -0500
NextGov,
18 November 2008

Security industry calls on feds to invest in cybersecurity

The Obama administration, with support from Congress, should give information technology companies financial incentives for improving cybersecurity defenses, including providing funding in research and development and shielding them from liability caused by cyberattacks, a group representing information security companies said on Tuesday.

2008.11.18 - Industry News - Security Predictions: Two Views on the Department of Homeland Security

Thu, 20 Nov 2008 11:29:33 -0500
Computer World,
18 November 2008

Security Predictions: Two Views on the Department of Homeland Security

Amit Yoran left DHS in September 2004, convinced the department had no clue on how to handle cybersecurity. Now he is feeling more hopeful.

2008.11.17 - Industry News - Electricity industry in a power struggle

Thu, 20 Nov 2008 11:25:44 -0500
Matthew Brown,
DenverPost.com,
17 November 2008

Electricity industry in a power struggle

GREAT FALLS, Mont. - As workers scramble to build an $800 million coal-fired power plant on a patch of farmland here, a crisis that began on faraway Wall Street threatens to stretch the nation's power supplies to the brink - driving up prices and laying the stage for future shortages.

2008.11.14 - Industry News - DHS seeks input on revised infrastructure protection plan

Mon, 17 Nov 2008 12:18:38 -0500
Ben Bain,
FCW.com,
14 November 2008

DHS seeks input on revised infrastructure protection plan

The Homeland Security Department is looking for public input as it prepares for next year's release of a revised version of the National Infrastructure Protection Plan (NIPP).

2008.11.13 - Industry News - Study: Critical Infrastructure Often Under Cyberattack

Fri, 14 Nov 2008 10:44:58 -0500
Robert McMillan,
CSO Online,
13 November 2008

Study: Critical Infrastructure Often Under Cyberattack

Computer systems that run the world's critical infrastructure are not as secure as they should be and insiders are mad.

2008.11.13 - Industry News - Chemical Sector Pursues Cyber Security

Fri, 14 Nov 2008 10:43:26 -0500
Wes Iversen,
Automation World,
13 November 2008

Chemical Sector Pursues Cyber Security

Six years after a chemical industry initiative in cyber security was launched involving just a few individuals, the program has expanded to involve participation by more than 30 major chemical companies, and the industry today is better prepared to fend off cyber attacks.

2008.11.11 - Industry News - Energy industry at risk of cyberattack, survey says

Wed, 12 Nov 2008 13:08:59 -0500
Elinor Mills,
CNET,
11 November 2008

Energy industry at risk of cyberattack, survey says

Asked which industry is the biggest target for cyberattack, critical infrastructure insiders in the U.S., Canada, and Europe point to the energy sector.

The energy industry also is the most vulnerable to cyberattacks and would have the most detrimental breach, while the financial sector is the best prepared in the case of a cyberattack, according to the survey sponsored by security firm Secure Computing. All other industries were deemed to be "not prepared" by greater than 50 percent of the respondents.

2008.11.10 - Industry News - Critical infrastructure security grim, study finds

Wed, 12 Nov 2008 12:05:04 -0500
Marcia Savage,
SearchSecurity.com,
10 November 2008

Critical infrastructure security grim, study finds

A recent study by Secure Computing Corp. paints a gloomy picture of cybersecurity readiness in critical infrastructure industries.

According to the study, which surveyed 199 security experts and industry representatives, most industries that make up the critical infrastructure are not prepared for cyberattacks. More than half of the respondents said that utilities, oil and gas, transportation, telecommunications, chemical, emergency services and postal/shipping sectors were not prepared.

2008.11.08 - Industry News - Inmate hacked prison network, broke into employee database

Mon, 10 Nov 2008 12:51:42 -0500
Dan Goodin,
The Register,
08 November 2008

Inmate hacked prison network, broke into employee database

A former prison inmate has been arrested and charged with hacking the facility's computer network, stealing personal details of more than 1,100 prison employees and making them available to fellow inmates.

2008.11.07 - Industry News - Defense Science Board warns of cyber problems

Mon, 10 Nov 2008 12:50:30 -0500
Alice Lipowicz,
FCW.com,
07 November 2008

Defense Science Board warns of cyber problems

The U.S. military’s dependence on sophisticated network-centric information technology has become its "Achilles heel," according to a new report from the Defense Science Board.

2008.11.07 - Incidents - Equipment failure sends raw sewage into Hempstead Bay

Mon, 10 Nov 2008 12:49:09 -0500
Jennifer Smith
Newsday.com,
2008.11.07

Equipment failure sends raw sewage into Hempstead Bay

An equipment failure early yesterday at Nassau County's Cedar Creek sewage treatment plant in Wantagh released 51,000 gallons of raw sewage, some of which spilled into East Hempstead Bay, where long-closed shellfish beds had been reopened recently.

2008.11.06 - Industry News - Chinese hack into White House network

Fri, 7 Nov 2008 12:20:43 -0500
Demetri Sevastopulo,
FT.com,
06 November 2008

Chinese hack into White House network

Chinese hackers have penetrated the White House computer network on multiple occasions, and obtained e-mails between government officials, a senior US official told the FT.

2008.11.06 - Industry News - Obama Urged to Take Immediate Cyber-security

Fri, 7 Nov 2008 12:19:13 -0500
Roy Mark,
Eweek.com,
06 November 2008

Obama Urged to Take Immediate Cyber-security

President-elect Barack Obama has promised to appoint a national cyber-security adviser. According to a report by the Defense Science Board, the cyber-security czar will inherit a civilian and military information infrastructure that is illprepared for advanced cyber-attacks, such as denial of service and malicious modification of information. The United States' vulnerability to cyber-attacks in space presents a particular challenge for the new leaders.

2008.11.06 - Industry News - Cyber-warfare 'the next battlefront,' experts say

Fri, 7 Nov 2008 11:22:28 -0500
Vito Pilieci,
Canada.com,
06 November 2008

Cyber-warfare 'the next battlefront,' experts say

North America needs to work fast if it is to protect itself from a new wave of cyber-warfare.

According to several Internet security experts meeting at the Casino du Lac-Leamy in Gatineau yesterday, terrorists are learning to hack and many countries are gathering people proficient in computer science to unleash lethal attacks on the communications systems of other countries.

2008.11.05 - Industry News - Cyber-crime Reportedly Touches Obama, McCain Campaigns

Fri, 7 Nov 2008 12:22:01 -0500
Brian Prince,
Eweek.com,
05 November 2008

Cyber-crime Reportedly Touches Obama, McCain Campaigns

Hackers targeted the presidential campaigns of Sen. Barack Obama and Sen. John McCain, says a report by Newsweek magazine. In addition, spammers are capitalizing on interest in Obama's victory to attempt to trick users into downloading malware.

2008.11.04 - Industry News - Power surge: SCADA industry must prep for attacks

Fri, 14 Nov 2008 10:41:49 -0500
Dan Kaplan,
SC Magazine,
04 November 2008

Power surge: SCADA industry must prep for attacks

Last fall, when a Department of Homeland Security-commissioned video depicted a turbine exploding in a test lab during a simulated hacker attack, viewers may have been expecting the credits to roll at the end.

But the film, produced by the Idaho National Laboratory and leaked to the Associated Press, was not dreamt up for a Hollywood soundstage. In fact, the footage was quite genuine, showing what could happen if a hacker gets control of a power company's network by exploiting a real-life vulnerability.

2008.11.04 - Industry News - Cyberattacks target U.K. national infrastructure

Thu, 6 Nov 2008 14:39:49 -0500
HS Daily Wire,
04 November 2008

Cyberattacks target U.K. national infrastructure

The computer systems of critical businesses in the United Kingdom, such as power companies and large financial institutions, are being repeatedly probed to steal information or uncover weaknesses that could take them down

2008.11.03 - Industry News - Partnering for Cyberspace Security

Mon, 3 Nov 2008 11:22:03 -0500
Walter Pincus,
Washington Post,
03 November 2008

Partnering for Cyberspace Security

In two recent speeches that have attracted little notice, Donald Kerr, principal deputy director of national intelligence, has called for a radical new relationship between government and the private sector to counter what he called the "malicious activity in cyberspace [that] is a growing threat to everyone."

2008.10.31 - Industry News - Cybersecurity panel places hill oversight on back burner

Thu, 6 Nov 2008 10:55:20 -0500
NextGov,
31 October 2008

Cybersecurity panel places hill oversight on back burner

An independent commission set up to make recommendations on improving national cybersecurity efforts will shy away from proposing any changes to congressional oversight, even though some experts believe an overhaul is needed.

2008.10.31 - Industry News - Air Force pursues Cyber Command again

Thu, 6 Nov 2008 10:54:43 -0500
NextGov,
31 October 2008

Cybersecurity panel places hill oversight on back burner

An independent commission set up to make recommendations on improving national cybersecurity efforts will shy away from proposing any changes to congressional oversight, even though some experts believe an overhaul is needed.

2008.10.28 - Incidents - Driver hits NIPSCO pole; surge fries sewage treatment plant

Thu, 30 Oct 2008 11:14:27 -0400
Kevin Nevers,
Chesterton Tribune,
2008.10.28

Driver hits NIPSCO pole; surge disables sewage treatment plant

When a motorist, at approximately 12:11 a.m. on Sunday, struck a NIPSCO pole on Woodlawn Ave. just west of North Eighth Street, he not only interrupted electric service to the Chesterton wastewater treatment plant, he caused a power surge which zapped into oblivion the whole of the plant’s automated computer system.

2008.10.28 - Industry News - Cyber advice for the next president

Wed, 29 Oct 2008 15:52:56 -0400
William Jackson,
Government Computer News,
28 October 2008

Cyber advice for the next president

A commission formed to offer advice on cybersecurity to the next president is nearing the completion of its work, and some of the recommendations are likely to conflict with elements of President Bush’s Cyber Initiative.

2008.10.22 - Industry News - Next president will need to make cybersecurity a priority, experts say

Mon, 27 Oct 2008 10:31:23 -0400
Jaikumar Vijayan,
Computerworld,
22 October 2008

Next president will need to make cybersecurity a priority, experts say

In an election season dominated by concerns over the economy and the war in Iraq, cybersecurity hasn't exactly been a top issue for the candidates or voters. But it's a topic the next administration will need to focus on -- and as a high priority, according to several tech industry representatives, including two former officials at the U.S. Department of Homeland Security (DHS) and a former White House cybersecurity czar.

2008.10.22 - Industry News - Risky behaviour still looms large

Thu, 23 Oct 2008 11:34:12 -0400
Shaun Nichols,
Vnunet.com,
21 October 2008

Risky behaviour still looms large

Many employees are continuing to behave in a way that puts company data at risk, according to a recent study.

2008.10.21 - Industry News - Report: Energy Companies Are Top Target of Web-Borne Malware

Thu, 23 Oct 2008 11:32:15 -0400
Dark Reading,
21 October 2008

Report: Energy Companies Are Top Target of Web-Borne Malware

Bad news for the energy industry: Energy companies worldwide have a nearly 200 percent rate of being hit with Web-borne malware attacks, according to a new report from ScanSafe.

2008.10.14 - Industry News - DHS study: CEOs need to do more for infrastructure security

Thu, 23 Oct 2008 11:31:04 -0400
Stephanie Condon,
CNET,
14 October 2008

DHS study: CEOs need to do more for infrastructure security

The government has made great strides working with private industry to secure the nation's critical infrastructure, an advisory board to the president and the U.S. Department of Homeland Security said Tuesday, but top executives in the private sector need to step up and do more.

2008.10.08 - Industry News - Chertoff urges caution on potential of new cybersecurity laws

Fri, 10 Oct 2008 11:33:17 -0400
Ben Ban,
FCW.com,
08 October 2008

Chertoff urges caution on potential of new cybersecurity laws

Policy-makers and Congress should “proceed in a measured way” as they consider passing new laws or granting new authorities aimed at improving cybersecurity, the head of the Homeland Security Department said Wednesday.

2008.10.07 - Industry News - Air Force pursues Cyber Command again

Wed, 8 Oct 2008 13:39:20 -0400
NextGov,
07 October 2008

Air Force pursues Cyber Command again

Top Air Force leadership has decided to pursue forming Cyber Command to defend Defense Department networks and to launch cyberattacks against foes after putting the project on hold in August.

2008.10.02 - Industry News - DHS: President’s Cyber Initiative paying off

Fri, 3 Oct 2008 17:24:27 -0400
William Jackson,
Government Computer News,
02 October 2008

DHS: President’s Cyber Initiative paying off

Assistant Homeland Security Secretary Greg Garcia kicked off the fifth annual National Cyber Security Awareness Month by saying that the government’s IT systems are safer this year than when he joined the department two years ago.

2008.10.02 - Industry News - NIST publishes security guidance for wireless links, industrial controls

Fri, 3 Oct 2008 17:23:09 -0400
William Jackson,
Government Computer News,
02 October 2008

NIST publishes security guidance for wireless links, industrial controls

The National Institute of Standards and Technology has released three information security documents in its 800 series of special publications; two final guidelines on information security assessment and Bluetooth security, and a draft of guidelines for security industrial control systems.

2008.10.01 - Industry News - Senate bill sets guidelines for cybersecurity center

Fri, 3 Oct 2008 17:21:57 -0400
Stephanie Condon,
CNET,
01 October 2008

Senate bill sets guidelines for cybersecurity center

A new authorization bill would give the White House more oversight of the Homeland Security Department's much-beleaguered cybersecurity efforts.

2008.09.29 - Industry News - U.S. urged to go on offense in cyberwar

Tue, 30 Sep 2008 11:10:50 -0400
Shaun Waterman,,
The Washington Times,
29 September 2008

U.S. urged to go on offense in cyberwar

The United States needs to do more to develop an offensive cyberwar capability rather than just focus on defending its networks from attack, says the chairman of the House cybersecurity subcommittee.

