GovernmentExecutive.com

Return to Article: CIA official: North American power company systems hacked

• 43055
  

  So many incorrect statements and assumptions posted here. First, SCADA intrusions are not main computer system intrusions. Second, electric utilities are private-sector businesses and the government does not have jurisdiction or responsibility to provide cyber security to them (nor would you ever want them to).

  The federal government made the determination years ago that most critical infrastructure is owned and operated by the private-sector, and fosters high-level (but hands-off) cooperation between government resources and private-sector critical infrastructure stakeholders. See: infragard net

  The private-sector has a huge lead in developing and deploying security best practices, and is not "unprotected" by a long-shot. The issue with making security legislation and/or providing government mandated security is EXACTLY because "hackers" respond to new security with new techniques, and any government mandate would be out-of-date months before it was deployed. Only private-sector resources can respond to this challenge with the necessary flexibility and urgency. Third, everybody in the industry knows the threats and shares the solutions, in particular, see the Electric Sector Information Sharing and Analysis Center (ES-ISAC): esisac com

  And yes, there is an ISAC for every critical infrastructure sector. If you aren't in the Electric Sector confidential circles and haven't heard about the threats and solutions before, frankly, that's good because publicizing them only accelerates the development and deployment of new threats.

  govguy Posted February 5, 2008 3:24 PM
• 42026
  

  More stirct cyber security measures need to be put in place as soon as possible. Also it should be mandated that cyber secuirity is upddated periodically as hackers continually come up with new means to by pass security features. If a hacker can get into the main computer system of a power plant, what if they hack into military and/or nuclear weapon systems??

  Derrick Posted January 23, 2008 9:00 AM
• 42014
  

  You think this is appalling? Do you think we would be told if a nuke power plant gets hacked or targetted? Is there even a question that these are targets? A step up in security for America's infrastructure is six years overdue...longer when you think about the Federal bldg attack in Oklahoma City in 1995. After that, many agencies stepped up security.

  What is this administration waiting for?

  Don Posted January 23, 2008 7:56 AM
• 41975
  

  The article mentions that plans are being put in place to respond to attacks. All well and good, BUT what is being done to prevent such attacks?

  Sharon Posted January 22, 2008 2:06 PM
• 41950
  

  Wonder what its going to take before Congress decided that we need new laws that really penalize these jerks. Doing lengthy hard time is the only way to stop this nonsense

  dan ketter Posted January 22, 2008 10:03 AM
• 41945
  

  Step up the security, this is long overdue. What can be done without electricity? No trains, no subways, no power source for communication, no refrigeration, no utilities, no banking, no computer, no internet, what's left?

  bobbi Schell Posted January 22, 2008 8:57 AM
• 41937
  

  What is your source that these hacks affected North American power companies? I have only seen one article that suggested locations and they said Central and South America, including Mexico but they cited "intelligence sources" and not the CIA.

  Do you have more specific information?

  Pete Posted January 22, 2008 7:55 AM
• 41920
  

  How can the locations of the outages remain secret, assuming they were in the public domain? The industry needs to know where, when and more about how they occurred.

  Andy Bowen Posted January 21, 2008 2:36 PM