In the second incident to hit Japan's energy industry in a year, a PC with file-sharing software is blamed for leaking sensitive infrastructure data to the Internet from an energy company's facility.
A firm hired to handle the physical security at Chubu Electric Power Co. apparently inadvertently leaked information on the operating procedures and the location of critical areas of a thermal power plant, after a PC with access to the information had a file-sharing program installed, according to an article in the Japan Times.
The incident is the second leak for Japan's energy industry in a year. Last June, a virus-infected computer at a nuclear power plant leaked about 40MB of sensitive documents to the Internet, according to reports.
The U.S. energy industry is not without its share of incidents, either. In 2003, the Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant and disabled a safety monitoring system for nearly five hours. The next year, the United Nations warned governments that cyber attacks on nuclear plants posed a real threat.
Despite such incidents, several industry sectors, including the energy sector, have been slow to adopt cybersecurity plans for their control systems. The DHS has become increasingly concerned over the lack of security of such control networks--amongst which the best known is the supervisory control and data acquisition (SCADA) system--because the lion's share of such control systems are owned by private companies and are increasingly being interconnected to improve efficiency.
Posted by: Robert Lemos