It's now possible for a kid with a laptop to take down the electrical grid, say CIA officials. On Friday, intelligence officials told a cybersecurity conference in New Orleans that evil hackers could cut cities (or even nations) off from water supplies and electricity. Apparently, this has already happened in one country that the CIA wouldn't name. Is this a real threat, or just the CIA's bid to get more government money to fight fictional cyberterrorists? The experts weigh in.
In recent months, security researchers have emphasized long-standing security vulnerabilities in the Supervisory Control and Data Acquisition (SCADA) systems that control U.S. critical infrastructure systems ranging from power plants to dams to public transit . . . But [BT Counterpane CTO Bruce] Schneier suggests that security researchers shouldn't assume that SCADA was the weak link in the power system attacks revealed Friday. If, as the CIA suggests, the penetration involved "inside knowledge" of the system, it may have been performed by an employee with administrative access. "How much of this is a computer vulnerability, how much is a human vulnerability?" he asks. "I wouldn't jump to any conclusions."
In other words, this isn't some new hacker magic. It could just be scammers calling up power companies, pretending to be legit operators, and tricking the companies into giving up passwords or other details. You know, good old fashioned social engineering.
Hackers Cut Cities' Power [Forbes]