2008.09.25 - Industry News - World's electrical grids open to attack

Fri, 26 Sep 2008 12:26:46 -0400
Dan Goodin,
The Register,
25 September 2008

World's electrical grids open to attack

A serious vulnerability has been found in yet another computerized control system that runs some of the world's most critical infrastructure, this time in a product sold by a vendor known as the ABB Group.

2008.09.23 - Industry News - GAO report: U.S. needs to pep up cyber security efforts

Tue, 23 Sep 2008 15:06:20 -0400
ISA
23 September 2008

GAO report: U.S. needs to pep up cyber security efforts

The organization responsible for protecting the country from cyber attacks needs to develop a warning system that truly works, according to a Government Accountability Office (GAO) report.

2008.09.22 - Industry News - Homeland Security: Don't take away our cybersecurity responsibility

Tue, 23 Sep 2008 10:24:45 -0400
Stephanie Condon,
CNET,
22 September 2008

Homeland Security: Don't take away our cybersecurity responsibility

After a week of dealing with critics arguing that some agency other than the U.S. Department of Homeland Security should handle the nation's cybersecurity efforts, Homeland Security has come to its own defense.

2008.09.19 - Industry News - Energy's unclassified networks still open to cyberattack

Thu, 25 Sep 2008 13:16:26 -0400
NextGov,
19 September 2008

Energy's unclassified networks still open to cyberattack

The Energy Department has failed to implement cybersecurity measures, leaving its unclassified computer systems and data open to hackers and employees who may not have authorization to access certain files, according to an audit report released by the agency's inspector general.

2008.09.19 - Industry News - Cyber Attack Data-Sharing Is Lacking, Congress Told

Tue, 23 Sep 2008 10:24:43 -0400
Ellen Nakashima,
Washington Post,
19 September 2008

Cyber Attack Data-Sharing Is Lacking, Congress Told

U.S. intelligence agencies are unable to share information about foreign cyber attacks against companies for fear of jeopardizing intelligence-gathering sources and methods, cyber security expert Paul B. Kurtz told lawmakers yesterday.

2008.09.17 - Industry News - Critics: Homeland Security unprepared for cyberthreats

Wed, 17 Sep 2008 17:06:34 -0400
Stephanie Condon,
CNET,
17 September 2008

Critics: Homeland Security unprepared for cyberthreats

WASHINGTON--When politicians got together six years ago and decided to glue together a medley of federal agencies to create the U.S. Department of Homeland Security, one of the justifications was a better focus on cybersecurity.

2008.09.16 - Industry News - Government elaborates, slightly, on cybersecurity plan

Tue, 16 Sep 2008 13:38:38 -0400
Stephanie Condon,
CNET,
16 September 2008

Government elaborates, slightly, on cybersecurity plan

After ducking questions this year from both Congress and the private sector about its National Cyber Security Initiative, the Department of Homeland Security finally revealed a little more on Monday.

2008.09.15 - Industry News - Cybersecurity is crucial to protecting nation's water supply, official says

Wed, 17 Sep 2008 17:09:11 -0400
Gautham Nagesh,
Government Executive,
15 September 2008

Cybersecurity is crucial to protecting nation's water supply, official says

The greater use of computer systems to monitor and control the U.S. water supply has increased the importance of cybersecurity to protect the country's utilities, a top official for a large water company said on Monday.

2008.09.15 - Industry News - Homeland Security to direct cybersecurity initiative

Wed, 17 Sep 2008 17:07:32 -0400
NextGov,
15 September 2008

Homeland Security to direct cybersecurity initiative

The Homeland Security Department will lead President Bush's largely classified governmentwide cybersecurity initiative, an agency official said on Monday morning.

2008.09.15 - Industry News - U.S. Cybersecurity Is Weak, GAO Says

Tue, 16 Sep 2008 13:37:11 -0400
Keith Epstein,
Business Week,
15 September 2008

U.S. Cybersecurity Is Weak, GAO Says

The Government Accountability Office says the team responsible for protecting private- and public-sector computers isn't up to snuff

The federal government cybersecurity team with primary responsibility for protecting the computer networks of government and private enterprise isn't up to the job, according to a draft Government Accountability Office report obtained by BusinessWeek.

2008.09.15 - Industry News - Lawmakers Warned of Threats to the Grid

Tue, 16 Sep 2008 13:34:57 -0400
Kenneth Corbin,
Enterprise IT Planet,
15 September 2008

Lawmakers Warned of Threats to the Grid

Government and private sector executives pointed to [last week's] anniversary of the Sept. 11 terrorist attacks to warn lawmakers about protecting a critical piece of the nation's infrastructure: its electricity grid.

2008.09.12 - Industry News - Hackers break into Large Hadron Collider computer

Mon, 15 Sep 2008 15:49:46 -0400
Elinor Mills,
CNET,
12 September 2008

Hackers break into Large Hadron Collider computer

Hackers broke into a computer system at CERN's Large Hadron Collider, targeting a system that was "one step away" from a control computer, but otherwise appear to have done no major damage, according to a report on Friday in the British newspaper The Telegraph.

2008.09.12 - Industry News - 'Cybersecurity' worries spur Congress to rethink electrical grid

Fri, 12 Sep 2008 11:21:01 -0400
Stephanie Condon,
CNET,
12 September 2008

'Cybersecurity' worries spur Congress to rethink electrical grid

WASHINGTON--The potential for "cybersecurity" attacks on the United State's electric power grids has spurred politicians to consider legislation to broaden federal authority over electric companies.

Congress already has been consulting with federal agencies and industry associations over how to craft such legislation. On Thursday, legislators sought further input at a hearing before the House Energy and Commerce's subcommittee on energy and air quality.

2008.09.11 - Industry News - Power grid vulnerable to cyberattacks, committee told

Fri, 12 Sep 2008 14:12:04 -0400
Juliana Gruenwald,
Government Executive,
11 September 2008

Power grid vulnerable to cyberattacks, committee told

A House Energy and Commerce subcommittee is aiming to take up legislation next week that would provide the Federal Energy Regulatory Commission with additional authority to help protect the nation's power grid from a cyberattack.

2008.09.11 - Industry News - San Francisco hunts for mystery device on city network

Fri, 12 Sep 2008 11:21:00 -0400
Robert McMillan,
Computer World,
11 September 2008

San Francisco hunts for mystery device on city network

September 11, 2008 (IDG News Service) With costs related to an alleged rogue network administrator's hijacking of the city's network now estimated at $1 million, San Francisco officials say they are searching for a mysterious networking device hidden somewhere on the network.

2008.09.10 - Industry News - Computer threat for industrial systems now more serious

Thu, 11 Sep 2008 13:32:19 -0400
Robert McMillan,
Network World,
10 September 2008

Computer threat for industrial systems now more serious

A security researcher has published code that could be used to take control of computers used to manage industrial machinery, potentially giving hackers a back door into utility companies, water plants and even oil and gas refineries.

2008.09.09 - Industry News - Water sector is first critical infrastructure to measure security

Wed, 10 Sep 2008 10:28:59 -0400
Water Business Wire,
09 September 2008

Water sector is first critical infrastructure to measure security

There are eighteen industries or market segments defined by the U.S. government as critical infrastructure; the water utilities sector is the first to measure security progress under the U.S. Infrastructure Protection Plan

2008.09.08 - Industry News - Attack code released for SCADA software vulnerability

Tue, 9 Sep 2008 14:32:41 -0400
Dan Kaplan,
SC Magazine,
08 September 2008

Attack code released for SCADA software vulnerability

Security researcher Kevin Finisterre has created an exploit that takes advantage of a serious vulnerability reported earlier this summer in widely deployed industrial process control software.

2008.09.03 - Industry News - Securing the Grid

Tue, 9 Sep 2008 14:34:38 -0400
Ken Silverstein,
EnergyBiz Insider,
03 September 2008

Securing the Grid

The public may be aware of increased efforts to beef up grid reliability, but it isn't focused on the work being done to secure the bulk power system from cyber attacks.

2008.09.02 - Industry News - FBI Reaches Out to SCADA Users

Thu, 4 Sep 2008 12:20:40 -0400
Wes Iversen,,
Automation Times,
02 September 2008

FBI Reaches Out to SCADA Users

If a cyber security incident occurs at your plant, the Federal Bureau of Investigation would like to hear from you.

If a serious cyber security incident occurred in your plant, would you call in the FBI to investigate?

The Bureau certainly hopes that you would. To encourage such actions, the FBI is taking steps not only to strengthen its agents’ understanding of control system technology, but also to build stronger bridges to the control systems community.

2008.09.01 - Industry News - Infrastructure Security: Securing SCADA

Fri, 12 Sep 2008 11:19:08 -0400
Phil Leggiere,,
Homeland Security Today,
01 September 2008

Infrastructure Security: Securing SCADA

For too long, the software running America’s critical facilities has been known to be vulnerable to tampering. Now engineers and officials are doing something about it.

2008.08.26 - Industry News - Public, private sectors at odds over cyber security

Wed, 27 Aug 2008 10:30:34 -0400
Joseph Menn,
Las Angeles Times,
26 August 2008

Public, private sectors at odds over cyber security

Three very big and very different computer security breaches that have dominated recent headlines did more than show how badly the Internet needs major repairs. They also exposed the huge rift between corporate America and the federal government over who should fix it, cyber-security experts say.

2008.08.26 - Incidents - FAA computer glitch causes nationwide flight delays

Wed, 27 Aug 2008 10:30:32 -0400
Harry R. Weber,,
USA Today,
26 August 2008

FAA computer glitch causes nationwide flight delays

ATLANTA - The Federal Aviation Administration said Tuesday that a communication failure at a Georgia facility that processes flight plans for the eastern half of the U.S. was causing flight delays around the country.

2008.08.26 - Industry News - Utilities are Taking Cyber Security Seriously

Tue, 26 Aug 2008 15:28:50 -0400
Chris Posey ,
Power Engineering,
26 August 2008

Utilities are Taking Cyber Security Seriously

The North American Electric Reliability Council (NERC), having recognized potential threats to the energy infrastructure both virtual and material, established the critical infrastructure protection (CIP) program to address issues of online and network security within the power generation industry, as well as physical/structural challenges common to the industry.

2008.08.26 - Industry News - Minister warns of national grid hack threat

Tue, 26 Aug 2008 15:27:35 -0400
John Leyden ,
The Register,
26 August 2008

Minister warns of national grid hack threat

A UK government minister has warned that cyber-terrorists were attempting to take out the national grid.

2008.08.23 - Industry News - Thousands of cyber attacks each day on key utilities

Mon, 25 Aug 2008 13:06:56 -0400
Jonathan Richards ,
Times Online,
23 August 2008

Thousands of cyber attacks each day on key utilities

Computer networks controlling electricity supplies, telecommunications and banking are being attacked thousands of times a day in a new cyberwar against Britain waged by criminals and terrorists - some of them backed by foreign states - the Government has said.

2008.08.21 - Industry News - General: Cyber, arctic threats await president

Thu, 21 Aug 2008 15:36:41 -0400
John T. Bennett,
Air Force Times,
21 August 2008

General: Cyber, arctic threats await president

The next U.S. president will inherit ever-growing threats in cyberspace and the Arctic region, meaning the new commander-in-chief likely will be forced to craft an unprecedented collection of new security policies, a top military official said.

2008.08.21 - Industry News - Brits blast TCP/IP security

Thu, 21 Aug 2008 15:36:39 -0400
Shaun Nichols,
VNUNET.com,
21 August 2008

Brits blast TCP/IP security

A report from a top UK government defence body is calling into question the security of the basic internet protocol.

2008.08.20 - Incidents - FEMA phones hacked; calls made to Mideast, Asia

Thu, 21 Aug 2008 15:35:17 -0400
Eileen Sullivan,
MSNBC,
20 August 2008

FEMA phones hacked; calls made to Mideast, Asia

WASHINGTON - A hacker broke into a Homeland Security Department telephone system over the weekend and racked up about $12,000 in calls to the Middle East and Asia.

2008.08.18 - Industry News - U.S. at risk of cyberattacks, experts say

Mon, 18 Aug 2008 11:21:19 -0400
Brandon Griggs,
CNN,
18 August 2008

U.S. at risk of cyberattacks, experts say

(CNN) -- The next large-scale military or terrorist attack on the United States, if and when it happens, may not involve airplanes or bombs or even intruders breaching American borders.

2008.08.15 - Industry News - Energy told to tighten cybersecurity policies

Mon, 18 Aug 2008 17:34:01 -0400
Nextgov,
15 August 2008

Energy told to tighten cybersecurity policies

The Energy Department's inspector general on Thursday released an audit of the department's certification and accreditation procedures for national security information systems that revealed a number of potentially serious weaknesses.

2008.08.15 - Industry News - Court tells students to disclose hacker secrets in T case

Fri, 15 Aug 2008 12:19:50 -0400
Maddie Hanna,
The Boston Globe,
15 August 2008

Court tells students to disclose hacker secrets in T case

A federal judge yesterday refused to lift an order prohibiting three MIT students from publicly talking about how they allegedly hacked into the MBTA's automated ticketing system. However, he did order the trio to privately provide more information to the court about the security flaws they say they have uncovered.

2008.08.13 - Industry News - Before the Gunfire, Cyberattacks

Thu, 14 Aug 2008 10:46:25 -0400
John Markoff,
The New York Times,
13 August 2008

Before the Gunfire, Cyberattacks

Weeks before bombs started falling on Georgia, a security researcher in suburban Massachusetts was watching an attack against the country in cyberspace.

2008.08.12 - Industry News - U.S. power grid in better shape 5 years after blackout

Thu, 14 Aug 2008 10:45:06 -0400
Paul Davidson,
USA Today,
12 August 2008

U.S. power grid in better shape 5 years after blackout

Five years after the worst blackout in U.S. history, the nation's electrical system is far better equipped to prevent another big outage, but significant shortcomings remain, federal officials, grid operators and consultants agree.

