Navy Adm. Michael S. Rogers recently told a House panel that a range of cyber threats could potentially lead to a catastrophic failure if not properly addressed.
Rogers, the commander of U.S. Cyber Command, director of the National Security Agency and chief of the Central Security Service, was testifying before members of the House Permanent Select Committee on Intelligence on advanced cyber security threats facing the United States.
“There should be [no] doubt in anybody’s mind that the cyber challenges we’re talking about are not theoretical,” said Rogers, who was subsequently quoted on the Department of Defense (DoD) website.
Image Credit: US Department of Defense (DoD)
“This is something real that is impacting our nation and those of our allies and friends every day. We have observed intrusions into industrial control systems.”
According to Rogers, industry control systems and supervisory control and data acquisition systems (aka SCADA) are “big growth areas of vulnerability and action that we’re going to see in the coming 12 months.” In fact, says Rogers, potential SCADA vulnerabilities are among the things that concern him the most.
“Once you’re into the system … it enables you to do things like, if I want to tell power turbines to go offline and stop generating power, you can do that,” he continued. “If I want to segment the transmission system so you couldn’t distribute the power coming out of power stations, this would enable you to do that.”
In response to Rogers’ above-mentioned statement, Dr. Stephen Bryen and Rebecca Abrahams of Ziklag Systems penned a Huffington Post op-ed that recommends the design of a new, secure SCADA controller for critical U.S. infrastructure. “A U.S.-only secure SCADA should replace SCADA devices everywhere in the critical infrastructure,” Bryen and Abrahams wrote. ”The US government should sponsor a crash R&D program.”
Michael Mehlberg, Senior Director of Business Development for Government Solutions at the Cryptography Research division of Rambus expressed similar sentiments.
“Rogers’ recent testimony highlights the urgent need for more secure SCADA systems operating in various facilities and installations across the United States,” said Mehlberg. “Hijacking or disrupting a vulnerable SCADA system linked to the grid could potentially leave millions of people without power, water, heating or air conditioning for an extended period of time. To avoid such potentially dangerous scenarios, new SCADA systems should include strong hardware-based security – integrated at the very beginning of the design process.”
It should be noted that a number of cyber-related incidents recently targeted the White House, State Department, U.S. Postal Service and the National Oceanic and Atmospheric Administration. According to the US DoD, the Defense Department, U.S. Sentencing Commission and U.S. Treasury have also experienced cyber intrusions. In addition, sophisticated malware has been found on industrial control systems used to operate critical U.S. infrastructure.