See Full Interview with former CIA Director

…………………………………………………………………………………………………………

Intel boss’ warning on cyber attacks no joke, say experts

By Malia ZimmermanPublished November 23, 2014  FoxNews.com

Top cybersecurity experts echoed a dire warning from a top intelligence chief on the vulnerability of the U.S. power grid, with one telling FoxNews.com that state-sponsored hackers could send America’s nerve centers on an “uncontrollable, downward spiral.”

Admiral Michael Rogers, director of the National Security Agency and commander of the U.S. Cyber Command, told lawmakers Thursday that adversaries of the U.S. conduct regular electronic reconnaissance to reveal weaknesses in America’s industrial control systems, ranging from power plants to sewage facilities. The nation’s entire power infrastructure could prove vulnerable to a crippling assault, should China or any of the other nations who sponsor such efforts find an Achilles’ heel and move to exploit it, he said.

Rogers was not exaggerating, according to experts.

“Unlike the recent headline attacks, which result in significant loss of data, attacking a nation state’s critical infrastructure requires persistence and long term discipline of not being detected. The scale and techniques required to do this exist in the military and intelligence functions of various world governments,” said Ron Gula, CEO of Columbia, Md.,-based Tenable Network Security.

Rogers told members of the House Intelligence Committee China along with “one or two” other countries have the capability to mount devastating cyber-attacks, and merely remaining on the defensive is a “losing strategy.” The possibility of such cyberattacks by U.S. adversaries has been widely known, but never confirmed publicly by the nation’s top cyber official.

Admiral Michael Rogers, who heads the NSA, warned lawmakers that the U.S. must go on the offensive to avoid a crippling cyber-attack.

Brian Ingram, cyber security investigator and owner of Consulting Investigation Services, headquartered in Dallas, called the assessment “dead on accurate.”

“China has, for years, participated in massive electronic probing of networks in the U.S.,” Ingram said. “The ability to conduct these network scans is not new, the sophistication of the newer methodologies is growing exponentially and our defenses, from the little made public or known to those in the industry, has not kept pace.”

There is a “huge risk” that America’s own power utilities could be turned into a weapon used against U.S. citizens and controlled from another land, said Larry Ponemon, chairman and founder of the Ponemon Institute.

“While security has improved substantially, there is no way, none at all, to prevent an attack.”

- Paul Rosenzweig, Heritage Foundation

“We could lose the ability to control our power systems,” said Ponemon, whose organization is based in Traverse City, Mich. “If this happens with a nuclear power facility, the attack could cause a melt down or explosions, cause considerable damage for people at or near the plant, and put it out of commission for many, many months.”

The U.S. and Israel are believed to have mounted just such an attack on Iran’s nuclear weapons program, Ponemon noted, referring to the engineered computer virus known as Stuxnet that was discovered in 2010. The attack, delivered by an infected thumb drive, targeted Iran’s Natanz nuclear facility, and is believed to have shut down some one-fifth of Iran’s nuclear centrifuges. The virus was used to obtain information on the nuclear facility and put pressure on centrifuges, causing them to spin out of control.

Paul Rosenzweig, visiting fellow at the Heritage Foundation, said experts have known for a long time that an even more devastating and costly attack could be mounted on the U.S., where the power grid is a vast complex of public and private infrastructure.

“While security has improved substantially, there is no way, none at all, to prevent an attack,” Rosenzweig said.

The private sector has cooperated with the U.S. government for years to share information and increase the ability to defend itself from cyber attacks, Gula said. However, this is a growing challenge.

“The problem is the attack surface is so large that we are constantly reacting to moves made by our potential adversaries,” Gula says.

Network security is much like airline or automobile safety, Gula explained. Government regulations, technology breakthroughs from industry and development of best practices will minimize the threat to the energy infrastructure, but there is no one entity responsible for this, he said.

“Private industries should be expected to defend themselves from less skilled hackers, corporate espionage and maintain a network compliant with their industry’s regulations. They should also expect to work with the various U.S. government groups to share information and respond to nation-state attacks,” Gula said.

For now, the best protection the U.S. has is its economic ties to China – and the fact that America could answer an attack with one of its own – the strategy known in the Cold War as “mutually assured destruction.”

