MIT issued the report, "The Future of the Electric Grid – An Interdisciplinary MIT Study." Chapter 9 is "Data Communications, Cybersecurity, and Information Privacy." According to the report, the U.S. should implement standards to reduce the risk of cyber attacks on the electricity grid and should designate one agency responsible for overseeing grid cybersecurity. I had an opportunity to both read Chapter 9 and discuss the section with the author Jerrold Gorchow.

My blog on the Illinois water hack was directly based on a formal disclosure announcement by the Illinois State Terrorism and Intelligence Center - STIC (Note: My blog did not identify the state involved. That disclosure came from DHS). The STIC disclosure was made on November 10; my blog was on November 17 after numerous water organizations told me they were unaware of the disclosure.

Per the WaterISAC portal, the WaterISAC (Information Sharing and Analysis Center) is a community of water sector professionals who share a common purpose: to protect public health and the environment. The WaterISAC provides email notifications about threats and any incidents demanding immediate attention. Consequently, one of the driving reasons for writing the blog on the Illinois water system hack Thursday was the WaterISAC had not yet notified the water utilities.

Last week, a disclosure was made about a public water district SCADA system hack. There are a number of very important issues in this disclosure:

The industry uses the general term "threat information," but during more detailed discussions, it seems that the information companies seek is more like the traditional military concept of "tactical information."

Read this article and let us know if you agree.

The December issue of IEEE Spectrum had a small lead about the following Open Source attempt to hack the GSM phone system. The full article can be found at http://spectrum.ieee.org/telecom/wireless/open-source-effort-to-hack-gsm/0.

This item appeared on Raw Story this afternoon. 

Walt posted this story on Unfettered this morning. Seems like the Solons over at the Wall Street Journal have finally noticed the electrical grid issue. Good for them. Maybe if this story goes mainstream, more pressure to do something will get applied. On the other hand, I'm beginning to think that at least some of the resistance to more cybersecurity measures is not going to come from reluctant utilities or corporate beancounters.

Oh-oh. 

http://www.huffingtonpost.com/2009/03/07/rod-beckstrom-top-us-cybe_n_172729.html

Two of the worst cyber terrorists in the world were identified today by Addison, Texas-based security firm Credant Technologies.  Their names? Stupidity and Carelessness.

According to a news release, "In the last year , 9000 USB sticks have been forgotten in people’s pockets as they take their clothes to be washed at the local dry cleaners.