Cyber attacks mounting fast in U.S.
Cyber security analysts work in the "watch and warning center" during the first tour of the government's secretive cyber defense lab, Sept. 29, 2011, in Idaho Falls, Idaho. / AP
IDAHO FALLS, Idaho - U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government's first media tour of secretive defense labs intended to protect the U.S. power grid, water systems and other vulnerable infrastructure.
Acting DHS Deputy Undersecretary Greg Schaffer told reporters Thursday that the world's utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.
"We are connecting equipment that has never been connected before to these global networks," Schaffer said. Disgruntled employees, hackers and perhaps foreign governments "are knocking on the doors of these systems, and there have been intrusions."
Pentagon extends cyber defense system
Study: U.S. cyber intelligence lacking
Video: Feds seek recruits at hacker convention
According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.
Department officials declined to give details about emergency response team deployments, citing confidentiality agreements with the companies involved. Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.
The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.
Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system. The former guard was sentenced to 110 months in prison in March.
The Homeland Security Department's control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats and a classified "watch and warning center" where data about threats are assessed and shared with other cyber security and intelligence offices.
The offices are located at nondescript office buildings scattered around Idaho Falls. No signs announce their presence.
Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year. He did not describe the group's findings in detail, except to say that they confirmed that it was "very sophisticated."
Edwards said that several years ago he had asked the German company Siemens to study the same kind of industrial controllers used at Natanz for vulnerabilities to attack, because they were so widely used in industry.
But he said the study was not part of any effort to target the controllers with malware, and said his program's work on the controllers could not have helped Stuxnet's designers.
A senior Homeland Security cyber official, who spoke on condition of anonymity because of the sensitivity of the topic, said the Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can't be patched.
Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of Israel, Britain and Germany.
The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.
While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country's offensive cyber weapons capability. The U.S. is thought to be the world's leader in cyber warfare, both defensive and offensive.
U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.
Foreign nations could also target military control systems, including those used for communications, radar and advanced weaponry.
Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.
In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.
A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.
James Lewis, a former State Department official now with the Center for Strategic and International Studies in Washington, said in an interview that the Aurora test ushered in a new era of electronic warfare.
Before the test, he said, the notion of cyber warfare "was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon."
Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.
"All systems deployed have vulnerabilities," Edwards said.
Popular in SciTech
- Amazon proposes a colossal biospherelike Seattle campus
- Weird pirate ant comes with an "eye patch"
- Jennifer Lopez to open Verizon cellphone stores
- The 7 weirdest things made by 3D printing
- Google to add Galapagos Islands to Street View
- Watch: Biggest solar storm of the year Play Video
- Apple's next iPhone may be coming in June
- NASA funds 3D pizza printer
BLITZER: I want to get to some of the substance of domestic and international issues in a minute, but let's just wrap up a little bit of the politics right now.
Why should Democrats, looking at the Democratic nomination process, support you instead of Bill Bradley, a friend of yours, a former colleague in the Senate? What do you have to bring to this that he doesn't necessarily bring to this process?
GORE: Well, I will be offering -- I'll be offering my vision when my campaign begins. And it will be comprehensive and sweeping. And I hope that it will be compelling enough to draw people toward it. I feel that it will be.
But it will emerge from my dialogue with the American people. I've traveled to every part of this country during the last six years. During my service in the United States Congress, I took the initiative in creating the Internet."
Now let the conspiracy theorists run with that football...lol
My clown neocon neighbor says we only tell them what we want them to know. I've been in school with some foreigners and can tell you even the least of them were smarter than he ever thought about being. I apologize to our children. I voted for Ronald Reagan. Their futures have been robbed.
No wonder you are unemployed. News Flash for you, this site doesn't take resumes or job applications (luckily, because I wouldn't hire any of the posters I have read on here).
You seem like a bright but very disturbed individual so I will let your comment go. Actually it is you that represents the lowest level of intelligence on the post so far.
In the photo they look like guys on vacation. What is going on with this Homeland Security? Many appear to look unprofessional and laid back as if some kind of joke.