“What would China gain from turning off Los Angeles and why would China do that in light of its investment in the U.S. and the possibility that the U.S. could reciprocally turning off Beijing?” Rosenzweig asked, before cautioning that America’s vulnerability would become relevant if there was a major conflict with China.

There is a general sense the U.S. faces more of a threat from irrational actors, such as smaller nations and independent terrorist groups, who probably don’t have capabilities now, but could at some point in the future, Rosenzweig said.

If and when committed enemies of the U.S. gain the ability to strike, America’s dependence on its power grid could prove to be a fatal weakness..

“Can you plan anything in the electronic age if you can’t rely on the power grid?” Ingram asked. “Financial exchanges, eCommerce, banking, medical records, postal/mail delivery, trucking, railways…all of them are interconnected in our society and the ability to protect that, to ensure that our way of life is not dependent on a foreign power’s benevolence is vital to have a thriving and prosperous U.S.”

http://www.foxnews.com/world/2014/11/23/intel-boss-warning-on-cyber-attacks-no-joke-say-experts/

…………………………………………………………………………………………………………

 

Experts fear hacking of new smart meters

As California’s utilities roll out millions of “smart meters” in the coming years, they’re creating, for the first time, the possibility that the electricity infrastructure could be hacked through a home, security consultants say.

With San Diego Gas & Electric Co. and Southern California Edison installing 7.3 million smart meters — upgrading their entire customer base — they’re essentially attaching small computers to each house, each equipped with wireless communications back to the utilities.

Utilities say they have been hardening the smart meters since they began development, but security consultants say they are worried: If criminals cracked the system, they could remotely install a virus that could shut down power for millions of customers.

The new smart meters will have a host of capabilities: They will credit homeowners who produce their own electricity via solar cells or wind turbines, be able to wirelessly communicate data to the utility and let utilities turn off the power remotely, among other functions that could be added.

“Were it telemetry only, then the only compromise is privacy,” said Mike Davis, senior security consultant for the security service IOActive. “When you add remote disconnect, then you increase the attractiveness of the meter as a target.”

Davis and his team hacked into smart meters last spring as part of a proof-of-concept they showed off at a Las Vegas security conference last summer.

They reverse engineered meters they bought on eBay and found in trash bins near installation sites. Then they installed a computer virus that would replicate itself across the wireless network and block the utility from each meter as it went.

Representatives from Edison and SDG&E said that the demonstration didn’t change their work at all; that they’ve been working on security since they started development three years ago.

But Davis noted that utilities now require secure recycling of old meters, and eBay won’t allow that sort of gear to be sold on the site any longer. Davis said they have done such a good job keeping the meters out of his hands that he hasn’t hacked the most recent meters because he can’t find one through legal means.

The demonstration may have also driven the federal government to create standards for smart meters in the previously unregulated smart meter arena. The National Institute of Standards and Technology, a branch of the Department of Commerce, released a draft of standards in September.

“Our security complies with the emerging smart grid standards in NIST,” said Paula Campbell, director of the Edison Smart Connect Program.

“There’s unique encryption, all designed with the goal in mind of minimizing the vulnerabilities.”

The encryption would apply primarily to over-the-air communications from the devices. In theory, a criminal could sit in a car up to a mile away from a site and attempt to hack the WiFi signal of the devices.

Baker said that would be pretty hard.

“It’s called security in depth,” Baker said. “The old technology is there’s one key that could open every door in the neighborhood. In the systems employed today, you need a different key for every room in your house.”

Alternatively, a hacker could just try to wire directly into a meter.

All the devices will include a detector that sends an alert to the utility if the meter is shaken, removed or even if the front cover is taken off.

“How you respond to that, isolate that, control that in an organized fashion, it’s part of our overall security program,” said Chris Baker, chief information officer for SDG&E.

Davis, though, said he thinks the utilities are just buying a product, and it’s the manufacturers who are rushing to market.

Itron Inc., the Washington-based supplier of smart meters to both Edison and SDG&E, pooh-poohed Davis’ demonstration this summer.

“We believe our implementation is very secure and cannot be subjected to the kind of attacks shown by IOActive in their demonstration of unsecured equipment,” company spokeswoman Kim Papich said in an e-mailed statement.

