Critical Infrastructure: Control Systems and the Terrorist Threat [Updated April 23, 2003] [open pdf - 77KB]
"Much of the U.S. critical infrastructure is potentially vulnerable to cyber-attack. Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been perceived as a high priority. Industries potentially affected by a cyber-attack on industrial control systems include the electrical, telephone, water, chemical and energy sectors. The federal government has issued a warning regarding an increase in terrorist interest in the cyber-security of industrial control systems, citing both interest by international terrorist organizations in critical infrastructure and increases in cyberattack on critical infrastructure computer systems. The potential consequences of a successful cyber-attack on critical infrastructure industrial control systems could be high, ranging from a temporary loss of service to catastrophic infrastructure failure affecting multiple states for an extended duration. The National Strategy for Securing Cyberspace was released and contained a number of suggestions regarding security measures for control systems. A focus on the further integration of public/private partnerships and information sharing is described, along with suggestions that standards for securing control systems be developed and implemented. Possible policy options for congressional consideration include further development of uniform standards for infrastructure cyber-protection, growth in research into encryption methods for industrial control systems, assessing the effectiveness of the new exemptions to the Freedom of Information Act and the integration of previous offices in the new Department of Homeland Security."
CRS Report for Congress, RL31534
Open CRS: http://www.opencrs.com/