2008.08.12 - Industry News - Air Force suspends Cyber Command program

Thu, 14 Aug 2008 10:05:46 -0400
Nextgov,
12 August 2008

Air Force suspends Cyber Command program

The Air Force on Monday suspended all efforts related to development of a program to become the dominant service in cyberspace, according to knowledgeable sources. Top Air Force officials put a halt to all activities related to the establishment of the Cyber Command, a provisional unit that is currently part of the 8th Air Force at Barksdale Air Force Base in Louisiana, sources told Nextgov.

2008.08.12 - Industry News - Estonia, Poland help Georgia fight cyberattacks

Tue, 12 Aug 2008 14:59:00 -0400
Jeremy Kirk,
Computer World,
12 August 2008

Estonia, Poland help Georgia fight cyberattacks

In an intriguing cyberalliance, two Estonian computer experts are scheduled to arrive in Georgia by evening to keep the country's networks running amid an intense military confrontation with Russia.

2008.08.11 - Industry News - MIT Students Ordered to Halt Report on Hacking Subway System

Tue, 12 Aug 2008 09:51:54 -0400
Associated Press,
The Wall Street Journal,
11 August 2008

MIT Students Ordered to Halt Report on Hacking Subway System

LAS VEGAS -- A federal judge ordered three college students to cancel a Sunday presentation at a computer hackers' conference where they planned to show security flaws in the automated fare system used by the Boston area's subway system.

2008.08.11 - Industry News - Cyberattacks knock out Georgia's Internet presence

Mon, 11 Aug 2008 09:50:01 -0400
Gregg Keizer
Computer World,
11 August 2008

Cyberattacks knock out Georgia's Internet presence

Hackers, perhaps affiliated with a well-known Russian criminal network, have attacked and hijacked Web sites belonging to Georgia, the former Soviet republic now in the fourth day of war with Russia, a security researcher claimed on Sunday. Some Georgian government and commercial sites are unavailable,

2008.06.26 - Incidents - Hacker illegally activates Brunswick emergency sirens

Fri, 8 Aug 2008 15:43:58 -0400
Terry Oblander,
Cleveland.com,
07 August 2008

Hacker illegally activates Brunswick emergency sirens

Brunswick -- A hacker armed with radio codes set off emergency sirens in Brunswick early Wednesday. If the blasts didn't wake the city's 35,000 residents, follow-up phone calls to residences probably did the trick.

2008.08.08 - Industry News - Hackers' attacks on U.S. government systems are frequent, serious

Fri, 8 Aug 2008 15:42:57 -0400
HS Daily Wire,
08 August 2008

Hackers' attacks on U.S. government systems are frequent, serious

U.S. government computer systems under frequent and serious attacks by other governments and organizations; James Finch, assistant director of the FBI's cybercrime division: "We're not worried so much about the noisy attacks as we are about the quiet ones"

2008.08.08 - Industry News - DHS: Networking security worth the money

Fri, 8 Aug 2008 15:41:20 -0400
Robert McMillan,
Computer World,
08 August 2008

DHS: Networking security worth the money

When it comes to investing in computer security, the U.S. federal government could get a good return on investment by shoring up its networking protocols, according to the man who's been hired to coordinate computer security between federal agencies.

2008.07.29 - Industry News - Cyber losses cost companies $637,000 a year: study

Wed, 30 Jul 2008 16:32:29 -0400
John T. Bennett,
The Canadian Press,
29 July 2008

Cyber losses cost companies $637,000 a year: study

TORONTO - Information technology security breaches cost the average publicly traded Canadian company $637,000 a year, says a new study by the University of Toronto's business school.

2008.07.29 - Industry News - House intel panel ‘conditionally supports’ cyber effort

Wed, 30 Jul 2008 16:25:01 -0400
John T. Bennett,
C4ISR Journal,
29 July 2008

House intel panel ‘conditionally supports’ cyber effort

A powerful House panel has given its 'conditional support' to President Bush’s new unprecedented cyber security initiative, despite its concerns about cost and government-industry collaboration.

2008.07.28 - Industry News - Frankly Speaking: Any single point of failure in IT is a big problem

Mon, 28 Jul 2008 14:01:49 -0400
Frank Hayes,
Computer World,
28 July 2008

Frankly Speaking: Any single point of failure in IT is a big problem

Single point of failure. That's the right term for talking about the mess in San Francisco, where last week the city government finally regained control of its backbone network. Terry Childs, the net admin jailed for locking down administrative access, turned over the passwords during a secret visit from Mayor Gavin Newsom.

2008.07.23 - Industry News - Internal security threats multiply

Thu, 24 Jul 2008 14:41:40 -0400
William Jackson,
Government Computer News,
23 July 2008

Internal security threats multiply

An evaluation of more than 100,000 endpoint devices at private-sector enterprises showed that significant numbers were missing essential software such as antivirus or security patches and were using unauthorized applications such as file sharing and remote control software.

2008.07.21 - Industry News - Cybersecurity Will Take A Big Bite of the Budget

Mon, 21 Jul 2008 15:07:41 -0400
Walter Pincus,
WashingtonPost.com,
21 July 2008

Cybersecurity Will Take A Big Bite of the Budget

President Bush's single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence.

2008.07.17 - Industry News - Electrical infrastructure faces crisis, experts say

Mon, 21 Jul 2008 09:46:52 -0400
Edward Marshall,
The Journal,
17 July 2008

Electrical infrastructure faces crisis, experts say

SHEPHERDSTOWN - Experts said this week that the infrastructure that provides electricity to homes and businesses throughout the country is nearing the breaking point because of increased energy demands - and it remains vulnerable to cyber and terrorist attacks.

2008.07.15 - Industry News - NERC CEO announces plan to improve response to cyber security and CIP

Thu, 17 Jul 2008 09:51:16 -0400
Utility Automation & Engineering T&D and Electric Light & Power,
15 July 2008

NERC CEO announces plan to improve response to cyber security and CIP

Princeton, NJ, July 15, 2008 -- Rick Sergel, president and CEO of the North American Electric Reliability Corporation (NERC), recently announced the organization's plans to improve its response to cyber security and critical infrastructure protection (CIP) concerns for the bulk power system in North America. Revealed to NERC's board of trustees and stakeholders in a letter last week, the plan outlines six specific actions that will lay the foundation for improving grid reliability by enabling faster and more effective action to protect critical assets from cyber or physical threats.

2008.07.14 - Industry News - S.F. officials locked out of computer network

Wed, 16 Jul 2008 10:07:33 -0400
Jaxon Van Derbeken,
SFGate.com,
14 July 2008

S.F. officials locked out of computer network

A disgruntled city computer engineer has virtually commandeered San Francisco's new multimilliondollar computer network, altering it to deny access to top administrators even as he sits in jail on $5 million bail, authorities said Monday.

2008.07.14 - Industry News - Unpatched Windows PCs fall to hackers in under 5 minutes, says ISC

Wed, 16 Jul 2008 10:05:27 -0400
Gregg Keizer,
Computerworld,
14 July 2008

Unpatched Windows PCs fall to hackers in under 5 minutes, says ISC

July 14, 2008 (Computerworld) It takes less than five minutes for hackers to find and compromise an unpatched Windows PC after it's connected to the Internet, a security researcher said today.

The SANS Institute's Internet Storm Center (ISC) currently estimates the "survival" time of an Internetconnected computer running Windows at around four minutes if it's not equipped with the latest Microsoft Corp. security patches, said Lorna Hutcheson, a researcher and analyst, in a post to the ISC blog.

2008.06.26 - Industry News - Grid agency issues advisories after Feb. blackout

Mon, 30 Jun 2008 09:48:53 -0400
Reuters,
26 June 2008

Grid agency issues advisories after Feb. blackout

HOUSTON, June 26 (Reuters) - The North American electric grid watchdog issued three advisories on Thursday to urge utilities to take steps to avoid a repeat of events that ballooned into a four-hour blackout in Florida in February.

2008.06.26 - Incidents - Computer stops city, and that's the fifth time

Fri, 27 Jun 2008 16:48:16 -0400
Linton Besser and Alexandra Smith,
Sydney Morning Herald,
26 JUNE 2008

Computer stops city, and that's the fifth time

A COMPUTER failure in the M5 East tunnel yesterday left tens of thousands of motorists trapped in a traffic snarl that locked up Sydney - the fifth time such a malfunction has shut the vital artery.

2008.06.26 - Industry News - Committees approve more money for cybersecurity

Fri, 27 Jun 2008 16:48:18 -0400
Ben Bain,
FCW.com,
26 June 2008

Committees approve more money for cybersecurity

The House and Senate Appropriations committees have approved different measures to fund the Homeland Security Department in fiscal 2009, and each would provide more money for cybersecurity than the Bush administration requested.

2008.06.13 - Industry News - Disgruntled admin gets 63 months for massive data deletion

Mon, 16 Jun 2008 10:04:59 -0400
Dan Goodin,
The Register,
13 June 2008

Disgruntled admin gets 63 months for massive data deletion

An IT manager who sought revenge for an unfavorable job evaluation was sentenced to more than five years in federal prison after being convicted of intentionally triggering a massive data collapse on his former employer's computer network.

2008.06.12 - Industry News - EU States Extend Life of Internet Security Body

Fri, 13 Jun 2008 14:21:26 -0400
Reuters,
12 June 2008

EU States Extend Life of Internet Security Body

Telecom ministers agree to extend the life of the European Network and Information Security Agency by three years as threats to the Web increase.

LUXEMBOURG (Reuters) - European Union telecoms ministers agreed on Thursday to extend the life of the bloc's Internet security watchdog by three years as threats to the Web increase.

2008.06.11 - Industry News - New York nuclear plant shutdown triggered by digital camera

Fri, 13 Jun 2008 14:21:24 -0400
Newsday,
11 June 2008

New York nuclear plant shutdown triggered by digital camera

BUCHANAN, N.Y. (AP) _ An emergency shutdown of a reactor at the Indian Point nuclear power plant was caused by signals from a worker's digital camera, a newspaper reported Wednesday.

2008.06.11 - Industry News - Chinese hacking threatens U.S. critical infrastructure

Wed, 11 Jun 2008 11:00:01 -0400
Business Wire,
11 June 2008

Core Security Technologies Discovers Critical Vulnerability in SCADA Software from Citect

BOSTON--(BUSINESS WIRE)--Core Security Technologies, makers of CORE IMPACT, the world’s most comprehensive enterprise security assurance testing software, today issued an advisory disclosing a vulnerability that could severely impact organizations relying on Citect’s flagship industrial process control software, CitectSCADA. This discovery indicates that thousands of companies using Citect’s SCADA systems could unknowingly be exposing critical industrial processes and assets that they otherwise sought to protect if they do not immediately move to apply the vendor-provided patch, or other suggested workarounds for the vulnerability issued by the software maker.

2008.06.05 - Incidents - Cyber Incident Blamed for Nuclear Power Plant Shutdown

Thu, 5 Jun 2008 15:26:58 -0400
Brian Krebs,
Washington Post,
05 JUNE 2008

Cyber Incident Blamed for Nuclear Power Plant Shutdown

A nuclear power plant in Georgia was recently forced into an emergency shutdown for 48 hours after a software update was installed on a single computer.

2008.06.02 - Industry News - Chinese hacking threatens U.S. critical infrastructure

Wed, 4 Jun 2008 18:03:28 -0400
Homeland Security Daily Wire,
02 June 2008

Chinese hacking threatens U.S. critical infrastructure

U.S. government networks, and the computer systems of U.S. and Western European companies, are under broad and systemic Chinese hacking campaign; in the case of private Western companies, China steals industrial secrets and patent information in order to hasten its rise to a position of global economic hegemony; in the case of U.S. critical infrastructure -- for example, control of electric power stations, several of which Chinese hackers have managed to disable -- China may be preparing for more sinister contingencies.

2008.05.30 - Company News - Industrial Defender Continues to Enable Process Control and SCADA Cyber Security

Fri, 30 May 2008 09:25:12 -0400
Press Release,
Industrial Defender, Inc. ,
30 May 2008
FOXBOROUGH, Mass., May 30, 2008 - Industrial Defender, Inc., the global leader in Cyber Risk Protection(TM) , today announced that its Industrial Defender Enabled Partner Program is experiencing increased global traction, signing industry-leading partners Bow Networks, GarrettCom Inc., Innominate Security Technologies AG, and Teltone Corporation. The Industrial Defender Enabled Partner Program allows technology providers focused on the industrial control systems and SCADA market to collaborate on enhancing their technology offerings, providing end customers with comprehensive integrated cyber security solutions.

2008.05.30 - Industry News - Cybercrime keeps Canadians on their toes

Fri, 30 May 2008 09:23:31 -0400
Tom Keenan,
Business Edge
30 May 2008

Cybercrime keeps Canadians on their toes

Just-released studies show that Canadians are more likely to be victims of cybercrime than street violence, and that we're bigger software pirates than our American cousins.

2008.05.29 - Industry News - Chinese hackers pose serious danger to U.S. computer networks

Fri, 30 May 2008 12:25:56 -0400
Shane Harris,
GovernmentExecutive.com,
29 May 2008

Chinese hackers pose serious danger to U.S. computer networks

Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts.

2008.05.23 - Industry News - Physical device recognition to the rescue

Tue, 27 May 2008 09:54:53 -0400
Wilson P. Dizard III,
Government Computer News,
23 May 2008

Physical device recognition to the rescue

Hardware fingerprinting technology migrates from fighting software piracy to shielding infrastructure

2008.05.21 - Industry News - Experts warn of cyberterrorism threat

Thu, 22 May 2008 10:02:20 -0400
Julia Zappei,
Associated Press,
21 May 2008

Experts warn of cyberterrorism threat

KUALA LUMPUR, Malaysia (AP) — Officials from around the world agree they must cooperate better to fight the threat of cyberterrorism at facilities such as nuclear power plants.

2008.05.19 - Industry News - Cost of cybersecurity initiative to triple, panel reports

Tue, 20 May 2008 09:40:53 -0400
Bob Brewin,
Nextgov,
19 May 2008

Cost of cybersecurity initiative to triple, panel reports

The Bush administration’s proposal to defend government networks against cyberattacks will cost $17 billion, nearly three times original estimates, and is so secret that it cuts the public out of the debate on the program, according to a Senate report.