In a separate statement, Itron said it hired outside companies to test their systems. Both SDG&E and Edison said they also had contracted with third parties to conduct “penetration tests,” in which security professionals search for holes in the security.

Davis said he is pleased that there is third-party testing, but he is still worried about creating a monoculture of devices. Because all the smart meters installed by SDG&E and Edison will be made by the same company and use the same software, they’re only as strong or as weak as any one unit.

“If the attacker finds the vulnerability in one, the entire network is vulnerable,” he said. “That’s a catastrophic failure.”

http://www.electricityforum.com/news/jan10/Expertsfearhackingofnewsmartmeters.html

…………………………………………………………………………………………………………

440 million new hackable smart grid points

By the end of 2015, the potential security risks to the smart grid will reach 440 million new hackable points. Billions are being spent on smart grid cybersecurity, but it seems like every time you turn around, there is yet another vulnerability exposing how to manipulate smart meters or power-grid data. At the IEEE SmartGridComm2010 conference, Le Xie, Texas A&M University’s assistant professor of electrical and computer engineering, gave examples of how attackers could hack the power grid for fun and profit.

http://blogs.computerworld.com/17120/400_million_new_hackable_smart_grid_points

…………………………………………………………………………………………………………

Hacking water meters is easier than it should be

August 6, 2011 | Dean Takahashi

The smarter water meters become, the easier they’re getting to hack. Like many things in electronics, water meters become easier for hackers to break into and misuse when they are upgraded to include wireless and computer technology.

John McNabb, a security expert who has focused on protecting drinking water, told the audience at the Defcon hacker conference in Las Vegas today that, despite a $40 billion-dollar water economy, it’s still far too easy to hack into water meters used by utilities around the country. He concluded that nation’s 150,000 water utilities have a number of well-known vulnerabilities to cyber attacks and they should fix them on behalf of the 250 million consumers they serve.

“The energy theft when it comes to water theft is billions of dollars a year,” McNabb (pictured) said. “Electric utilites assume they use about 10 percent losses to theft each year. Water could be similar, and it winds up increasing the rates for others.”

Lots of water meters are still mechanical devices. Water companies lose revenue when those meters get old and sediment builds up in them so that they measure lower water usage. Utilities have started to put in wireless water meters that are easier to read and less costly. For instance, some meters broadcast a wireless signal so that a meter reader can simply drive by, detect the signal, and record it electronically. That reduces the cost of reading meters. Here’s McNabb’s white paper on the topic.

Adding computer technology throughout the infrastructure helps bring down costs. It’s easier for utilities to monitor usage on any given day and send bills more frequently. They can also detect water leaks more precisely, based on water usage patterns throughout the population. Water meters with wireless attachements can become sensors for the utility and two-way communications systems. Utilities can also resolve billing disputes better, provide more customer service, enforce water conservation, and identify illegal water connections.

Smart water meters are the new thing. The smart water meter market is expected to total $4.2 billion between 2010 and 2016, according to market researcher Pike Research. And Pike predicts that the worldwide installed base of smart water meters will increase from 5.2 million in 2009 to 31.8 million by 2016. The market researcher defines a smart meter as a component of a smart grid, with two-way communications between the meter and the water utility that allows the utility to get readings on an hourly (or more frequently) basis and issue commands to the meter. California in particular is racing ahead in deployment, and 25 manufacturers are making the smart meters now.

“It’s like an electronic cash register for the utility,” McNabb said. “But it could also be a tool for Big Brother,” a reference to the totalitarian figurehead of George Orwell’s novel, 1984.

The problem with the wireless water meters is that they are vulnerable because of the wireless medium they use. Communications are not encrypted (largely due to higher costs) and so they are easily intercepted, faked or even jammed. The sensors are unattended and hang on the meter, outside the house, and so they are easily tampered with. The cyber attacks against them can be active, where commands are issued to them, or passive, where the data is taken.

If people want to reduce their water bills, they could hack the sensors. They could also increase the bill paid by a neighbor they don’t like, or evade restrictions on the amount of water used. And since the usage of water indicates the presence or absence of the homeowner, the hacked water meters can be used for surveillance purposes.

