mead cohen berger shevtsova garfinkle michta grygiel blankenhorn
US Energy Infrastructure Vulnerable to Cyber Attacks


How insecure is our energy infrastructure? This Wednesday at the Black Hat conference in Las Vegas, security researchers are set to show off an exploit of a newly discovered vulnerability in a wireless sensor widely used in oil, gas and water processing plants:

The new research on wireless sensors found flaws in the way they handle encryption, Lucas Apa and Carlos Mario Penagos of security consulting firm IOActive Inc told Reuters.

They said they could contact some of the sensors with radio transmissions from as far as 40 miles (64 km) away and alter pressure, volume and other readings. If the overall control systems act on those readings without a failsafe, the researchers said, they could permanently disable a pipeline or plant.

The sensors typically cost $1,000 or $2,000 and are deployed in the hundreds or thousands at a single oil, gas or water processor. The researchers said the flaws were found in devices supplied by three of the largest vendors in the field, but declined to identify them.

Cyber warfare is a real. Just because America hasn’t been hit yet doesn’t mean that it can’t or won’t be. Reasonable people can disagree about whether the NSA’s data collection programs adequately protect Americans’ rights, but they are only a part of the picture. Intelligence can give our government some insight on threats just over the horizon; it can also reveal weaknesses in adversaries’ networks. Exploits like Stuxnet, also rumored to have been developed by the NSA, serve to strengthen our offensive capabilities. But defensively hardening our infrastructure is at least as important as the rest of our efforts.

No time like the present to get started!

[Petrochemical plant photo courtesy of Shutterstock.]

Features Icon
show comments
  • Thirdsyphon

    Before I got to the end of the article, I was already thinking that this exploit sounded remarkably similar to Stuxnet, which did a world of damage by subverting a humble (and theretofore little-known) Industrial Control System component manufactured by Siemens.

    I’ve always kind of hoped that the United States was secretly a dozen steps ahead of everyone else in this field, since software is one of our national specialties. . . and for all I know we are. But articles like this still make me nervous.

    • cubanbob

      One would hope but I rather doubt it. If the NSA could be compromised by a Snowden why would anyone assume infrastructure is more secure?

  • Corlyss

    I’m probably wrong to think this, but I’m a lot more worried about the bombing and strafing of cheap energy assets by the moronic Obama and his little green minions than I am about cyber attacks from outsiders equally unfriendly to American prosperity.

    • Thirdsyphon

      You are, indeed, wrong to think that. . . but the sheer amount of wrongness that you were able to compress into that single sentence displays a certain perverse virtuosity that one can fairly describe as being, in some purely technical sense, *right*.

      • Corlyss

        Thanks . . . I think. I strive for economy and vividness of expression even when being wrong.

  • crocodilechuck

    Contrary to the spin of the writer, the USA is the biggest cyberwarfare threat on Earth.

    Set a better example.

    • Corlyss

      Better us than the bad guys. We’re the good guys, remember?

      • crocodilechuck

        Bad guys: that’s YOU

© The American Interest LLC 2005-2016 About Us Masthead Submissions Advertise Customer Service