U.S. Infrastructure Vulnerable to Attack

After the Ukrainian power grid attack last month when Russian actors allegedly knocked out electricity to tens of thousands of people, Marty Edwards, director of the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said the direct connection of the industrial control systems (ICS) handling the country's critical infrastructure networks to the internet has led to an uptick in penetrations during the past year.

Edwards did not disclose whether or not the successful attacks that took place in the U.S. resulted in any damage or outages but did say that industrial control systems “are just hanging right off the tubes.”

Much of the critical infrastructure that keeps the country humming--water-treatment facilities, refineries, pipelines, dams, the electrical grid--is operated using a hodgepodge of technologies known as industrial control systems. But many of the control systems in the industrial world were installed years ago with few or no cyber-security features

The Department of Homeland Security's Computer Emergency Readiness Team (known as US-CERT) encourages industry to report cyber accidents and intrusions, but there are few legal requirements for private companies to do so.

Source: Popular Mechanics