Last year, Greek hacker Thanassis Giannetsos demonstrated how it was possible to introduce a worm to the smart electrical grid (similar to water grids) on a simulated network. Ioactive, a security penetration testing firm, also did something similar. But McNabb said that the concern about Big Brother is also a big one. He said that the water department’s staff could learn what time of day you take a shower, when you are at home, and when you’re on vacation.

“Are we being paranoid?” McNabb asked. “It’s already established that law enforcement is using electricity use and thermal imaging,” where the heat generated by indoor marijuana-growing farms has been measured.

McNabb also noted that the Hydrosense device created by researchers at the University of Washington in Seattle can be attached to water faucets to determine the usage coming out of a particular fixture in the home.

McNabb said his research showed that vendors don’t use frequency hopping spread spectrum (FHSS), which could stop eavesdropping on wireless signals, or encryption with their smart meters. One utility used a default password system which used a generic password on its web site (where users would log in and view their water usage) that was easily hacked. Transceivers for sending commands to the water meters can be purchased on eBay.

But some manufacturers are starting to build 128-bit encryption and spread spectrum security into their meters. McNabb, who was an elected water commission and managed a small water system for 13 years, described the vulnerabilities in some detail, including how to inexpensively “sniff” the wireless water meter readings, and has described them in a white paper. He said he will put it online in the near future.

Sniffing wireless water meters should’t be too difficult, he said, but there are some technical hurdles. Most U.S. meters broadcast in the 900 megahertz band of the wireless spectrum. That is the same frequency as cell phones, and there aren’t any off-the-shelf devices to sniff packets from them. Also, most of them scramble the signal by using spread spectrum, which sends out part of the message on one frequency, the next part on another, and so forth. However, other researchers have shown how to unscramble the spread spectrum code, so McNabb plans to build a device to sniff the 900 megahertz spread spectrum signals to show how it can be done and why it needs to be more secure.

http://venturebeat.com/2011/08/06/hacking-water-meters-is-easier-than-it-should-be/

…………………………………………………………………………………………………………

Four Ways to Hack the Smart Grid

by Preston Gralla    September 01, 2009 – Full Article

…………………………………………………………………………………………………………

Hacking the Smart Grid

One researcher shows how your house’s power could be shut down remotely, but the threat is only theoretical–for now. www.technologyreview.com/energy/24977/?mod=related

…………………………………………………………………………………………………………

How to Hack the Power Grid for Fun and Profit

by Kevin Bullis – Technology Review – October 07, 2010: - http://www.technologyreview.com/energy/26472/?mod=related

…………………………………………………………………………………………………………

Meters for the Smart Grid

Researchers say new energy infrastructure isn’t nearly secure enough.

by Erica Naone    September/October 2009

http://www.technologyreview.com/computing/23179/?a=f

…………………………………………………………………………………………………………

Smart cities the world over ripe for hacking, expert says

Posted on April 22, 2015 by  smartmeterharm.org

“The current attack surface for cities is huge and wide open to attack”

“This is a real and immediate danger.”

“It’s a matter of time until someone launches an attack over some city infrastructure or system.”

http://smartmeterharm.org/2015/04/22/smart-cities-the-world-over-ripe-for-hacking-expert-says/

 

This isn’t just about turning off electricity, etc. as catastrophic as that could be. Powerful wireless transmitters (Smart Meters) are on every house and can be wirelessly reprogrammed. Wireless antennas and cell towers are throughout most towns and cities, with emission capabilities above what’s normally used.

If this type of system is hacked and the radiation level turned up, the effects could be lethal. Smart city becomes dead city. How long before that happens? Do you live near a cell tower?

From Canberra Times, April 23, 2015

So-called smart cities, with wireless sensors controlling everything from traffic lights to water management, may be vulnerable to cyberattacks, according to a computer security expert.

Last year, Cesar Cerrudo, an Argentine security researcher and chief
technology officer at IOActive Labs, demonstrated how 200,000 traffic
control sensors installed in major hubs like Washington, New York, Melbourne and Lyon were vulnerable to attack.
<http://blog.ioactive.com/2014/04/hacking-us-and-uk-australia-france-etc.htm
l> Mr. Cerrudo showed how information coming from these sensors could be intercepted from 1500 feet away — or even by drone — because one company had failed to encrypt its traffic.

