Report says DOD fuel supply chain vulnerable to cyberattack
- By Defense Systems Staff
- Feb 10, 2014
The Defense Department needs to shore up cyber defenses in its energy supply chain in order to protect against a Stuxnet- or Shamoon-style attack, according to a study commissioned by the U.S. Army War College's Strategic Studies Institute.
The report from the study, "Hacks on Gas: Energy, Cybersecurity and U.S. Defense," said the Defense Logistics Agency should focus on securing supervisory control and data acquisition (SCADA) and other industrial controls, just as the Homeland Security Department is doing with energy providers in the private sector, Mark Rockwell writes in FCW.
Concerns over potential vulnerabilities in critical infrastructure have increased as electrical grids and other systems become more IP-connected, and in the wake of several high-profile attacks. Stuxnet, reportedly the result of a joint U.S.-Israeli effort, disrupted uranium processing in Iran in 2010 by manipulating programmable logic controllers in centrifuges. The Shamoon malware infiltrated the network of Saudi Aramco in August 2012 and wiped out hard drives on as many as 30,000 computers.
A large-scale attack on energy production may be unlikely, but DLA would be wise to protect its fuel distribution network, such as its Fuels Automated System, which is IP-connected and runs Windows, according to the report’s author, Christopher Bronk, a fellow in IT policy at Rice University's Baker Institute.
“For the DOD, vulnerability exists in the distribution of fuels, where there are also likely issues of cyberattack and disruption.” He wrote. “Much like other large organizations, the DOD has adopted networked computers for all manner of administrative and logistical activity.”