U.S. Defense Secretary Warns of a Possible 'Cyber-Pearl Harbor'

SpzToid writes "U.S. Secretary of Defense Leon E. Panetta has warned that the country is 'facing the possibility of a "cyber-Pearl Harbor" and [is] increasingly vulnerable to foreign computer hackers who could dismantle the nation's power grid, transportation system, financial networks and government.' Countries such as Iran, China, and Russia are claimed to be motivated to conduct such attacks (though in at least Iran's case, it could be retaliation). Perhaps this is old news around here, even though Panetta is requesting new legislation from Congress. I think the following message from Richard Bejtlich is more wise and current: 'We would be much better served if we accepted that prevention eventually fails, so we need detection, response, and containment for the incidents that will occur.' Times do changes, even in the technology sector. Currently Congress is preoccupied with the failure of U.S. security threats in Benghazi, while maybe Leon isn't getting the press his recent message deserves?"

translation

Haliburton now has a kompootar division that needs money.

you mean they could have spent less money spying..

[davydagger]

You mean, the US could spent less money on fearmongering, sting operations to trick poor and socially outcast citizens into conducting fake terrorist attacks for TV. Far flung surviallence systems, which don't work.

Instead of this crazy cloak and dagger shit, they could have invested in systems that were secure by default, and well coded that would resist cyber assault. In fact with the money spent, I'm sure they could simply paid many many many programers to do nothing but check and re-double check code, fuzz, and re-fuzz a bunch of apps until cyber breakins were not feasaible.

I am sure they could have done the same with all routers, and in the case of a massive foriegn DDoS, simply firewalled it.

Re:And just how easy can this be ....

[Samantha+Wright]

Given that the general public won't even know the difference between a genuine attack and just turning off the power grid? Pretty damn easily! (But, of course, for extra convincingness points, they can always use the years of detailed forensic work done by security analysts on viruses like Stuxnet to fabricate the fingerprint of their attacking nation of choice.)

Why Is the Power Grid on the Internet?

[edibobb]

If control to the nation's power grid is accessible over the internet, then we have problems far more serious than hackers. It's almost like the head of Homeland Security doesn't even know how to use email.

Re:Is that so? :p

[K.+S.+Kyosuke]

I vote to call it Perl Harbor. You know, hackers and stuff...

Re:Really?!

[ByteSlicer]

Why not leave them on an intranet

No! Never connect critical computer systems to an intranet (assuming you mean a general purpose internal network).
It's just too easy for a worm infection to create a bridge with the internet, or some person connecting his laptop to his phone to read slashdot and thereby creating a bridge.
These systems should be on their own network, and all communication should be encrypted using public-private key pairs (secure tunnels, so systems can only communicate with other systems when they're allowed to). Managing the keys/tunnels would be a hassle (making sure an authorized human is in the loop), but good security always has its costs.

Re:What a shocking declaration!

[BeanThere]

I've been reading these overblown scare stories with regularity since I've been reading /. ... it just means it's budget allocation time again for the 'cybersecurity divisions' and these types of reports are just a way of trying to justify oversized budgets for ever-larger 'departments' to push paper around while pretending to protect you from something.