Just last Saturday, Mr. Cerrudo tested the same traffic sensors in San
Francisco and found that, one year later, they were still not encrypted.

Mr. Cerrudo said he was increasingly uncovering similar problems in other products and systems incorporated into smart cities. He has discovered simple software bugs, poorly installed encryption or even no encryption at all in these systems. And he has found that many are wide open to a fairly common attack, known as a distributed denial of service, or DDoS, in which hackers overwhelm a network with requests until it collapses under the load.

Mr. Cerrudo has found ways to make red or green traffic lights stay red or green, tweak electronic speed limit signs, or mess with ramp meters to send cars onto the freeway all at once.

Security researchers say that the opportunities for a maliciously minded hacker or government abound. Last year, security researchers at the Black Hat Europe conference in Amsterdam demonstrated how to black out parts of cites simply by manipulating smart meters and exploiting encryption problems in power line communication technology.

Increasingly, cities are automating systems and services. Saudi Arabia, for example, is investing $90 million to build four new smart cities. In South Africa, a $12.3 billion smart city project is already underway. By 2020, the market for smart cities is predicted to reach $US1 trillion, according to Frost & Sullivan, a consulting firm.

“The current attack surface for cities is huge and wide open to attack,” Mr. Cerrudo writes in a report he plans to present this week in San Francisco at the annual RSA Conference on security. “This is a real and immediate danger.”

The threat is not just hypothetical. Last year, security companies
discovered a hacking group, known both as Dragonfly and Energetic Bear, that was actively targeting power networks across the United States and Europe.

Last year, the US Department of Homeland Security acknowledged in a report that “a sophisticated threat actor” had broken into the control system network at a public utility, simply by guessing a password on an internet-connected system.

And in 2012, Chinese military hackers successfully breached the Canadian arm of Telvent. The company, now owned by Schneider Electric, produces software that allows oil and gas pipeline companies and power grid operators to gain access to valves, switches and security systems remotely. It also keeps detailed blueprints on more than half the oil and gas pipelines in North America.

In 2013, the energy industry became the most-targeted sector for hackers in the United States, accounting for 56 per cent of the 257 attacks reported to the Department of Homeland Security that year.

Some scientists are trying to redesign the smart grid to make it less
vulnerable. Currently, the smart grid is centralised, controlled by the energy suppliers, which makes utility companies a juicy target for hackers.

But this year, Science Daily reported that Benjamin Schäfer, a physicist from the Max Planck Institute for Dynamics and Self-Organization; his colleagues Marc Timme and Dirk Witthaut; and a master’s student, Moritz Matthiae, developed a model that showed, in theory, that smart meters could be monitored directly at customer sites, and decentralised in such a way that would make them much less vulnerable to attack.

For now, their research only works in principle. So Mr. Cerrudo said
municipal leaders had to start thinking of their cities as vast attack
surfaces that require security protection just as a corporate network might.

He encourages municipalities to adopt basic security measures like
encryption, passwords and other authentication schemes and an easy mechanism for patching security holes.

He suggests that cities create their own computer emergency response teams, or CERTs, to address security incidents, coordinate responses and share threat information with other cities.

He also suggests that cities restrict access to their data; track and
monitor those who do have access; and run so-called penetration tests, in which hackers try to break into cities so that municipalities can learn where they are most exposed.

Finally, he suggests that cities prepare for the worst, as they would for a natural disaster.

When we see that the data that feeds smart city systems is blindly trusted and can be easily manipulated — that the systems can be easily hacked and there are security problems everywhere — that is when smart cities become dumb cities,” Mr. Cerrudo said.

Also, see:
http://motherboard.vice.com/read/all-the-ways-to-hack-a-smart-city
The New York Times
http://www.canberratimes.com.au/it-pro/security-it/smart-cities-the-world-over-ripe-for-hacking-expert-says-20150422-1mr8m1.html

…………………………………………………………………………………………………………

Smart Meters – A 21st Century Technology, a 21st Century Threat:

Invasion of the Privacy and Security Snatchers 

http://www.friendswoodrw.org/documents/SmartMetersReport.pdf

…………………………………………………………………………………………………………

 

The U.S. government thinks China could take down the power grid

By Jamie Crawford, National Security Producer

Updated 6:19 PM ET, Fri November 21, 2014

China and “probably one or two other” countries have the capacity to shut down the nation’s power grid and other critical infrastructure through a cyber attack, the head of the National Security Agency told a Congressional panel Thursday.

