Critical Infrastructure a Concern in Cyber Realm

Today, parts of the US critical infrastructure, such as power grids, pipelines, reservoirs, water systems, and other industrial nodes are more connected to the Internet than ever, said Greg Schaffer, assistant secretary for cyber security and communications at the Department of Homeland Security. If nefarious cyber actors can touch these sites, much like information technology systems, there are real-world consequences that could be grave in some cases, he said at AFA’s CyberFutures Conference last week in National Harbor, Md. The discovery of the “Stuxnet” worm last year, which targeted Iran’s nuclear program, showed definitively that designers can engineer software for a specific purpose vis-a-vis going after industrial controls, Schaffer said. Threats are very evolved and nobody is “too obscure” to face challenges, as those with malicious intent could use any system connected to the network as a node or attack vector to go into another network or against another target, he said. That’s why source attribution continues to be one of the most challenging aspects of defending against these sorts of attacks, he noted in his presentation March 31. (For more from Schaffer at CyberFutures, read How Far the Cyber Threat and Conversation Have Come)