U.S. Feds target control systems hackers

July 13, 2005
The Department of Homeland Security will invest millions to protect the power grid and other infrastructure against hacker attacks.

THE U.S. DEPARTMENT of Homeland Security will spend $11.7 million on research to secure the computer-aided control systems that operate the nation’s critical infrastructure. The new funds announced in June 2005 will help continue studies in cyber security that started last year at the U.S. Department of Energy’s Idaho National Laboratory (INL).

“We’re at the point where industry is beginning to recognize the potential threats of unsecured control systems and they are more willing to work with government agencies to improve the security of the nation’s critical infrastructure,” said Julio Rodriguez, department manager for critical infrastructure assurance at INL.

The computers that control infrastructure have become increasingly vulnerable to hacker attack. Standard software, ubiquitous Internet connections, and more available information have combined to make bringing down the power grid, flooding a sewer system, or opening a dam relatively easy (see Hacking the Grid).

Still, some security experts are nonplused by the potential threat. “There’s not a Windows box with a big button that says, ‘Open the dam,’” said Marc Maiffret, chief hacking officer at eEye Digital Security. “But there is a Windows box that says, ‘Hey, we’re having more pressure. We need to release some water through the dam.’ If those notifications aren’t going off, you could have a problem.”

The DHS has already granted $2.5 million to 13 companies through its Homeland Security Advanced Research Projects Agency’s Small Business Innovation Research Grants. Last year, the department spent $10 million on similar research at INL.