Admiral Michael Rogers, who also serves the dual role as head of U.S. Cyber Command, said the United States has detected malware from China and elsewhere on U.S. computers systems that affect the daily lives of every American.

“It enables you to shut down very segmented, very tailored parts of our infrastructure that forestall the ability to provide that service to us as citizens,” Rogers said in testimony before the House Intelligence Committee.

Rogers said such attacks are part of the “coming trends” he sees based on “reconnaissance” currently taking place that nation-states, or other actors may use to exploit vulnerabilities in U.S. cyber systems.

A recent report by Mandiant, a cyber-security firm, found that hackers working on behalf of the Chinese government were able to penetrate American public utility systems that service everything from power generation, to the movement of water and fuel across the country.

“We see them attempting to steal information on how our systems are configured, the very schematics of most of our control systems, down to engineering level of detail so they can look at where are the vulnerabilities, how are they constructed, how could I get in and defeat them,” Rogers said. “We’re seeing multiple nation-states invest in those kinds of capabilities.”

Admiral Rogers declined to identify who the other countries, beside China, because of the classified nature of their identities. Russia is generally regarded as also having an aggressive cyber program.

In addition to nation-state actors, Admiral Rogers noted the increasing presence of “surrogate” criminal actors in cyberspace that serve to obscure the hidden hand of criminal activity done on behalf of formal nation-states.

“That’s a troubling development for us,” Rogers said.

Rep. Mike Rogers, R-Michigan, the retiring chairman of the committee, called the groups “cyber hit men for hire” for nation-state actors in cyberspace.

The testimony also comes in the wake of a report from the Pew Internet and American Life Project that cited a prediction by technology experts that a catastrophic cyber-attack that causes significant losses in life and financial damage would occur by 2025.

Related: Catastrophic cyber attack looms

Admiral Rogers told the committee he did not disagree with the assessment.

In addition to the threats from specific nation-states, Admiral Rogers said there are already groups within the U.S. cyber architecture who seek to cause major damage to corporate and other critical sectors of the American economy.

“It is only a matter of the when, not the if, that we are going to see something traumatic.” he said.

http://www.cnn.com/2014/11/20/politics/nsa-china-power-grid/index.html?hpt=hp_c2

 

…………………………………………………………………………………………………………

 

72% of U.S. Financial Services and Energy Firms Say They Expect a Cyber Attack in the Next 12 Months

ThreatTrack Security report addresses two industries on the cyber war frontlines

Clearwater, Fla. – May 7, 2014 – ThreatTrack Security today published a study that looks at the security vulnerabilities of two industries most often targeted by cybercrime; energy and financial services. 72% of respondents from these industries are confident that their organization will be the target of an Advanced Persistent Threat (APT), targeted malware attack or other sophisticated cybercrime or cyber-espionage tactic in the next 12 months, with 38% saying an attack is either a “certainty” or “highly likely.”

Read the executive summary report here: http://www.threattracksecurity.com/resources/energy-companies-financial-services-survey-report.aspx

Both the energy and financial services sectors are under constant pressure from attackers due to the high-value assets they hold, which represents a significant risk to the U.S. economy and critical physical infrastructure. According to the U.S. Department of Homeland Security, the highest percentage (more than half) of incidents reported to its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) occurred in the energy industry. Similarly, in January of this year, the Financial Industry Regulatory Authority (FINRA) released a letterwarning of increasing frequency and sophistication of attacks against financial services firms.

An independent blind survey of 200 IT security managers or IT security administrators in energy and financial services organizations (100 in each) was conducted by Opinion Matters on behalf of ThreatTrack Security in April 2014. There are a wide range of threat actors and attack vectors targeting these two industries, and ThreatTrack Security’s report investigates the challenges these organizations face in defending themselves, and what they plan to do to increase security.

