« CA SmartGrid News Update | Main | We Can't Un-Ring a Bell »
Tuesday
Jun222010

Spill as a POC for SCADA Terrorism 

I have written here several times about the security concerns and vulnerabilities of Smart Grids.  As a technology platform for improved efficiency and remote management, they are rapidly gaining acceptance.  Despite the utility companies' claims of security, many respected researchers and other security experts point to a variety of vulnerabilities.  There are also major gaps in planning for governance issues concerning privacy, and consumer rights.  Without active and effective governance the opportunity for misuse and compromise grows sharply.

SCADA systems are indeed connected to the Internet and other data networks.  The consequential vulnerabilites of these process control systems for major utilities and public works, offer a very scary image of potential disasters.

Risk assessments are most often reactive, following the exposure of risks.  They are frequently driven by events that draw widespread attention and the "CNN Moment" has not yet come for compromises of SCADA systems. Additionally risk-assessments won't identity pivotal long-term developments in the threat fabric.  A paradigm shift to offensive, proactive security is vital to effective protection of these systems and the processes and natural resources they control.

Industrial control systems are designed for reliability and safety, not security.  Detective controls (instrumentation) is aimed at failure conditions, but rarely take into account intentional destruction or sabotage.

In the case of spectacular failure of BP's Deepwater Horizon platform, clearly all existing and contemplated countermeasures for uncontrolled release, failed.  This will not go unnoticed by those who would intentionally cause a similar catastrophy.  This event has provided a kind of proof-of-concept for the deliberate and high-impact destruction of both natural and economic resources.  Exactly the type of attack certain terrorist organizations seek. 

As leaders of technology, business and industry, we must begin to view our responsibilities toward responsible practices and management through the lens of potential compromise and misuse.  As with BP, the very survival of our organizations and regional economies depend on it.

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>