Critical Infrastructure: Control Systems and the Terrorist Threat [Updated October 1, 2002] [open pdf - 66KB]
"Much of the U. S. critical infrastructure is potentially vulnerable to cyber-attack. Industrial control computer systems involved in this infrastructure are specific points of vulnerability, as cyber-security for these systems has not been perceived as a high priority. Industries potentially affected by a cyber-attack on industrial control systems include the electrical, telephone, water, chemical and energy sectors. The federal government has issued a warning regarding an increase in terrorist interest in the cyber-security of industrial control systems, citing both interest by international terrorist organizations in critical infrastructure and increases in cyberattack on critical infrastructure computer systems. The potential consequences of a successful cyber-attack on critical infrastructure industrial control systems could be high, ranging from a temporary loss of service to catastrophic infrastructure failure affecting multiple states for an extended duration. A draft version of The National Strategy for Securing Cyberspace has been released. Contained within are a number of suggestions regarding security measures for control systems. A focus on the further integration of public/private partnerships and information sharing is described, along with suggestions that Department of Energy standards for securing control systems be implemented. Possible policy options for congressional consideration include further development of uniform standards for infrastructure cyber-protection, growth in research into encryption methods for industrial control systems, enhancing information sharing between industry and government representatives, potentially through expanded exemptions to the Freedom of Information Act, and mandating assessments by industry to determine and reduce cyber-vulnerabilities."
CRS Report for Congress, RL31534
Open CRS: http://www.opencrs.com/