Among the key findings of the survey:

  • 34% of respondents say their endpoints have been infected in the last 12 months by malware that evaded detection by traditional signature-based defenses such as antivirus, email security or firewalls.
  • 70% of respondents from companies with security budgets between $500,000 and $1 million had been infected at least once.
  • 61% of energy firms say email is the biggest threat vector for malware, while 42% of financial services firms say it is the web (closely followed by 39% who indicate email as well)
  • Only 3% of respondents say mobile is the biggest threat vector they are facing, indicating that many energy and financial services firms may be overlooking a growing source of malware delivery.
  • The biggest perceived threat to energy firms is hacktivists and the number one threat to financial services companies is organized cybercrime syndicates.
  • 12% of energy firms fear attacks from foreign governments.
  • Less than 10% of energy firms or financial services companies fear the insider threat.
  • 38% of respondents say it is either a “certainty” or “highly likely” that their organization will be the target of an APT or targeted malware attack in the next 12 months. Another 35% say it is “somewhat likely.” This means 72% of these organizations expect an attack in the near future.
  • A higher percentage of energy firms (44%) say an attack is “a certainty” or “highly likely” than their financial services counterparts (31%).
  • Half of all organizations (50%) surveyed say they plan to train existing IT staff on new technologies and cybersecurity strategies. 35% will implement new policies such as limiting network access privileges and educating employees. 34% will invest in advanced malware detection technology.

“Given the importance and value of the data that energy and financial services firms have access to, it is no surprise that they are being targeted aggressively by hackers,” said Julian Waits, Sr., president and CEO of ThreatTrack Security. “The question is, what can these organizations do to better stabilize their cyber defenses, in both their own self-interest, and to protect critical U.S. infrastructure? It’s good to see these firms are planning to train their IT teams on the latest cybersecurity technologies and strategies, and that they are going to invest in advanced malware detection. The time to act is now, or the next big data breach could be one that doesn’t just affect our wallets.”

Full survey results are available upon request.

About ThreatTrack Security Inc.
ThreatTrack Security specializes in helping organizations identify and stop Advanced Persistent Threats (APTs), targeted attacks and other sophisticated malware designed to evade the traditional cyber-defenses deployed by enterprises and government agencies around the world. The company develops advanced cybersecurity solutions that Expose, Analyze and Eliminate the latest malicious threats, including its ThreatSecure advanced threat detection and remediation platform, ThreatAnalyzer malware behavioral analysis sandbox, ThreatIQ real-time threat intelligence service, and VIPRE business antivirus endpoint protection. Learn more at www.ThreatTrackSecurity.com.

http://www.threattracksecurity.com/press-release/72-of-us-financial-services-and-energy-firms-say-they-expect-a-cyber-attack-in-the-next-12-months.aspx

 

…………………………………………………………………………………………………………

pbs_rise

Rise of the Hackers ( PBS Documentary )

http://www.pbs.org/wgbh/nova/tech/rise-of-the-hackers.html

PBS Program Description

Our lives are going digital. We shop, bank, and even date online. Computers hold our treasured photographs, private emails, and all of our personal information. This data is precious—and cybercriminals want it. Now, NOVA goes behind the scenes of the fast-paced world of cryptography to meet the scientists battling to keep our data safe. They are experts in extreme physics, math, and a new field called “ultra-paranoid computing,” all working to forge unbreakable codes and build ultra-fast computers. From the sleuths who decoded the world’s most advanced cyber weapon to scientists who believe they can store a password in your unconscious brain, NOVA investigates how a new global geek squad is harnessing cutting-edge science—all to stay one step ahead of the hackers.

In addition, the security of the internet itself is questioned by many.  A recent article on “Internet Trolls” may be of interest to those with concerns about the safety of the data which is used for the Smart Grid.

