/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsMUMBAI, INDIA: The Pacific Northwest National Laboratory (PNNL), a federal contractor to the U.S. Department of Energy (DOE), in conjunction with McAfee, recently revealed the findings from a report entitled “Technology Security Assessment for Capabilities and Applicability in Energy Sector Industrial Control Systems: McAfee Application Control, Change Control, Integrity Control.”
The report examines the current challenges facing critical infrastructure and key resources as well as identifying specific risks and vulnerabilities in the evolving cyber threat landscape, as per a press note. It analyzes the value and effectiveness carefully integrated security solutions necessary to support the national security mission to secure industrial control system environments. In addition, the big challenge for critical infrastructure and energy sector owners and operators, as identified by the report, is how to effectively secure their control systems within their governance and technical domains in an active and capable advanced persistent threat environment.
“When early critical infrastructure systems were created, neither security nor misuse of the interconnected network was considered, said Philip A. Craig Jr, Senior Cyber Security Research Scientist, a researcher within the National Security Directorate at the Pacific Northwest National Laboratory. “Today, we are still focused on enhancing the security of control systems. Outdated security methods that use a maze of disparate, multi-vendor, and stacked security tools will only delay a cyber attack, providing numerous opportunities for a more advanced and modern cyber adversary to attack cyber security postures throughout critical infrastructure.”The report also examines how emerging vulnerabilities of control systems continue to accelerate. Today’s cyber attack has evolved into a sophisticated and carefully designed digital-weapon tasked for a specific intent, such as the Stuxnet and Duqu virus.
“Infrastructures that control systems affecting our everyday lives, such as smart grids, are rising in adoption yet still lack the proper security needed to prevent sophisticated cyber attacks, “said Dr. Phyllis Scheck, Vice President and Chief Technology Officer, Global Public Sector, McAfee. “Achieving security by design is essential in securing critical infrastructure. Cybersecurity must be embedded into the systems and networks at the very beginning of the design process so that it becomes an integral part of the systems functioning.”
In addition to control systems, the report also examines the impact of new technologies impacting the Energy sector. As information and communication technology advances and becomes integrated into power system operations and planning functions, smart grids are created, which yield greater visibility into the state of the system and advancements in control to enhance system efficiencies. Despite the significant benefits of the dynamic nature of the power grid, it was not designed with cyber security in mind.