The U.S. government's retaliatory capability in response to cyberattacks on critical infrastructure is limited by a dearth of technology.
It is particularly challenging to determine the nature and source of cyberattacks, given that critical infrastructure systems are reliant on tried, trusted, and subsequently obsolete software. "We don't have technology to secure these systems [and] don't even have technology to do cyber forensics or logging at the control layer," says the International Society of Automation's Joe Weiss.
He notes that in the event of an attack on a power grid or water plant, it could take some time to ascertain whether it was intentional or accidental. "You can't hide the lights going off, but you can sure be in a position to not know it was cyber that caused it," Weiss says.
The Pentagon currently lacks a system for quickly determining whether infrastructure is under siege, despite Defense Secretary Leon Panetta's recent claims that the U.S. Department of Defense has made "significant investments in forensics to address ... attribution." Also complicating the issue is the differing roles, duties, and technological capabilities of government agencies, as the Pentagon and the National Security Agency are only supposed to shield military computer and communications networks.
From Technology Review
View Full Article
No entries found