2008.05.19 - Industry News - ELECTRICITY: Cybersecurity standards under review

Mon, 19 May 2008 17:38:36 -0400
Katherine Ling,
Environment & Energy Daily,
19 May 2008

ELECTRICITY: Cybersecurity standards under review

A House Homeland Security subcommittee will receive an update this week on new security measures to protect the nation's bulk power system from cyber attacks.

2008.05.19 - Industry News - More Transparency Needed in Cybersecurity Initiative

Mon, 19 May 2008 13:49:19 -0400
Phil Leggiere,
HS Today,
19 May 2008

More Transparency Needed in Cybersecurity Initiative

Senate committee report cites problems with excessive secrecy and lack of mission goal specificity in cybersecurity initiative.

With much fanfare Michael Chertoff in a widely noted speech to the top tier of security professionals attending the RSA security conference last month announced an ambitious Department of Homeland Security (DHS) initiative called the National Cybersecurity Center to secure federal government networks and critical information systems from attacks and intrusions. DHS’s center is to be a core component of the larger government wide National Cybersecurity Initiative announced by the Bush administration, which prominently includes, in addition to DHS, the National Security Agency (NSA).

2008.05.14 - Industry News - NATO allies sign agreement on cyber defense center

Wed, 14 May 2008 17:14:08 -0400
The Associated Press,
14 May 2008

NATO allies sign agreement on cyber defense center
BRUSSELS, Belgium: Seven NATO allies signed a deal Wednesday to fund a research center to boost the alliance's defenses against cyber attacks, seen as a growing threat to military and civilian computer networks.

2008.05.08 - Industry News - Hundreds of U.K. critical infrastructure facilities at flood risk

Fri, 9 May 2008 10:29:41 -0400
Homeland Security Daily Wire,
08 May 2008

Hundreds of U.K. critical infrastructure facilities at flood risk
A study triggered by last summer’s deadly U.K. floods concludes that hundreds of U.K. power substations and water treatment plants are at risk from flooding, thus compounding and exacerbating the consequences of natural disasters.

2008.05.08 - Industry News - Rare SCADA bug poses power plant risk

Fri, 9 May 2008 10:27:08 -0400
John Leyden,
The Register,
08 May 2008

Rare SCADA bug poses power plant risk
Security watchers warn of a rare vulnerability involving software used to control industrial systems. A denial of service vulnerability in monitoring software from Invensys poses a severe risk to the factories and utilities running its Wonderware subsidiary's InTouch SuiteLink application.

2008.05.08 - Industry News - Hundreds of U.K. critical infrastructure facilities at flood risk

Fri, 9 May 2008 10:20:50 -0400
Homeland Security Daily Wire,
08 May 2008

Hundreds of U.K. critical infrastructure facilities at flood risk
A study triggered by last summer’s deadly U.K. floods concludes that hundreds of U.K. power substations and water treatment plants are at risk from flooding, thus compounding and exacerbating the consequences of natural disasters.

2008.05.05 - Industry News -Defense, intelligence could take major role in cyber defense

Tue, 6 May 2008 11:16:06 -0400
Bob Brewin ,
nextgov.com,
05 May 2008

Defense, intelligence could take major role in cyber defense
The Bush administration this week could release its ambitious plan to defend government networks from cyberattacks, but recent news reports and a February 2008 budget supplement indicates that the Defense Department and intelligence agencies could lead the effort.

2008.05.05 - Industry News -DHS cybersecurity strategy draws fire

Tue, 6 May 2008 11:16:05 -0400
Alice Lipowicz,
FCW.com,
05 May 2008

DHS cybersecurity strategy draws fire
The Homeland Security Department’s ambitious cybersecurity initiative might be relying too much on contractors and might not be providing enough information to the public, according to two key senators.

2008.05.02 - Industry News -Lieberman and Collins Step Up Scrutiny of Cyber Security Initiative

Tue, 6 May 2008 10:18:47 -0400
Press Release,
Senate Committee on Homeland Security and Governmental Affairs,
02 May 2008

Lieberman and Collins Step Up Scrutiny of Cyber Security Initiative
Secrecy, Overuse of Contractors, Role of Private Sector at Stake
WASHINGTON - Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, ID-Conn., and Ranking Member Susan Collins, R-Me., are seeking detailed explanations from the Department of Homeland Security regarding a new initiative to secure federal information technology systems.

2008.04.30 - Industry News -The Art of Cyber Warfare, Part 2: Digital Defense

Thu, 1 May 2008 16:55:18 -0400
Jack Germain,
E-Commerce Times,
30 April 2008

The Art of Cyber Warfare, Part 2: Digital Defense
Cyber warfare is a sort of irregular warfare, a strategy usually employed by underdogs fighting a stronger enemy. Cyber attack tactics, however, are sometimes backed by strong forces. To defend against such an attack, exercises like Cyber Storm involve wide stretches of both public and private sectors of American infrastructure.

2008.04.29 - Industry News -The Art of Cyber Warfare, Part 1: The Digital Battlefield

Thu, 1 May 2008 16:51:48 -0400
Jack Germain,
E-Commerce Times,
29 April 2008

The Art of Cyber Warfare, Part 1: The Digital Battlefield
Computer network attacks are often perpetrated by gangs of criminal hackers attempting to break into a system for financial gain. However, cyber attacks for political purposes could just as easily be -- and sometimes are -- perpetrated. A country's national security could be severely threatened should a team of hackers successfully crack certain computer systems.

2008.04.28 - Industry News -Homeland security's cyber eyes

Thu, 1 May 2008 16:47:58 -0400
Alan Joch,
FCW,
28 April 2008

Homeland security's cyber eyes
Security experts roll out new techniques to try to keep up with today’s stealthy, transnational cyberattacks

When it comes to hacking and cyber espionage, few targets are as popular as the U.S. government. According to the U.S. Computer Emergency Readiness Team, federal agencies reported 12,986 cyberattacks in 2007 compared with 3,569 two years earlier.

2008.04.28 - Industry News -Cybersecurity’s new world order

Thu, 1 May 2008 16:44:08 -0400
Ben Bain,
FCW,
28 April 2008

Cybersecurity’s new world order
A year after massive cyberattacks virtually shut down Internet operations in Estonia, government officials here and abroad are still learning to adapt to a world in which technology, diplomacy and defense converge.

2008.04.28 - Industry News -Experts struggle with cybersecurity agenda

Thu, 1 May 2008 16:42:52 -0400
William Jackson,
Government Computer News,
28 April 2008

Experts struggle with cybersecurity agenda
Whoever becomes our next president will inherit a cyber infrastructure under almost constant attack and at greater risk than eight years ago, and a handful of experts and legislators have come together to ensure that cybersecurity has a high priority in his or her administration.

2008.04.25 - Industry News -DHS moves to ramp up cybersecurity in federal agencies

Tue, 29 Apr 2008 09:52:18 -0400
Chris Strohm,
GovernmentExecutive.com,
25 April 2008

DHS moves to ramp up cybersecurity in federal agencies
The Homeland Security Department plans to complete an analysis in about 45 days to determine which U.S. government computer networks are most vulnerable to cyberattacks, with the intention of deploying 50 new intrusion detection systems to federal agencies by the end of the year, a top U.S. cybersecurity official said Friday.

2008.04.25 - Industry News -Cyber-Attacks and Cyber-Disasters: Are You Prepared?

Fri, 25 Apr 2008 10:30:07 -0400
Kevin Coleman,
TechNewsWorld,
25 April 2008

Cyber-Attacks and Cyber-Disasters: Are You Prepared?
In 2007, a denial-of-service attack was launched every 53 minutes. Earlier this year, the loss of an undersea cable resulted to the loss of Internet service for entire regions. Businesses that rely to any measure on the Web must secure their businesses against the possibility of large-scale cyber-attacks and disasters, writes strategic management consultant Kevin Coleman.

2008.04.24 - Industry News -Critical infrastructure central to cyber threat

Fri, 25 Apr 2008 10:28:31 -0400
Ben Bain ,
FCW.com,
24 April 2008

Critical infrastructure central to cyber threat
The United States is increasingly vulnerable to cyberattacks that could have catastrophic effects on critical physical infrastructure, and severely damage the country’s economic, military and strategic interests, cybersecurity specialists said today.

2008.04.17 - Industry News -Beware the insider security threat

Thu, 17 Apr 2008 14:32:57 -0400
Andy McCue,
Silicon.com,
17 April 2008

Beware the insider security threat
Employees and insiders are bigger threats to corporate security than external threats such as denial of service attacks or malware.

2008.04.17 - Industry News -S'pore pledges US$52M against cyber threats

Thu, 17 Apr 2008 14:31:49 -0400
Vivian Yeo ,
ZDNet Asia,
17 April 2008

S'pore pledges US$52M against cyber threats

SINGAPORE--The government today announced it will pump S$70 million (US$51.6 million) over the next five years to boost its cyber defenses and guard against emerging threats.

2008.04.17 - Industry News -Security experts split on "cyberterrorism" threat

Thu, 17 Apr 2008 14:30:36 -0400
Mark Trevelyan,
Reuters,
17 April 2008

Security experts split on "cyberterrorism" threat

LONDON (Reuters) - International experts called on Wednesday for greater cooperation to fight threats to computer networks but they differed on the definition of cyberterrorism, with a top British security official describing it as a "myth".

2008.04.16 - Industry News -IG: DHS need cyber security coordination office

Thu, 17 Apr 2008 14:29:07 -0400
Alice Lipowicz ,
FCW.com,
16 April 2008

IG: DHS need cyber security coordination office

The Homeland Security Department is moving too slowly to protect its most critical internal computer systems, according to a new from the department’s inspector general, Richard Skinner.

2008.04.16 - Company News - Frost & Sullivan Acknowledges Industrial Defender as Market Leader in Critical Infrastructure Cyber Security Protection

Thu, 17 Apr 2008 14:28:24 -0400
Press Release,
Frost & Sullivan ,
16 April 2008
Palo Alto, Calif. - April 16, 2008 - Based on its recent analysis of the cyber risk management solutions market for process control & SCADA environment, Frost & Sullivan presents Industrial Defender Inc. with the 2008 Global Frost & Sullivan Company of the Year Award.

2008.04.16 - Company News - Frost & Sullivan Acknowledges Industrial Defender as Market Leader in Critical Infrastructure Cyber Security Protection

Wed, 16 Apr 2008 10:02:37 -0400
Press Release,
Industrial Defender, Inc. ,
16 April 2008
FOXBOROUGH, Mass., April. 16, 2008 - Industrial Defender, Inc., the global leader in Cyber Risk Protection(TM), today announced that it is the recipient of the 2008 Global Risk Management Process Control & SCADA Company of the Year Award by Frost & Sullivan, a leading global growth consulting company.

2008.04.10 - Industry News -Bush's Cyber Secrets Dilemma

Fri, 11 Apr 2008 14:30:27 -0400
Andy Greenberg,
Forbes,
10 April 2008

Bush's Cyber Secrets Dilemma

SAN FRANCISCO, CALIF. - There's a problem facing the Bush administration: It has $30 billion to spend over the next five to seven years to keep the U.S. safe from hackers and cyberspies. But to extend that protection to the nation's critical infrastructure--including banks, telecommunications and transportation--it needs the cooperation of the private sector.

2008.04.09 - Industry News -DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

Fri, 11 Apr 2008 14:30:26 -0400
Tim Wilson,
Dark Reading,
09 April 2008

DHS Chief Says Current Defenses 'Insufficient' to Handle Evolving Threats

SAN FRANCISCO -- RSA Conference 2008 -- Michael Chertoff, secretary of the U.S. Department of Homeland Security, is a long way from feeling secure.

In a keynote address and press conference yesterday here, Chertoff discussed the threats faced by government and business, the progress of federal cyber security efforts, and the state of current security technology. And he believes a lot more work needs to be done on all of those fronts.

2008.04.09 - Industry News -Water, water, everywhere under attack

Fri, 11 Apr 2008 14:30:21 -0400
Alice Lipowicz,
Washington Technology,
09 April 2008

Water, water, everywhere under attack

Water utilities should begin work immediately to secure their systems against catastrophic cyberattack, according to a new strategy document sponsored by the American Water Works Association and Homeland Security Department.

2008.04.09 - Industry News -Experts hack power grid in no time

Fri, 11 Apr 2008 14:30:07 -0400
Tim Greene,
Network World ,
09 April 2008

Experts hack power grid in no time

SAN FRANCISCO -- Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

2008.04.09 - Industry News -Air Force pushing ahead on cyberspace

Fri, 11 Apr 2008 14:29:55 -0400
Ben Bain ,
FCW.com
09 April 2008

Air Force pushing ahead on cyberspace

The Air Force is finalizing a doctrine that will guide its operations in cyberspace, a domain in which the service plans to invest $5 billion during coming years as it works to establish its new Cyber Command. .

2008.04.09 - Industry News -Chertoff wants early warning system for infrastructure attacks

Thu, 10 Apr 2008 17:35:44 -0400
Associated Press,
CNN,
09 April 2008

Chertoff wants early warning system for infrastructure attacks

SAN FRANCISCO (AP) -- Federal cybersecurity officials are trying to develop an early warning system that alerts authorities to incoming computer attacks targeting critical U.S. infrastructure, Homeland Security Secretary Michael Chertoff said.

2008.04.08 - Industry News -Breaking into a power station in three easy steps

Wed, 9 Apr 2008 14:32:12 -0400
Elinor Mills,
Cnet News,
08 April 2008

Breaking into a power station in three easy steps

"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.

"Frankly, it's really easy to break into the power grid," he said. "It happens all the time."

2008.04.04 - Industry News -U.S. reveals plans to hit back at cyberthreats

Mon, 7 Apr 2008 11:22:42 -0400
Tom Espiner,
Cnet News,
04 April 2008

U.S. reveals plans to hit back at cyberthreats

The U.S. Air Force Cyber Command is developing capabilities to inflict denial of service, confidential data loss, data manipulation, and system integrity loss on its adversaries, and to combine these with physical attacks, according to a senior U.S. general.

