Infrastructure left vulnerable in cyberwar era

Quote: “‘We believe (Stuxnet) is going to mark a major shift in international conflict,’ [Ralph] Langner told The [Toronto] Star at a Thomson Reuters global security seminar in London last week.

“‘If you want to get hold of cyber-weapons to attack critical infrastructure, what you really need is buying power; funding. A couple million dollars. That’s it….’

“Langner said the risks related to his specialty: control systems, what he calls ‘the small grey box with no keyboard and no screen, which you find everywhere nowadays — to control elevators, heating, air conditioning, or, in the case of Stuxnet, the gas centrifuges in Iran.’

“Such systems are everywhere for the precise reason that companies can control them at a distance electronically. The same logic extends to infrastructure like power plants and pipelines. Fewer bodies to open and close valves mean fewer salaries and greater profits. Yet many of those same systems, Langner warns, are governed by ludicrously vulnerable computers, often with fewer security protections than the average laptop.”

Source — “The New Cyber Arms Race,” by Mitch Potter, Toronto Star, June 19, 2011.