Film speaks about how this relates to the Smart Grid ( 51:00 )

 

Internet Trolls May be Trained Government Agents According to Leaked Document

Sep 25, 2014

http://drleonardcoldwell.com/2014/09/25/internet-trolls-may-be-trained-government-agents-according-to-leaked-document/

Source: http://healthimpactnews.com/2014/internet-trolls-may-be-trained-government-agents-according-to-leaked-document/

 

…………………………………………………………………………………………………………

Why the U.S. Grid Is Still Vulnerable to Cyberattack

by Sharon Chand, Steve Livingston, David Nowak

The Wall Street Journal – June 09, 2015:
http://deloitte.wsj.com/riskandcompliance/2015/06/10/why-u-s-grid-still-vulnerable-to-cyber-attack/
( On December 10, 2014, the Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) released a troubling update about an ongoing, sophisticated malware campaign that had compromised “numerous” industrial control system environments inside utilities and companies in other sectors. Several organizations working with ICS-CERT identified the malware, known as BlackEnergy, on a variety of human-machine interface (HMI) products connected to the Internet.

Electric utilities use HMIs to help monitor and operate the grid; they also act as a user interface to the industrial control systems that generate, transmit and distribute electricity.

ICS-CERT’s analysis of the malware campaign suggests the actors behind it targeted organizations running specific HMI products vulnerable to cyberattack and executed the campaign to discover and compromise unpatched systems. While ICS-CERT had not identified any attempts to damage, modify, or otherwise disrupt the compromised systems at the time it released its update, the team noted intruders could potentially expand their access beyond the compromised HMIs into the underlying control systems. For utilities running vulnerable HMIs, this means attackers could conceivably gain access to the bulk electric system (BES) that runs the grid.

The BlackEnergy malware campaign underscores the complexity and sophistication of many of the cyber threats facing the grid. It also illustrates a major point of entry for attackers—specifically, security flaws in device software….

Factors like digitization, lax controls and flawed devices have made attacking the grid from thousands of miles away exponentially easier for both well-organized, well-financed nation states and for individual hackers that use crude, pre-built crimeware tools to execute their attacks. With just a few keystrokes and invisible bits of code planted on substation devices, attackers could remotely unleash malware that destroys equipment, causes widespread outages, creates unsafe facility conditions, and ultimately threatens public safety and results in substantial economic costs. Shrouded by the relative anonymity of the Internet, attackers may skirt law enforcement agencies’ efforts to find and prosecute them….

addressing threats to the grid requires a combination of activities and initiatives, including executive engagement, information sharing, advanced monitoring, an industrywide commitment to device security, and perhaps above all, a risk-oriented, multifaceted program focused on being secure, vigilant and resilient.)

 

••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••••

With more and more electronics added to the “Smart Grid” this seems to create more issues such as a Solar Storm or EMP

 

130 Million Without Electricity For YEARS Following Solar Storm

http://www.offthegridnews.com/2014/12/18/fema-warns-130-million-without-electricity-for-years-following-solar-storm/

 

140 MILLION INTO DARKNESS

http://www.wnd.com/2015/01/terror-weapon-attack-plunges-140-million-into-darkness/

 

https://www.minds.com/blog/view/290559404523130880/watch-this-electromagneti

 

…………………………………………………………………………………………………………

 

Terror Attack on U.S. Power Grid? | “For The Record”

Published on Apr 3, 2014

https://www.youtube.com/watch?v=hq0Q0qyMR7g

https://www.facebook.com/theblaze/videos/1004123276291679/

 

 

…………………………………………………………………………………………………………

 

 

What is an Emp : For the Record – The Blaze

Published on Oct 23, 2013

 

 

…………………………………………………………………………………………………………

 

Fmr. CIA Dir. Jim Woolsey warns of existential EMP threat to America

Published on Jul 31, 2013

 

…………………………………………………………………………………………………………

 

CBS 60 Minutes : Hacking your Phone

Sharyn Alfonsi reports on how cellphones and mobile phone networks are vulnerable to hacking

Published on April 17, 2016

http://www.cbsnews.com/news/60-minutes-hacking-your-phone/

https://www.youtube.com/watch?v=1DnSt2TOyeg

 

…………………………………………………………………………………………………………

 

Smart Meter Companies Sue Local Activist and City to Block Disclosure of Security Audits

May 26, 2016 at 10:30 am

http://www.thestranger.com/slog/2016/05/26/24129091/smart-meter-companies-sue-local-activist-and-city-to-block-disclosure-of-security-audits

http://www.theregister.co.uk/2016/05/25/seattle_suehawks/?mt=1464278477065