2008.03.24 - Incidents- Limerick (PA) nuclear power station shut from full power

Tue, 25 Mar 2008 12:12:36 -0400
Reuters,
24 MAR 2008

Exelon Pa. Limerick 1 reactor shut

NEW YORK, March 24 (Reuters) - Exelon Corp's (EXC.N: Quote, Profile, Research) 1,134-megawatt Unit 1 at the Limerick nuclear power station in Pennsylvania shut from full power on March 22, the company said in a release.

The shutdown occurred due to a problem with the main turbine control system on the electrical distribution side of the plant. In the release, the company said operators were making repairs.

2008.03.13 - Industry News - Bush calls for tighter cybersecurity

Mon, 17 Mar 2008 10:22:14 -0400
Richard Wolf,,
USA Today,
13 March 2008

Bush calls for tighter cybersecurity

WASHINGTON - A sudden spike in the number of successful attacks against federal government information systems and databases has led President Bush to propose a multibillion-dollar response.

2008.03.13 - Industry News - Cyberexercise shows need for better training to avoid major network failures

Mon, 17 Mar 2008 09:46:07 -0400
Jill R. Aitoro,
GovernmentExecutive.com,
13 March 2008

Cyberexercise shows need for better training to avoid major network failures

Workers operating networks supporting the nation's critical infrastructure such as telecommunications and transportation need better training on how to manage backup systems in case cyberattacks take down main systems, said a top Homeland Security Department official Thursday.

2008.03.12 - Industry News - Insiders are the greatest threat to companies' security

Wed, 12 Mar 2008 14:29:51 -0400
DHSDailyWire.com,
12 March 2008

Insiders are the greatest threat to companies' security

There is a 72 percent likelihood that the next successful attack on your company will come from an insider, says IBM Tivoli executive

The recent scandal at French bank Société Générale has highlighted, if such highlighting was necessary, how vulnerable companies are to insider threats, speakers said Tuesday at the European Computer Audit Control and Security Conference in Stockholm. "Despite all the press and focus on hacking and viruses, there is a 72 percent likelihood that the next successful attack will come from an insider, according to statistics from ISCSA Labs," said Marne Gordan, GRC market manager at IBM Tivoli. Because such users are already on the inside they can cause a lot of damage, and go undetected for a long time. Reasons for users turning on their employers include financial gain, curiosity and good old-fashioned revenge, according to Gordan.

2008.03.10 - Industry News - U.S. officials: "Cyber Warfare Is Already Here"

Mon, 17 Mar 2008 10:36:11 -0400
HSDailyWire.com,
10 March 2008

U.S. officials: "Cyber Warfare Is Already Here"

U.S. officials say China, Russia, and possibly other nation-states are capable of collecting or exploiting data held on U.S. information systems; Director of National Intelligence says especially worrisome is the ability of other countries to destroy data in the system: "And the destroying data could be something like money supply, electric power distribution, transportation sequencing and that sort of thing"

2008.03.10 - Industry News - Analysis: DHS stages cyberwar exercise

Tue, 11 Mar 2008 09:49:07 -0400
Shaun Waterman ,
Middle East Times,
10 March 2008

Analysis: DHS stages cyberwar exercise

WASHINGTON, March 10 (UPI) -- Officials from 18 federal agencies, nine states, four foreign governments and more than three dozen private companies will take part in a cyberwar exercise staged by the U.S. Department of Homeland Security this week.

2008.03.09 - Industry News - Fed Networks Increasingly Under Siege

Mon, 10 Mar 2008 14:00:14 -0400
Courtney Mabeus ,
PCWorld,
09 March 2008

Fed Networks Increasingly Under Siege

Richard Westfield acknowledges his small agency, the National Labor Relations Board, doesn't possess the most sought-after data in government. But that doesn't mean his agency is not a target for hackers.

The agency’s computers are linked to other networks. "Once they have access to the network," Westfield said, "They can use that as a launch pad to other organizations."

2008.03.09 - Industry News - Chinese Hackers Worry Pentagon

Mon, 10 Mar 2008 13:58:51 -0400
PCWorld,
09 March 2008

Chinese Hackers Worry Pentagon

WASHINGTON (Reuters) - China is developing weapons that would disable its enemies' space technology such as satellites in a conflict, the Pentagon said in a report released last week.

The report also said "numerous" intrusions into computer networks around the world, including some owned by the U.S. government, in the past year seem to have originated in China.

2008.03.06 - Industry News - House Security Committee Passes Chemical Plant Anti-Terrorism Bill

Mon, 10 Mar 2008 17:51:29 -0400
Greenpeace,
06 March 2008,

House Security Committee Passes Chemical Plant Anti-Terrorism Bill

WASHINGTON, DC - March 6 - In a bipartisan vote, led by U.S. Rep. Bennie Thompson (D-MS), the House Homeland Security Committee today passed the "Chemical Facilities Anti-Terrorism Act of 2008." The bill would significantly strengthen the Department of Homeland Security's (DHS) regulations and create a permanent law to address the risks posed by chemical facilities.

2008.03.06 - Industry News - U.S. unprepared for ongoing cyberwar, say top military and intelligence officials

Fri, 7 Mar 2008 10:44:09 -0500
Bob Brewin,
GovernmentExecutive.com,
06 March 2008

U.S. unprepared for ongoing cyberwar, say top military and intelligence officials

The United States is in the midst of a cyberwar and is not prepared to deal with it, top Defense Department and intelligence officials acknowledged this week.

"Cyberwarfare is already here.... It's one of our major challenges," said Defense Deputy Secretary Gordon England on Monday at the annual National Community Service and Legislative Conference of the Veterans of Foreign Wars.

2008.03.06 - Industry News - Nato says cyber warfare poses as great a threat as a missile attack

Fri, 7 Mar 2008 10:32:21 -0500
Bobbie Johnson,
guardian.co.uk,
06 March 2008

Nato says cyber warfare poses as great a threat as a missile attack

Nato is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official.

A London conference was told that online espionage and internet-based terrorism now represent some of the gravest threats to global security.

2008.03.04 - Industry News - Pentagon: China's computer hacking worries Pentagon

Wed, 5 Mar 2008 10:28:35 -0500
Julian E. Barnes,
LATimes.com,
04 March 2008

China's computer hacking worries Pentagon

A report says the country now has the ability to get into networks around the world.

WASHINGTON - China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday.

2008.03.03 - Industry News - FPL Announces Preliminary Findings of Outage Investigation

Wed, 5 Mar 2008 10:30:15 -0500
ElectricEnergyOnline.com,
03 March 2008

FPL Announces Preliminary Findings of Outage Investigation

Juno Beach, Fla., March 3, 2008 - Florida Power & Light Company announced preliminary findings of its ongoing investigation into the cause of an outage affecting approximately 584,000 customers on Tuesday, Feb. 26.

2008.03.03 - Industry News - Pentagon: Cyberattacks appear to come from China

Wed, 5 Mar 2008 09:46:36 -0500
Bob Brewin,
GovernmentExecutive.com,
03 March 2008

Pentagon: Cyberattacks appear to come from China

The Defense Department said Monday that cyberattacks in 2007 against computer networks operated by governments and commercial institutions around the world "appear" to have originated within China -- marking the first time the Pentagon has so visibly pinned the blame against China for cyberattacks.

2008.03.01 - Industry News - Human error caused outage

Wed, 5 Mar 2008 09:44:32 -0500
Eve Samples,
Palm Beach Post ,
01 March 2008

Human error caused outage

A blunder by a field engineer working alone at one of Florida Power & Light Co.'s substations appears to have triggered the blackout that left at least 2 million Floridians without power Tuesday.

2008.02.28 - Industry News - Cyber-Security: Ignore At Your Peril

Fri, 29 Feb 2008 10:57:38 -0500
Scott Louis Weber,
Forbes,
28 Feb 2008

Cyber-Security: Ignore At Your Peril

In the 2001 attack on the World Trade Center, al-Qaida accomplished three goals: It caused a massive loss of life, it destroyed an icon of American prosperity and it wreaked havoc on Wall Street and the U.S. economy. Economic destruction continues to be a goal of terrorists and other bad actors, and cyber attacks are an increasingly popular and effective weapon.

2008.02.28 - Industry News - DHS gives itself a 'C' for cybersecurity

Fri, 29 Feb 2008 10:56:08 -0500
Jill R. Aitoro,
GovernmentExecutive.com,
28 Feb 2008

DHS gives itself a 'C' for cybersecurity

The top ranking official in the Homeland Security Department's national protection division called the agency's efforts in cybersecurity satisfactory, assigning a grade of 'C' during congressional testimony Thursday. But members of Congress called the grade inadequate, emphasizing the need for better collaboration with agency technology leaders, real-time response to system attacks, and metrics that measure the ability to protect networks from specific threats rather than system compliance.

2008.02.20 - Industry News - Power restored to parts of Florida after outage

Wed, 27 Feb 2008 10:09:26 -0500
CNN,
27 Feb 2008

Power restored to parts of Florida after outage

MIAMI, Florida (CNN) -- Power was restored Tuesday for most of Florida after a failed switch and fire at an electrical substation outside Miami triggered widespread blackouts across the state.

2008.02.26 - Incidents- Massive power outage hits Florida

Tue, 26 Feb 2008 17:22:53 -0500
CNN,
26 FEB 2008

Massive power outage hits Florida

MIAMI, Florida (CNN) -- A "significant equipment failure" at a substation west of Miami triggered Tuesday afternoon's blackouts around southern Florida, a Florida Power & Light official said.

Utility spokeswoman Aletha Player said an investigation is ongoing, and provided no details of the failure. But she said the 700,000 customers affected by the outage in southern Florida should have power restored by 5:30 p.m.

2008.02.20 - Industry News - Analysis: Terrorism 2.0

Wed, 20 Feb 2008 15:53:04 -0500
Middle East Times,
20 Feb 2008

Analysis: Terrorism 2.0

BRUSSELS, Feb. 20 (UPI) -- Terrorism and wars of the future won't be fought outdoors but from the comfort of our own homes, behind our computer screens. With cyberattacks on the rise and gaining in destructive capability, the threat to the international community is beyond current regulations and defense mechanisms, a panel of experts said last week.

2008.02.13 - Industry News - Pentagon: Cyberattacks appear to come from China

Thu, 14 Feb 2008 13:42:42 -0500
EurActiv.com,
13 Feb 2008

Pentagon: Cyberattacks appear to come from China

The military alliance has agreed to set up a new body to coordinate responses to cyber attacks carried out against its members and gather intelligence to prevent them from happening in the future, a NATO official said.

2008.02.11 - Industry News - Cyberterrorism, Inc

Mon, 11 Feb 2008 11:53:19 -0500
Peter Buxbaum,
ISN,
11 Feb 2008

Cyberterrorism, Inc

A new report says that 2008 will see an expansion of economic espionage in which nation-states and companies will use cybertheft of data to gain economic advantage in multinational deals.

2008.02.07 - Industry News - Spending for IT security gains ground in 09 budget

Thu, 14 Feb 2008 13:46:05 -0500
Wyatt Kash,
GCN- Government Computer News,
07 Feb 2008

Spending for IT security gains ground in 09 budget

If President Bush’s 2009 budget request indeed reflects his priorities, then securing the government’s information technology systems appears to have the president’s attention.

2008.02.11 - Industry News - Welcome to Cyberwar Country, USA

Mon, 11 Feb 2008 11:51:35 -0500
Marty Graham,
Wired,
11 Feb 2008

Welcome to Cyberwar Country, USA

BARKSDALE AIR FORCE BASE, Louisiana -- When a reporter enters the Air Force office of William Lord, a smile comes quickly to the two-star general's face as he darts from behind his immaculate desk to shake hands. Then, as an afterthought, he steps back and shuts his laptop as though holstering a sidearm.

2008.02.10 - Industry News - Combating Enemies Online: State-Sponsored and Terrorist Use of the Internet

Mon, 11 Feb 2008 11:49:33 -0500
James Jay Carafano and Richard Weitz,
Hawaii Reporter,
10 Feb 2008

Combating Enemies Online: State-Sponsored and Terrorist Use of the Internet

Even before the terrorist attacks of Sept. 11, 2001, security experts were becoming increasingly concerned about the vulnerability of U.S. computer systems and associated infrastructure. The 9/11 attacks amplified these concerns.

2008.02.01 - Industry News - Cyber Security Breach

Mon, 4 Feb 2008 09:29:10 -0500
Bruce Gellerman,
Living on Earth,
01 Feb 2008

Cyber Security Breach

As power companies increasingly use the internet to manage their power grids, they’re also becoming increasingly vulnerable to hacker attacks that could shut down power and destroy facilities, all with the click of a mouse. Host Bruce Gellerman speaks with Alan Paller, director of research at the SANS Institute, which specializes in security systems education.

2008.01.31 - Industry News - Threats from everywhere in 'cyber storm'

Mon, 11 Feb 2008 11:47:47 -0500
Ted Bridis,
Associated Press,
31 Jan 2008

Threats from everywhere in 'cyber storm'

WASHINGTON - In the middle of the biggest-ever "Cyber Storm" war game to test the nation's hacker defenses, someone quietly targeted the very computers used to conduct the exercise.

2008.01.29 - Industry News - Industry experts question $6 billion Bush cybersecurity plan

Fri, 1 Feb 2008 09:54:48 -0500
Jill R. Aitoro,
GovernmentExecutive.com,
29 Jan 2008

Industry experts question $6 billion Bush cybersecurity plan

A system that focuses on network protection will do little to fend off intruders, industry sources argue in response to reports that President Bush will allocate $6 billion in his 2009 budget to a cybersecurity project meant to shield communication networks from terrorists and hackers.

2008.01.19 - Incidents- CIA: Hackers to Blame for Power Outages

Wed, 23 Jan 2008 11:37:51 -0500
Associated Press,
19 JAN 2008

CIA: Hackers to Blame for Power Outages

WASHINGTON (AP) - Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a trade conference.

