traffic information | weather | web feeds| mobile
Silicon Valley
Part of the Bay Area News Group
  • Site
  • Web Search by YAHOO!
Home
News
Venture Capital
Personal Tech
The Valley
Hot Topics
Phones/Mobile
Social Networks
Green Energy
Security
Companies
Apple
Google
Facebook
Cisco Systems
Intel
Hewlett-Packard
Oracle
Yahoo
eBay
Gilead Sciences
Adobe Systems
Intuit
Netflix
Electronic Arts
Tesla Motors
Twitter
Zynga
SunPower
Solyndra
Kleiner Perkins
People
Steve Jobs
Larry Ellison
Eric Schmidt
Mark Zuckerberg
Carol Bartz
John Doerr
John Chambers
Paul Otellini
Vinod Khosla
Mark Andreessen
Ron Conway
Biz Stone
Elon Musk
Larry Page
Sergey Brin
Ann Livermore
Marissa Mayer
Sheryl Sandberg
T.J. Rodgers
Mark Hurd
columnists
gmsv
Special Reports
Venture Capital Survey
Salary Survey
Silicon Valley 150
Services
RSS Feeds
Mobile Edition
Widgets
Contact Us
Jobs
Advertising
Archives
Go to MercuryNews.com
Silicon Valley 150
Markets
Stocks
Mutual Funds & ETF's
Sectors
Tools
Overview
Market News
Market Videos
Currencies
International
Treasury & Bonds
Search InvestCenter
Recent Quotes
View Full List
My Watchlist
Create Watchlist
Indicators
Dow Jones Industrial Average
NASDAQ Composite
Standard & Poors 500
NYSE COMPOSITE INDX
Gold
Crude Oil
Pacific Northwest National Laboratory Report Reveals Dramatic Increase in Cyber Threats and Sabotage on Critical Infrastructure and Key Resources
By: McAfee, Inc. via Business Wire News Releases
Posted on June 18, 2012 at 00:01 AM EDT

The Pacific Northwest National Laboratory (PNNL), a federal contractor to the U.S. Department of Energy (DOE), in conjunction with McAfee, today revealed the findings from a report entitled “Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems: McAfee Application Control, Change Control, Integrity Control.”

For the first time, the report fully examines the current challenges facing critical infrastructure and key resources as well as identifying specific risks and vulnerabilities in the evolving cyber threat landscape. It analyzes the value and effectiveness of carefully integrated security solutions necessary to support the national security mission to secure industrial control system environments. In addition, the big challenge for critical infrastructure and energy sector owners and operators, as identified by the report, is how to effectively secure their control systems within their governance and technical domains in an active and capable advanced persistent threat environment.

“When early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered,” said Philip A. Craig Jr, Senior Cyber Security Research Scientist, a researcher within the National Security Directorate at the Pacific Northwest National Laboratory. “Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure.”

In the report, PNNL and the DOE have identified the following vulnerabilities to control systems environments:

  • Increased Exposure: Communication networks linking smart grid devices and systems will create many more access points to these devices, resulting in an increased exposure to potential attacks.
  • Interconnectivity: Communication networks will be more interconnected, further exposing the system to possible failures and attacks.
  • Complexity: The electric system will become significantly more complex as more subsystems are linked together.
  • Common Computing Technologies: Smart grid systems will increasingly use common, commercially available computing technologies and will be subject to their weaknesses.
  • Increased Automation: Communication networks will generate, gather, and use data in new and innovative ways as smart grid technologies will automate many functions. Improper use of this data presents new risks to national security and our economy.

The report also examines how emerging vulnerabilities of control systems continue to accelerate. Today’s cyber attack has evolved into a sophisticated and carefully designed digital-weapon tasked for a specific intent, such as the Stuxnet and Duqu virus.

“Infrastructures that control systems affecting our everyday lives, such as smart grids, are rising in adoption yet still lack the proper security needed to prevent sophisticated cyber attacks,” said Dr. Phyllis Scheck, Vice President and Chief Technology Officer, Global Public Sector, McAfee. “Achieving security by design is essential in securing critical infrastructure. Cybersecurity must be embedded into the systems and networks at the very beginning of the design process so that it becomes an integral part of the systems functioning.”

In addition to control systems, the report also examines the impact of new technologies impacting the energy sector. As information and communication technology advances and becomes integrated into power system operations and planning functions, smart grids are created, which yield greater visibility into the state of the system and advancements in control to enhance system efficiencies. Despite the significant benefits of the dynamic nature of the power grid, it was not designed with cyber security in mind.

The report cites the following solutions in an effort to prevent vulnerability and mitigate attacks to control systems:

  • Dynamic Whitelisting – Provides the ability to deny unauthorized applications and code on servers, corporate desktops, and fixed-function devices.
  • Memory Protection – Unauthorized execution is denied and vulnerabilities are blocked and reported.
  • File Integrity Monitoring – Any file change, addition, deletion, renaming, attribute changes, ACL modification, and owner modification is reported. This includes network shares.
  • Write Protection – Writing to hard disks are only authorized to the operating system, application configuration, and log files. All others are denied.
  • Read Protection – Read are only authorized for specified files, directories, volumes and scripts. All others are denied

The Department of Energy’s key objective to secure the critical infrastructure and key resources includes our nation’s electric generation, transmission, distribution resources, as well as key oil and natural gas assets. The Pacific Northwest National Laboratory seeks to continue to improve the value of security technologies as they are implemented in these critical infrastructure and key resources areas.

For a copy of the report, visit http://www.mcafee.com/us/resources/reports/rp-energy-sector-industrial-control.pdf.

About Pacific Northwest National Laboratory

Interdisciplinary teams at Pacific Northwest National Laboratory address many of America's most pressing issues in energy, the environment and national security through advances in basic and applied science. PNNL employs 4,700 staff, has an annual budget of nearly $1.1 billion, and has been managed for the U.S. Department of Energy by Ohio-based Battelle since the laboratory's inception in 1965. For more, visit the PNNL's News Center, or follow PNNL on Facebook, LinkedIn and Twitter.

About McAfee, Inc.

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe. http://www.mcafee.com

NOTE: McAfee is a registered trademark or trademark of McAfee or its subsidiaries in the United States and other countries. Other marks may be claimed as the property of others.

Photos/Multimedia Gallery Available: http://www.businesswire.com/cgi-bin/mmg.cgi?eid=50313229&lang=en
Contacts:

McAfee, Inc.
Sal Viveros, (+44) 7921-089-506
sal_viveros@mcafee.com
or
Fleishman-Hillard
Taylor Helfer, 202-828-8818
taylor.helfer@fleishman.com
Related Stocks:
Intel
Stock Market XML and JSON Data API provided by FinancialContent Services, Inc.
Nasdaq quotes delayed at least 15 minutes, all others at least 20 minutes.
Markets are closed on certain holidays. Stock Market Holiday List
By accessing this page, you agree to the following
Privacy Policy and Terms and Conditions.
Press Release Service provided by PRConnect.
Stock quotes supplied by Telekurs USA
Postage Rates Bots go here
  • Terms of Use & Privacy Statement
  • Copyright ©
  • About our Ads
  • Find San Jose jobs
  • About MediaNews Group
  • RSS
  • About Bay Area News Group
  • Site Map

Media News Group