If your power went out and everything stayed down, could you envision chaos and rioting? We’ve heard chaos and cyber mayhem tossed about frequently in the last couple weeks, so it may come as no surprise that Pike Research reported [PDF], “Utility cybersecurity is in a state of near chaos.” While Pike estimated $14 billion will be pumped into the smart grid from now through 2018, with 63% of that for control system security, a “$60 piece of software can bypass an entire defense-in-depth implementation.”
If ‘security is bolted on‘ to the aging elements of the smart grid, securing these legacy systems would require “a substantial backward looking research project,” reported Pike Research [PDF]. “Sophisticated attackers will look for holes in between secure components.”
Security-by-obscurity is not going to cut it. Homeland Security warned that with all the hacking conferences and common pen testing software, the industrial control systems that are connected directly to the Internet could be easily located and hackvists could point, click and destroy. DHS was not talking about hackers with mad skills either, instead it could be “accessed with minimal skills in order to trespass, carry out nefarious activities, or conduct reconnaissance activities to be used in future operations.”
via Computerworld, continued here.