All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in "several regions outside the United States."

2008.01.17 - Industry News - NERC Cyber Security Standards to Become Mandatory in United States

Thu, 17 Jan 2008 15:22:03 -0500
NERC Press Release ,
17 JAN 2008

NERC Cyber Security Standards to Become Mandatory in United States

PRINCETON, N.J., Jan. 17, 2008 - In a major move toward ensuring the reliability of the electric grid, the Federal Energy Regulatory Commission (FERC) today approved eight cyber security and critical infrastructure protection standards proposed by NERC. Set to become mandatory when the Commission’s order becomes effective in approximately 60 days, the standards will require bulk power system users, owners, and operators in the U.S. to identify and document cyber risks and vulnerabilities, establish controls to secure critical cyber assets from physical and cyber sabotage, report security incidents, and establish plans for recovery in the event of an emergency. The standards are already mandatory in Ontario and New Brunswick in Canada.

2008.01.16 - Industry News - Weak control system security threatens U.S.

Wed, 16 Jan 2008 15:24:50 -0500
Joab Jackson ,
GCN.com,
16 JAN 2008

Weak control system security threatens U.S.

NEW ORLEANS - Weak security on infrastructure control systems may eventually put the country at risk for a coordinated attack on utilities, warned Jerry Dixon, former acting director of the Homeland Security Department’s National Cyber Security Division.

2008.01.11 - Incidents - Schoolboy hacks into city's tram system

Wed, 16 Jan 2008 15:26:39 -0500
Graeme Baker,
Telegraph.co.uk,
11 JAN 2008

Schoolboy hacks into city's tram system

A teenage boy who hacked into a Polish tram system used it like "a giant train set", causing chaos and derailing four vehicles.

The 14-year-old, described by his teachers as a model pupil and an electronics "genius", adapted a television remote control so it could change track points in the city of Lodz.

2008.01.05 - Industry News - Feds confirm 2006 security violation at OR nuclear plant

Thu, 10 Jan 2008 13:20:42 -0500
Frank Munger ,
KnoxNews.com,
05 JAN 2008

Feds confirm 2006 security violation at OR nuclear plant

OAK RIDGE - Federal inspectors have confirmed a late 2006 security breach in which an unauthorized laptop computer was taken into a high-security area at the Y-12 nuclear weapons plant. They also found that Y-12's cyber security personnel did not respond properly after the breach was discovered.

2007.12.28 - Industry News - USAF wants to build Cyber Control System

Wed, 2 Jan 2008 14:12:21 -0500
Brian Robinson ,
Washington Technology,
28 Dec 2007

USAF wants to build Cyber Control System

As part of its evolving cyberwarfare strategy, the Air Force is looking for input on how to construct a command and control system that would support defensive and offensive operations in the event of an all-out attack on the country’s information infrastructure.

2007.12.27 - Industry News - NIST: Fed agencies should mount penetration attacks

Wed, 2 Jan 2008 14:12:20 -0500
Jack Rogers ,
scmagazineus.com,
27 Dec 2007

NIST: Fed agencies should mount penetration attacks

In the final draft of its upcoming security guidelines for protecting federal information systems, the National Institute of Standards and Technology (NIST) is recommending that federal agencies conduct regular penetration tests to determine whether their networks can be breached.

2007.12.27 - Industry News - Experts fail government on cybersecurity

Wed, 2 Jan 2008 14:12:19 -0500
Ryan Blitstein ,
San Jose Mercury News ,
27 Dec 2007

Experts fail government on cybersecurity

Efforts criticized for deficient funds, lack of understanding of threat's size

SAN JOSE, CALIF.: Since the outbreak of a cybercrime epidemic that has cost the American economy billions of dollars, the federal government has failed to respond with enough resources, attention and determination to combat the cyberthreat, a San Jose Mercury News investigation reveals.

2007.12.19 - Industry News - Irate Unix Administrator Admits Trying To Sabotage California Power Grid

Fri, 21 Dec 2007 10:56:33 -0500
Charles Babcock ,
Information Week,
19 Dec 2007

Irate Unix Administrator Admits Trying To Sabotage California Power Grid

A contract Unix system administrator pleaded guilty to trying to disrupt a data center where he was employed in Folsom, Calif., by hammering the safety glass of an emergency power shut-off, then pushing the shut-down button.

2007.12.18 - Industry News - House approves $34.9B for homeland security

Thu, 20 Dec 2007 17:20:25 -0500
Alice Lipowicz,
Washington Technology,
18 Dec 2007

House approves $34.9B for homeland security

The omnibus spending bill approved by the House of Representatives yesterday includes $34.9 billion in baseline funding for the Homeland Security Department in fiscal 2008 and boosts major departmental information technology contracting efforts focused on U.S. Visit and the Real ID Act of 2005.

2007.12.10 - Industry News - FERC seeks industry cyber-security plans

Tue, 11 Dec 2007 10:10:28 -0500
Associated Press (AP),
cnnmoney.com,
10 Dec 2007

FERC seeks industry cyber-security plans

WASHINGTON (AP) - Federal energy regulators said Monday they have asked the White House to approve a rule that requires the electric industry to submit detailed reports about its progress in addressing potential cyber-security vulnerabilities.

2007.12.10 - Industry News - China suspected in hacking attempt on Oak Ridge National Lab

Mon, 10 Dec 2007 17:03:30 -0500
hsdailywire.com,
10 Dec 2007

China suspected in hacking attempt on Oak Ridge National Lab

In October about 1,100 employees at the Oak Ridge National Lab received versions of seven phishing e-mails which appeared legitimate; eleven employees opened the e-mails' attachments, which enabled the hackers to infiltrate the Lab's system and remove data; Last week DHS circulated memo to security experts pointing to China as the source of the October hacking at the weapon lab.

2007.12.07 - Incidents - Hackers launch major attack on U.S. military labs

Mon, 10 Dec 2007 11:40:40 -0500
John E. Dunn,
techworld.com,
07 Dec 2007

Hackers launch major attack on U.S. military labs

Sophisticated cyber attacks break into computer systems at the U.S. military's Oak Ridge National Laboratory in Tennessee and Los Alamos National Laboratory in New Mexico

2007.12.07 - Incidents - Cyber hackers infiltrate ORNL (Oak Ridge National Laboratory)

Fri, 7 Dec 2007 13:18:34 -0500
Frank Munger,
Knoxnews.com),
07 Dec 2007

Cyber hackers infiltrate ORNL (Oak Ridge National Laboratory)

OAK RIDGE - Oak Ridge National Laboratory was the target of a "sophisticated cyber attack" that potentially gave hackers access to the personal information of thousands of visitors to the lab from 1990 to 2004, the laboratory confirmed Thursday.

2007.11.30 - Industry News - Government-sponsored cyberattacks on the rise, McAfee says

Mon, 3 Dec 2007 09:25:38 -0500
Jon Brodkin ,
Computer World,
30 Nov 2007

Government-sponsored cyberattacks on the rise, McAfee says

Big Brother -- someone's Big Brother -- is actively messing with you

November 30, 2007 (Network World) -- Governments and allied groups worldwide are using the Internet to spy and launch cyberattacks on their enemies, targeting critical systems including electricity, air traffic control, financial markets and government computer networks, according to McAfee's annual report examining global cybersecurity.

2007.11.29 - Industry News - Insider charged with hacking California canal system

Fri, 30 Nov 2007 11:42:57 -0500
Robert McMillan ,
Computer World,
29 Nov 2007

Insider charged with hacking California canal system

Ex-supervisor installed unauthorized software on SCADA system, indictment says

November 29, 2007 (IDG News Service) -- SAN FRANCISCO -- A former employee of a small California canal system has been charged with installing unauthorized software and damaging the computer used to divert water from the Sacramento River.

2007.11.29 - Incidents - Enbridge eyes quick restart after pipe blast

Fri, 30 Nov 2007 12:10:15 -0500
Jeffrey Jones and Scott Haggett,
Reuters (AP),
29 Nov 2007

Enbridge eyes quick restart after pipe blast

CALGARY (Reuters) - Enbridge Inc (ENB.TO) on Thursday said it expects to quickly restart its huge pipeline system, the day after a deadly blast in Minnesota killed two workers and briefly choked off 10 percent of oil imports to the world's top consumer.

2007.11.29 - Industry News - World faces "cyber cold war" threat

Thu, 29 Nov 2007 10:28:42 -0500
Peter Griffiths,
Reuters,
29 Nov 2007
LONDON (Reuters) - A "cyber cold war" waged over the world's computers threatens to become one of the biggest threats to security in the next decade, according to a report published on Thursday.

2007.11.19 - Industry News - NIST addresses security for industrial controls systems

Wed, 21 Nov 2007 14:09:12 -0500
William Jackson,
Government Computer News,
19 Nov 2007
The National Institute of Standards and Technology has released an initial draft of new security guidelines for government information technology systems used for industrial control processes. The guidelines are in a revised appendix to NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems."

2007.11.13 - Industry News - Asymmetric cyber threat

Thu, 15 Nov 2007 14:26:27 -0500
James A. Lyons Jr.,
Washington Times,
13 Nov 2007
One asymmetric threat to our military forces and the nation is "cyber terrorism." Our advanced technologically based military forces - dependent on our satellites, critical infrastructure computers, the Internet, secure software programming, computer-driven telecommunications, air traffic control centers and other sophisticated sensor systems - are tempting targets for cyber terrorism.

2007.11.06 - Industry News - White House officials ask for $154 million in new cybersecurity spending

Wed, 7 Nov 2007 13:56:43 -0500
Jason Miller ,
FCW.com,
06 Nov 2007
White House officials today asked Congress for more than $436 million in new cybersecurity and counterterrorism programs in the Homeland Security and Justice departments’ fiscal 2008 spending bills.wants the next administration to address.

2007.11.05 - Industry News - Panel must narrow cybersecurity scope

Tue, 6 Nov 2007 13:33:17 -0500
Jason Miller ,
FCW.com,
05 Nov 2007
31 experts form a commission to give next president their advice on network defenses

A new blue-ribbon panel that will develop cybersecurity recommendations for the next president faces a compressed schedule and the challenge of agreeing on a cybersecurity agenda that it wants the next administration to address.

2007.11.02 - Incidents - Arizona Nuclear Power Plant Off Lockdown After Security Alert

Tue, 6 Nov 2007 09:05:42 -0500
Associated Press (AP),
FOXNews.com,
02 Nov 2007
WINTERSBURG, Ariz. - Security officials at the nation's largest nuclear power plant detained a contract worker with a small, crude explosive device in the back of his pickup truck Friday, and investigators were searching his apartment, authorities said.

2007.10.29 - Industry News - Controlling Hackers

Thu, 1 Nov 2007 16:15:59 -0400
Ken Silverstein,
EnergyBizInsider,
29 Oct 2007
Violent lunatics bent on the destruction of western civilization are one thing. Silent computer hackers who can whittle away at the nation's infrastructure are another.

Federal and industry experts say that the technology that allows utilities to run their operations is more vulnerable now than ever before. Because those networks are becoming increasingly standardized and linked to other centralized systems, they can be more easily breached and the resulting disturbances can be enormous.

2007.11.01 - Industry News - Al Qaeda Sets a Date for Cyber Jihad

Thu, 1 Nov 2007 10:04:29 -0400
Ben Worthen,
Wall Street Journal (wsj.com),
01 Nov 2007
Earlier this week, an Israeli counter-terrorism group discovered an announcement on an Arabic Web site: Jihadists are going to launch a coordinated cyber attack on 15 Western Web sites on November 11. They plan to expand the attack "until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites.

2007.10.31 - Industry News - Public utility's bare insecurities

Tue, 30 Oct 2007 15:00:19 -0400
Richard Bray, columnist, CIO Government Review,
InterGovWorld.com,
31 Oct 2007
The shocking image of an electrical generator ripping itself apart in a simulated hacking attack opens a CNN report on SCADA (supervisory control and data acquisition) vulnerabilities.

The computer network attached to the generator has been breached and the SCADA controller settings changed to make it self-destruct.

2007.10.30 - Industry News - New U.S. tack to defend power grid - Lawmakers are on alert as hackers increase attacks on US infrastructure.

Tue, 30 Oct 2007 09:52:38 -0400
Mark Clayton ,
The Christian Science Monitor,
30 Oct 2007
For nearly five years, the US government has struggled to guard the nation's electric grid, drinking water, and other critical infrastructure from cyberattack. But as hackers continue to infiltrate such systems, and as reports surface of a surge in computer attacks on the electric grid, experts and lawmakers have an urgent message for the Bush administration: Cybersecurity defenses need an overhaul.

2007.10.30 - Industry News - Cyber security committee about to form -Experts say hackers are a step ahead.

Tue, 30 Oct 2007 09:51:00 -0400
Jason Embry ,
Statesman.com,
30 Oct 2007
Computer hackers muscled their way into a power plant's control system and destroyed an electric generator earlier this year at an Idaho lab, a sign of vulnerability in the country's power grids.

The Idaho breach, some of which aired later on CNN, was an experiment conducted for the Department of Homeland Security to see how well the country could resist cyber attacks. It also made U.S. Rep. Michael McCaul, R-Austin, more than a little uneasy.

2007.10.24 - Industry News - Rep. Thompson presses DHS for information on cyber initiative

Thu, 25 Oct 2007 14:47:22 -0400
Jason Miller ,
FCW.com,
24 Oct 2007
Rep. Bennie Thompson (D-Miss.) is frustrated by the lack of response from the Homeland Security Department and the Office of the Director for National Intelligence about a reportedly new cybersecurity program the National Security Agency is developing.

