Critical Infrastructure: Control Systems and the Terrorist Threat [Updated January 20, 2004] [open pdf - 102KB]
"Much of the U.S. critical infrastructure is potentially vulnerable to cyber-attack. Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been previously perceived as a high priority. Industry sectors potentially affected by a cyber-attack on process control systems include the electrical, telephone, water, chemical, and energy sectors. The federal government has issued warnings regarding increases in terrorist interest in the cyber-security of industrial control systems, citing international terrorist organization interest in critical infrastructure and increases in cyber-attacks on critical infrastructure computer systems. The potential consequences of a successful cyber-attack on critical infrastructure industrial control systems range from a temporary loss of service to catastrophic infrastructure failure affecting multiple states for an extended duration. Efforts in increasing the cyber-security of control systems occur both at federal government facilities and, in critical infrastructure sectors, through industry groups. The Department of Energy National Laboratories, the Department of Defense, and the National Institute of Standards and Technology all have programs to assess and ameliorate the cyber-vulnerabilities of control systems. Industry-based research into standards, best practices, and control system encryption is ongoing in the natural gas and electricity sector."
CRS Report for Congress, RL31534