, SecurityFocus 2005-10-28
Story continued from Page 2
Fixing the problem will not be easy. SCADA systems are expensive to upgrade or to replace, which results in a large number of legacy systems that can be up to 20 years old, William Rush, a physicist for the Gas Technology Institute said in his written testimony to the subcommitte.
"Because many of these systems were designed before critical infrastructure security was a major concern, they often have significant vulnerabilities to unauthorized electronic operations," Rush said in his testimony. "The question confronting the skilled cyberattacker is less 'Can we enter the system?' and more 'How long will it take us to penetrate it?'"
The American Gas Association (AGA) has sponsored a standard for protecting SCADA systems from attack using encrypted communications. Despite the need for additional work, funding problems and industry resistance has slowed the progress of the AGA standard, Rush said.
Asking companies to make extensive changes is unlikely to get industry support, said William Sanders, a professor of electrical and computer engineering at the University of Illinois at Urbana-Champaign and the director of the Information Trust Institute. Sanders and researchers at three other major U.S. universities received a $7.5 million grant from the National Science Foundation in August to pursue ways of securing the power grid from cyberattack.
Proposed solutions need to allow companies to make small steps to secure their systems today, with more in-depth proposals for the long term, Sanders said.
"If we think too far out, saying that you have to completely redesign the infrastructure of the grid, then it is going to be hard to have those companies come on board," he said. "I think the answer is to look for small changes in the short term to better security and to design in security for the long term."
With all the initiatives and the legislative pressure, the owners of critical infrastructure are starting to take the issue much more seriously, said Verano's Dustin.
"The problem is on people's radar now, where it wasn't before," she said.