2007.10.24 - Industry News - Security incidents and trends in SCADA and process industries

Wed, 24 Oct 2007 09:56:47 -0400
Eric Byres,David Leversage and Nate Kube,
The Industrial Ethernet Book - Vol. 39,
May 2007
Supervisory Control and Data Acquisition and industrial control systems, with their traditional reliance on proprietary networks and hardware, have long been considered immune to the cyber attacks suffered by corporate information systems. Unfortunately, both academic research and in-the-field experience indicate misplaced confidence.The move to open standards such as Ethernet,TCP/IP, and web technologies allows hackers and virus writers to take advantage of the control industry’s ignorance.The result is a growing number of unpublicised cyber-based security events that are affecting critical infrastructure and manufacturing industries.

2007.10.19 - Industry News - Congress: Power Grid Defense Is Weak

Mon, 22 Oct 2007 09:54:10 -0400
Lisa Vaas,
eWeek.com,
19 Oct 2007
In the wake of the Idaho National Laboratory test that blew up an electrical generator with a simulated cyber-attack and revealed the fragility of the nation's electrical infrastructure, a congressional panel on cyber-security is calling for an investigation into how well electric sector owners and operators have implemented security mitigations developed by the U.S. Department of Homeland Security and Department of Energy.

2007.10.19 - Industry News - U.S. power grid is increasingly vulnerable to attack

Fri, 19 Oct 2007 16:36:51 -0400
HS Daily Wire,
19 Oct 2007
U.S. power system is worth more than $1 trillion, comprising more than 200,000 miles of transmission lines and more than 800,000 megawatts of generating capability; it serves more than 300 million; Congressional panel, describing industry-developed security standards as "woefully inadequate, "examines how well operators have implemented security measures developed by DHS, DOE

2007.10.19 - Industry News - Experts says proposed security standards for power grid not enough

Fri, 19 Oct 2007 13:43:53 -0400
Jaikumar Vijayan,
ComputerWorld.com,
19 Oct 2007
Significant number of interdependent assets still exposed, say critics

October 19, 2007 (Computerworld) -- New cybersecurity standards proposed by the North American Electric Reliability Corp. (NERC) to protect the nation's power infrastructure are not broad enough and fail to cover a significant number of interdependent assets.

The standards also give electric utility owners, operators and users too much discretion when it comes to implementing the prescribed controls, a group of experts told members of the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology on Wednesday.

2007.10.18 - Industry News - Tighter security over power plant computer systems urged

Fri, 19 Oct 2007 13:32:39 -0400
Jill R. Aitoro,
GovExec.com,
18 Oct 2007
Current regulations to protect the control systems that support power plants nationwide fall short of federal recommendations, posing a serious threat to the electric infrastructure and national security, witnesses testified at a hearing Wednesday. One lawmaker threatened legislation if standards don't improve.

The hearing before the House Homeland Security Subcommittee on Emerging Threats, Cybersecurity and Science and Technology was prompted by a simulation that highlighted vulnerabilities in the computers that run water, power and chemical plants. In the March Aurora Generator test, researchers from the Idaho National Laboratories created a video for the Homeland Security Department simulating a cyberattack on a power plant's control system. The attack caused a generator to self-destruct.

2007.10.18 - Industry News - Internet Compromises Power Grid Security, Witnesses Say

Fri, 19 Oct 2007 13:45:11 -0400
Rob Margetta,
CQ.com,
18 Oct 2007
The electronic infrastructure that operates America’s power grids is more at risk of cyber-attack than ever because of operating systems connected to the Internet, according to witnesses at a House subcommittee hearing Wednesday.

Jim Langevin, D-R.I., chairman of the House Homeland Security Cybersecurity Subcommittee, bashed a set of regulatory standards recommended by the Federal Energy Regulatory Commission (FERC) for the "control systems" that protect the power industry’s systems.

Several witnesses joined him in this assessment, and recommended that the Department of Homeland Security develop a better system for guiding private industry efforts to secure control systems.

2007.10.18 - Industry News - DOE to Provide Nearly $8 Million to Safeguard the Nation's Energy

Fri, 19 Oct 2007 13:26:35 -0400
Newsblaze.com,
18 Oct 2007
U.S. Department of Energy (DOE) Assistant Secretary for Electricity Delivery and Energy Reliability Kevin M. Kolevar today announced five projects that have been selected for negotiation of awards of up to $7.9 million in DOE funding to develop and integrate technologically- advanced controls and cyber-security devices into our electric grid and energy infrastructure.

2007.10.17 - Industry News - Will cyberintrusions crash U.S. electrical grid?

Thu, 18 Oct 2007 09:47:30 -0400
Anne Broache ,
CNET news.com,
17 Oct 2007
WASHINGTON--Some critics of the U.S. government's cybersecurity efforts might argue that nothing short of a bomb going off--or, well, purported Chinese cyberattacks on feds' machines--will land the issue more notice.

This time around, the wake-up call for politicians was, indeed, an explosion: In September, U.S. Homeland Security officials revealed that researchers at the Idaho National Laboratory had managed to destroy a small electrical generator through a simulated cyberattack. A few weeks ago, CNN aired a gloom-and-doom segment featuring snips from the once-classified video showing the device going up in smoke.

2007.10.16 - Industry News - How to Take Down the Power Grid

Wed, 17 Oct 2007 14:21:04 -0400
Ira Winkler,
Internet Evolution,
16 Oct 2007
The first time I broke into our country’s electrical power grid was a decade or so ago. Hacking into the control systems set up by utility companies wasn’t surprising then, and it isn’t surprising now. While people find this shocking, it really isn’t. When you think about how insecure computer infrastructures are, why would you think that the power grid would be any more secure? Frankly, the power grid is even less secure than most other computer networks. I wrote about it many times, including some details in my recent book, Spies Among Us.

All of this came back to me as I watched news stories about "Hackers Blow Up a Generator." The Department of Homeland Security (DHS) put out a video showing a test from Idaho Nuclear Laboratory where someone broke into a SCADA (Supervisory Control and Data Acquisition) computer and caused the generator to run wild until it blew itself up.

2007.10.11 - Industry News - NERC-CIP: 'Critical' or in 'Critical Condition'?

Tue, 16 Oct 2007 17:08:48 -0400
Warren Causey and Mike Smith (Sierra Energy Group),
Energy Pulse,
11 Oct 2007
North American Energy Reliability Corp. Critical Infrastructure Protection (NERC-CIP) standards are a product of the Northeast blackout of 2003 and the terrorist attacks of 2001. Following those events, politicians were clamoring for something to be done to guarantee more reliability for the grid, and protection for the software systems that monitor and today increasingly control the transmission and distribution grids, along with generation and everything else utilities do. Congress controls FERC (the Federal Energy Regulatory Commission), so pressure was applied there.

2007.10.08 - Industry News - When the price for protection is too high

Fri, 12 Oct 2007 14:16:12 -0400
William Jackson ,
GCN.com,
08 Oct 2007
Word is getting around about what appears to be another foray by the government into domestic intelligence gathering. According to news reports, the National Security Agency is making plans to take the lead in a federal initiative to monitor and protect the control and communications networks that serve the nation’s critical infrastructure.

Security can be a good thing, but it comes at a price that must be considered. In this case, we need to ask: Is the government equipped to do the best job of protecting these networks, and do we want to entrust this job to them? The answer to both questions is no.

2007.10.10 - Industry News - Updated homeland security strategy emphasizes resilience

Thu, 11 Oct 2007 15:26:55 -0400
Alice Lipowicz ,
FCW.com,
10 Oct 2007
The Bush administration released this week an updated National Strategy for Homeland Security that emphasizes newer concepts, such as developing resilient infrastructure, while including familiar themes, such as deterring terrorism through more effective information sharing.

2007.10.10 - Industry News - DHS offers baseline for U.S. IT security skills

Thu, 11 Oct 2007 15:24:56 -0400
Brian Robinson,
FCW.com,
10 Oct 2007
The Homeland Security Department recently published a draft of a framework of knowledge and skills it believes the United States needs to prevent cyberattacks.

Development of the "IT Security Essential Body of Knowledge" (EBK) began in 2003, when the DHS National Cyber Security Division (NCSD) began working with the Defense Department, academia and private industry to examine workforce IT certifications and what would be needed to advance security skills.

2007.10.10 - Industry News - Cisco Folds Security Research Group

Wed, 10 Oct 2007 13:35:55 -0400
Kelly Jackson Higgins,
Dark Reading
10 Oct 2007
An internal security research group within Cisco was quietly shuttered over the past few days as part of a restructuring effort.

The group is part of Cisco's Critical Infrastructure Assurance Group (CIAG), which is focused on improving the security of global critical infrastructure with research, training, education, best practices, and standards development. Cisco has not publicly announced the move.

2007.10.04 - Industry News - Industrial controls have very specific security needs

Tue, 9 Oct 2007 10:43:03 -0400
Ellen Fussell Policastro,
ISA InTech
04 Oct 2007
Security is a big deal, but when it comes to securing control systems, that is a whole different can of worms, so to speak.

The industry needs special security measures for their special needs. On Wednesday, Chris Martin with Industrial Defender was on hand in the Security XPod to give an overview of how these special products can help users secure their SCADA and DCS systems and networks. They are specifically engineered for the SCADA and DCS environment. The products are different than other security measures because they "stop at the plant perimeter, and the edge of the process control network," Martin said. "We don’t sell our solutions into the enterprise. We feel there are unique characteristics and solutions sold on the corporate side that are not applicable for the plant side."

2007.10.01 - Industry News - Remarks of Cybersecurity and Communications Assistant Secretary Greg Garcia at the National Cyber Security Awareness Month Kick-Off Summit

Tue, 9 Oct 2007 10:35:33 -0400
Remarks of Cybersecurity and Communications Assistant Secretary Greg Garcia,
Department of Homeland Security (DHS),
01 Oct 2007
...We’re in a time of increasing global threats to our cyber infrastructures and to the services, systems, and assets that depend on them. While these at-risk-systems are vast, they easily fade into the background of everyday life. The local ATM, the overhead lights, and the water faucets are all dependant on larger, more comprehensive systems controlled by it networks.

An exploited vulnerability in one of these it control systems could range from the annoying to the catastrophic. Our adversaries would like nothing more than to gain control of our financial markets, power generation plants, water purification facilities, or transportation systems. That’s why, here in our Nation’s capital, as in any American city, cyber vulnerabilities can have real world consequences.

2007.10.01 - Industry News - Much work to be done as National Cyber Security Awareness Month begins

Tue, 9 Oct 2007 10:32:40 -0400
Dan Kaplan ,
SC Magazine,
01 Oct 2007
A joint McAfee and National Cyber Security Alliance study, released today to kick off National Cyber Security Awareness Month, reports that while 98 percent of 378 respondents believe keeping security software up to date is important, less than half -48 percent- of their computers had not been updated in the past month.

2007.09.27 - Industry News - Mouse click could plunge city into darkness, experts say

Thu, 27 Sep 2007 12:41:37 -0400
Jeanne Meserve ,
CNN,
27 Sept 2007
WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.

Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.

2007.09.27 - Industry News - US video shows simulated hacker attack

Thu, 27 Sep 2007 12:38:05 -0400
Ted Bridis and Eileen Sullivan ,
Associated Press (AP),
27 Sept 2007
WASHINGTON (AP) -- A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.

The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke.

2007.09.25 - Incidents - Radar fails in Memphis; hundreds of flights affected

Wed, 26 Sep 2007 09:39:29 -0400
CNN.com,
25 Sept 2007
ATLANTA, Georgia (CNN) -- Air traffic controllers were forced to use their personal cell phones to reroute hundreds of flights Tuesday after the Federal Aviation Administration's Memphis Center lost radar and telephone service for more than two hours, snarling air traffic in the middle of the nation.

2007.09.24 - Incidents - Investigators: Homeland Security computers hacked

Wed, 26 Sep 2007 09:37:10 -0400
CNN.com,
24 Sept 2007
WASHINGTON (CNN) -- Hackers compromised dozens of Department of Homeland Security computers, moving sensitive information to Chinese-language Web sites, congressional investigators said Monday.

Investigators pointed a finger at a government contractor, saying the firm hired to protect DHS computers tried to hide the incidents from the department.

2007.09.20 - Industry News - NSA to defend against hackers

Tue, 25 Sep 2007 09:17:04 -0400
Siobhan Gorman ,
Baltimore Sun,
20 Sept 2007
Privacy fears raised as spy agency turns to systems protection
In a major shift, the National Security Agency is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials.

2007.09.20 - Industry News - Hackers reveal day-to-day dangers

Fri, 21 Sep 2007 17:09:35 -0400
Jonathan Kent ,
BBC News,
20 Sept 2007
The BBC's Jonathan Kent attends the Hack In The Box conference in Malaysia to hear about the dangers ethical hackers are starting to uncover.

These days meetings of computer hackers are no longer gatherings of pale young men sitting in rooms knee deep in pizza boxes.

2007.09.19 - Industry News - US Air Force sets up Cyber Command

Fri, 21 Sep 2007 17:07:01 -0400
Agence France Presse (AFP),
news.yahoo.com,
19 Sept 2007
WASHINGTON (AFP) - The US Air Force established a provisional Cyber Command Tuesday as part of an expanding mission to prepare for wars in cyberspace, officials said.

The move comes amid concerns over a wave of hacker attacks originating in China against western governments and a crippling attack in May against Estonia amid a dispute with Russia.

2007.09.18 - Industry News - Settlement Ends First BP Explosion Trial

Wed, 19 Sep 2007 10:08:43 -0400
Monica Rhor (The Associated Press),
WashingtonPost.com,
18 Sept 2007
GALVESTON, Texas -- The first trial stemming from the deadly explosion at BP PLC's Texas City refinery ended in a settlement Tuesday.

The trial over the 2005 accident _ which killed 15 people, injured 170 and was the worst accident in the gas and chemical industry in almost 15 years _ began Sept. 5. It was the only one of hundreds of lawsuits from the blast to reach the courtroom.

