Gallery

Unsocial networking

Posted on 5 Mar 2008 at 17:30

Davey Winder investigates a Facebook frog with a hidden agenda and reveals how to keep safe when using social networking sites.

How safe is our national power grid?

This isn't the sort of question you typically ask yourself on a daily basis I'll grant, but it's a question in which I found myself taking more than a passing interest after being tipped off about what Tom Donahue said at a conference in New Orleans towards the end of January.

This conference was the SANS SCADA and Process Control Security Summit 2008, where engineers and experts gathered to talk about the security of, among other things, public utility systems. Tom Donahue is an analyst with the Central Intelligence Agency (yes, that CIA) and what he had to say was less an analysis and more of an admission. Donahue revealed - for the first time coming from a security agency official at this level - that internet hackers have been able to penetrate the power grid control systems in several countries and, most importantly, have successfully disrupted the power supply to several cities as a direct result. Donahue didn't give any specifics, but you wouldn't expect him to. However, in a statement posted by the SANS Institute, he did state that the attacks were all outside the US and that the "cyber intrusions into utilities" were "followed by extortion demands", which would at least seem to rule out a terrorist motive. Not that it makes things any better when the CIA man also revealed that in at least one case the disruption "caused a power outage affecting multiple cities" and all "involved intrusions through the internet".

This led me to wonder just how secure the UK national infrastructure is. I think it's apposite to mention that generally speaking we're a lot less "connected" in terms of our national infrastructure control systems than the US and others, as far as direct connection to the internet goes. In addition, a number of government bodies do exist to oversee national critical infrastructure security, including the Centre for the Protection of National Infrastructure (www.cpni.gov.uk), which deals with everything from flooding and other natural disasters through to the threat from hackers.

To get my head around the issues, I asked a man who knows all about security at this level, Paul Brettle, who is technical manager at Stonesoft. He believes that we're not exposed to the same level of risk as the US, not least because "the ageing infrastructure that's present in the UK is often far too old to be vulnerable to anything. Our power generation and delivery network is in desperate need of renewal, our gas systems have only really been national since the 1960s and haven't been renewed since.

"Could a hacker break into the systems for these critical infrastructure services and disrupt them? It is going to be virtually impossible. If someone really wanted to disrupt the UK infrastructure, there are many small-scale things that can be done without resorting to hacking."

Download a year of Davey Winder's Online Security columns by heading to our Free Downloads site