By Tom Simonite
|On alert: The Pentagon wants better real-time insights about the computer security threats facing companies that operate power plants and other critical pieces of infrastructure. Here, Department of Homeland Security analysts take part in a 2011 drill that simulated a computer assault on an industrial control network. Courtesy of Jim Urquhart/Reuters
Last week U.S. defense secretary Leon Panetta warned that critical infrastructure such as power grids or chemical plants could be inactivated or destroyed by a cyber attack, and he pledged that the U.S. would "defend the nation in cyberspace" as it does on land and sea, in air and space.
But with the art of cyber detection and defense lagging far behind the sophistication of attacks (see "Hey, Hackers: Defense Is Sexy, Too"), the U.S. and other nations appear largely unprepared to rapidly detect and respond to an attack on critical infrastructure. That would make it difficult to respond with "decisive action" as Panetta promised, or even to know whom to retaliate against.
Working out the nature and source of an attack is particularly challenging for critical infrastructure systems, which are operated by tried, trusted, and consequently outdated software (see "Old-Fashioned Control Systems Make U.S. Power Grids, Water Plants a Hacking Target").
Source: Technology Review