2007.09.13 - Industry News - Data explosion shakes up IT

Tue, 18 Sep 2007 17:02:18 -0400
Jeremy Kirk,
IDG News Service
13 Sept 2007
Reported software vulnerabilities declined in 2003 and 2004 but surged in 2005 to around 6,000 -- an all-time high

2007.09.06 - Incidents - Chinese hackers cyber-attacking British government networks

Thu, 13 Sep 2007 16:55:40 -0400
News.yahoo.com,
Agence France Presse (AFP),
06 Sept 2007
LONDON - Chinese computer hackers are infiltrating British government networks, giving them access to secret information, according to media reports on Thursday.

The reports in The Times and The Independent newspapers come a day after US President George W. Bush said he may bring up the issue of suspected Chinese cyber-attacks on the US defence department in a meeting with China's President Hu Jintao.

2007.09.04 - Incidents - China Denies Accusations Its Military Hacked Into Pentagon Computer System

Tue, 4 Sep 2007 11:01:29 -0400
FoxNews.com,
Associated Press,
04 Sept 2007
China on Tuesday denied a report that its military had hacked into Pentagon computers, saying the allegations were "groundless" and that Beijing was opposed to cybercrime.

The Financial Times, citing unnamed officials, reported Monday that the People's Liberation Army hacked into a computer system in the office of Defense Secretary Robert Gates in June. The attack forced officials to take down the network for more than a week, the report said.

2007.08.27 - Industry News - Premier Wen Declares Opposition to Hacker Activity

Wed, 29 Aug 2007 10:45:35 -0400
China.org.cn
27 Aug 2007
Chinese Premier Wen Jiabao told visiting German Chancellor Angela Merkel on Monday that China firmly opposed hackers and promised full cooperation with Germany on the prevention and tracking of any hacker activity.

Wen's comments came in response to a reporter's question concerning reported Chinese hackers who attacked the computer networks of the German government.

2007.08.22 - Industry News - America's Hackable Backbone

Thu, 23 Aug 2007 13:33:51 -0400
Andy Greenberg,
Forbes.com
22 Aug 2007
The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant's owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM's Internet Security Systems, found otherwise.

2007.08.20 - Industry News - FBI launches cybersecurity project

Tue, 21 Aug 2007 16:55:26 -0400
Wilson P. Dizard III
GCN.com
20 Aug 2007
The FBI has chosen the National Center for Supercomputing Applications at the University of Illinois at Urbana-Champaign to host a new law enforcement cybersecurity research center.

The bureau said it would provide $3 million to support the first two years’ operation of the National Center for Digital Intrusion Response. The new center represents an expansion of the FBI’s existing work with the university, which also receives funds from other federal agencies to carry out cybersecurity research and development.

2007.08.15 - Industry News - LAX outage is blamed on a single computer

Thu, 16 Aug 2007 10:26:00 -0400
Tami Abdollah
LAtimes.com
15 Aug 2007
City officials demand a full report on the U.S. Customs system failure and contingency plans.
U.S. Customs officials said Tuesday that they had traced the source of last weekend's system outage that left 17,000 international passengers stranded in airplanes to a malfunctioning network interface card on a single desktop computer in the Tom Bradley International Terminal at LAX.

2007.08.14 - Industry News - FERC proposes to approve three new NERC reliability standards

Thu, 16 Aug 2007 10:23:44 -0400
platts.com,
14 Aug 2007
The US Federal Energy Regulatory Commission is proposing to approve three new reliability standards developed by the North American Electric Reliability Corp.

2007.08.14 - Industry News - Chemical industry making security inroads

Tue, 14 Aug 2007 12:10:19 -0400
ISA,
14 Aug 2007
Since 9/11, the chemical industry has voluntarily upgraded their security posture, spending more than $3 billion to protect hazardous chemicals from attack and theft by terrorists.

2007.08.14 - Company News - Industrial Defender Awarded Patent for Cyber Risk Mitigation Technology

Tue, 14 Aug 2007 09:56:08 -0400
Press Release,
Industrial Defender, Inc. ,
14 Aug 2007
MANSFIELD, Mass., August 14, 2007 - Industrial Defender, Inc., the global Cyber Risk Protection(TM) leader previously known as Verano, Inc., won recognition by the U.S. Patent and Trademark Office for its Industrial Defender risk mitigation technology suite on July 17, with U.S. Patent No. 7,246,156. The newly patented platform mitigates increased cyber security threats, protects critical infrastructures and meets regulatory compliance for organizations in the power, energy, transportation, water and chemical industries.

2007.08.13 - Industry News - Anti-terror system is up to five years late

Thu, 16 Aug 2007 10:40:41 -0400
Tony Collins,
ComputerWeekly.com,
13 Aug 2007
A mission-critical IT project to replace hard copy intelligence on threats to UK security with a secure network that links government offices in the UK and overseas is due for completion in 2009 - five years later than originally planned.

2007.08.13 - Industry News - Black hat IPS reverse engineering poses 'serious threat'

Tue, 14 Aug 2007 09:52:04 -0400
vnunet.com,
Robert Jaques,
13 Aug 2007
A recently disclosed Black Hat hacker technique for reverse engineering intrusion prevention system (IPS) data poses a 'serious risk' for thousands of enterprises, Gartner has warned.

2007.08.12 - Incidents - Computer glitch holds up 20,000 at LAX

Mon, 13 Aug 2007 13:12:10 -0400
LA Times,
Karen Kaplan, Rong-Gong Lin II and Ari B. Bloomekatz,
12 Aug 2007
More than 20,000 international passengers were stranded for hours at Los Angeles International Airport on Saturday, waiting on airplanes and in packed customs halls while a malfunctioning computer system prevented U.S. officials from processing the travelers' entry into the country.

2007.08.10 - Industry News - Knowledge is greatest threat to critical infrastructure

Fri, 10 Aug 2007 14:36:07 -0400
Liam Tung,, ZDNet.com, 10 Aug 2007
The major concern is security of Supervisory Control and Data Acquisition (SCADA) systems -- the central nervous system for sensors, alarms and switches that provide automated control and monitoring functions for utilities such as water, gas and electricity, as well as large manufacturers.

2007.08.09 - Industry News - Focus Will Shift To Chemical Security

Fri, 10 Aug 2007 11:52:54 -0400
Government Security, 09 Aug 2007
House Democrats are looking to reopen the chemical security debate this fall, adding facilities that were exempted from regulations that became law last year, reports Congressional Quarterly.

2007.08.06 - Industry News - $10 hack can unlock nearly any office door

Wed, 8 Aug 2007 10:24:41 -0400
Erik Larkin, ComputerWorld.com, 06 Aug 2007
(PC World) Cut a couple of wires, insert a small, easy-to-make device between them, and you can walk right through all those supposedly card-protected locked office doors.

2007.08.04 - Industry News - Flaw Shown in Infrastructure Software

Mon, 6 Aug 2007 09:18:48 -0400
Jordan Robertson, Forbes.com, 04 Aug 2007
LAS VEGAS - Terrorists and other criminals could exploit a newly discovered software flaw to hijack massive computer systems used to control critical infrastructure like oil refineries, power plants and factories, a researcher said Saturday.

2007.08.03 - Industry News - Border Computers Vulnerable to Attack

Wed, 8 Aug 2007 10:21:14 -0400
Spencer S. Hsu, WashingtonPost.com., 03 Aug 2007
The U.S. government's main border control system is plagued by computer security weaknesses, increasing the risk of computer attacks, data thefts, and manipulation of millions of identity records including passport, visa and Social Security numbers and the world's largest fingerprint database, officials said.

2007.08.03 - Industry News - Estonian 'Cyber Riot' Was Planned, But Mastermind Still A Mystery

Tue, 7 Aug 2007 11:33:13 -0400
Larry Greenemeier, InformationWeek.com, 03 Aug 2007
Because so much of Estonia's economy relies on the Internet, when the Internet was down, citizens couldn't perform the most basic functions, such buying milk, bread, or gas.

Months after the cyberattacks launched against the Baltic nation of Estonia brought the country to its knees, the dangers of targeted cyberattacks and the consequences of heavy economic reliance on the Web have become clear -- even if the identity of the mastermind behind the attacks remains a mystery.

2007.07.30 - Industry News - Homeland Security warns on US power threat

Thu, 2 Aug 2007 09:57:27 -0400
Andrew Charlesworth, vnunet.com, 30 July 2007
The US Department of Homeland Security (DHS) has set out security requirements for automated control systems, principally in the power industry, to protect installations against physical and cyber-attacks.

2007.07.27 - Industry News - Chemical plants alerted to spurious safety survey

Thu, 2 Aug 2007 10:02:56 -0400
Alex Nussbaum, NorthJersey.com, 30 July 2007
The federal government has warned chemical companies in North Jersey and across the nation about a series of suspicious calls earlier this month at plants in the Midwest. The calls, placed to at least three chemical manufacturers, sought information about safety procedures at the businesses and claimed to be from the Center for Chemical Process Safety, an industry group based in New York.

2007.07.26 - Incidents - Chemical Industry Phishing Alert

Thu, 2 Aug 2007 14:04:07 -0400
Critical Infrastructure Incident, 26 July 2007
A number of chemical industry companies have recently reported that they are receiving calls from a group claiming to represent the American Institute of Engineers (AIChE) or the Center for Chemical Process Safety (CCPS) asking them to participate in a Survey about Process Safety.

2007.07.23 - Industry News - FBI, Secret Service must improve cybercrime training

Thu, 2 Aug 2007 10:08:10 -0400
Jason Miller, FWC.com, 23 July 2007
The FBI, the Homeland Security Department and other federal agencies are underequipped and lack enough properly trained employees to combat cybercrime, according to a recent report by the Government Accountability Office.

2007.07.21 - Industry News - NYC Blast Could Cost Businesses Millions

Thu, 2 Aug 2007 10:10:20 -0400
Pat Milton (AP), WUSA9.com, 21 July 2007
NEW YORK (AP) -- With the cleanup from a deadly steam pipe explosion expected to drag on for days, businesses in the "frozen zone" could lose hundreds of millions of dollars, a business leader said Friday.
The neighborhood just south of Grand Central Terminal is one of the nation's most expensive commercial districts, including offices for Pfizer Inc., real estate firm Newmark Knight Frank and magazine publisher Meredith Corp. The blast killed one person, a woman who worked at Pfizer.

2007.07.20 - Incidents - Virgin America Ticket Sales Thwarted by Cyber Attack

Thu, 2 Aug 2007 13:31:54 -0400
Critical Infrastructure Incident, Del Quentin Wilber Washington Post, 20 July 2007
Virgin America, a new low-cost carrier scheduled to start service in Washington in the coming months, struggled to sell its first tickets yesterday after its Web site was shut down or slowed to a crawl for most of the afternoon by a cyber attack, a company spokesman said.

2007.07.19 - Industry News - Commission proposes adoption of new reliability standards for cyber security in the bulk power system

Thu, 2 Aug 2007 10:19:15 -0400
News Release, FERC.gov, 19 July 2007
The Federal Energy Regulatory Commission today proposed to approve a set of reliability standards to help safeguard the nation’s bulk electric power supply system against potential disruptions from cyber attacks.

2007.07.12 - Industry News - Utility firms sitting on hacking time bomb

Thu, 2 Aug 2007 10:29:07 -0400
Iain Thomson, Vnunet.com, 12 July 2007
Utility companies could be facing a hacking time bomb owing to poor security measures.
As more utilities move control and billing systems online an analyst has warned that hackers are increasingly turning their attention to the possibilities of controlling the systems.

2007.07.10 - Company News - Industrial Defender Launches V3.0 of Risk Mitigation Technology Suite

Thu, 2 Aug 2007 10:37:19 -0400
Press Release, Industrial Defender, Inc. , 10 July 2007
Increased Scalability and Support for Third-Party Firewalls Meet Evolving Needs for Cyber Security Protection
MANSFIELD, Mass., July 10, 2007 - Industrial Defender, Inc., the global Cyber Risk Protection(TM) leader previously known as Verano, Inc., today announced Version 3.0 of its industry-leading risk mitigation technology suite for the real-time process control and SCADA environment. Enhanced features include support for Cisco and Secure Computing firewalls, intrusion detection for power substations and increased product scalability to better address the specific needs of this specialized industrial environment.

2007.07.10 - Industry News - GAO - 07 706R Critical Infrastructure Protection: Sector Plans and Sector Councils Continue to Evolve

Thu, 2 Aug 2007 10:33:52 -0400
United States Government Accountability Office, GAO.gov , 10 July 2007
In 2005, Hurricane Katrina devastated the Gulf Coast, damaging critical infrastructure, such as oil platforms, pipelines, and refineries; water mains; electric power lines; and cellular phone towers. The infrastructure damage and resulting chaos disrupted government and business functions alike, producing cascading effects far beyond the physical location of the storm. In 2004, authorities thwarted a terrorist plot to target financial institutions in New York. In 2005, suicide bombers struck London’s public transportation system, disrupting the city’s transportation and mobile telecommunications infrastructure. Our nation’s critical infrastructures and key resources - including those cyber and physical assets essential to national security, national economic security, and national public health and safety - continue to be vulnerable to a wide variety of threats. Because the private sector owns approximately 85 percent of the nation’s critical infrastructure and key resources - banking and financial institutions, telecommunications networks, and energy production and transmission facilities, among others - it is vital that the public and private sectors form effective partnerships to successfully protect these assets

2007.07.06 - Industry News - High-tech border network could fall prey to cyberattacks

Thu, 2 Aug 2007 10:47:55 -0400
Bob Brewin, GovernmentExecutive.com , 06 July 2007
The Homeland Security Department's planned wireless network of high-tech towers to watch for illegal immigrants crossing the border from Mexico into the United States is vulnerable to cyberattacks that could shut the system down, according to security experts.

2007.07.02 - Industry News - ISA Security Compliance Institute Proposed

Thu, 2 Aug 2007 10:50:34 -0400
News Release, ISA.org , 02 July 2007
Research Triangle Park, NC (2 July 2007) - At a May 2007 meeting with the ISA-sponsored Automation Standards Compliance Institute (ASCI), an ad-hoc group of influential asset owners and suppliers of industrial automation technology and services moved forward with a plan to establish an ISA Security Compliance Institute.