Weaknesses in Industrial Cyber Security Described
The vulnerabilities of critical energy infrastructure installations to potential cyber attack are normally treated as restricted information and are exempt from public disclosure. But a recent Department of Energy report was able to openly catalog and describe the typical vulnerabilities of energy infrastructure facilities because it did not reveal the particular locations where they were discovered.
“Although information found in individual… vulnerability assessment reports is protected from disclosure, the security of the nation’s energy infrastructure as a whole can be improved by sharing information on common security problems,” the DOE report (pdf) said. “For this reason, vulnerability information was collected, analyzed, and organized to allow the most prevalent issues to be identified and mitigated by those responsible for individual systems without disclosing the identity of the associated… product.”
The specific vulnerabilities that were found are no big surprise — open ports, unsecure coding practices, and poor patch management. But by describing the issues in some detail, the new report may help to demystify the cyber security problem and to provide a common vocabulary for publicly addressing it. See “NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses,” Idaho National Laboratory, May 2010.
The decline of the coal industry in the late 20th century led to the dismantling of the economic engine of American coal communities. The AI boom of the 21st century can reinvigorate these areas if harnessed appropriately.
The good news is that even when the mercury climbs, heat illness, injury, and death are preventable. The bad news is that over the past five months, the Trump administration has dismantled essential preventative capabilities.
As the former U.S. Chief Data Scientist, I know first-hand how valuable and vulnerable our nation’s federal data assets are. Like many things in life, we’ve been taking our data for granted and will miss it terribly when it’s gone.
The Federation of American Scientists supports H.Res. 446, which would recognize July 3rd through July 10th as “National Extreme Heat Awareness Week”.