Industrial control systems seen as 'undeniably vulnerable': "In a hearing yesterday on the security of Supervisory Control and Data Acquisition systems, which are used to manage infrastructure such as the electric power grid and oil and gas pipelines, Rep. Adam Putnam (R-Fla.) said the lack of a national strategy to deal with SCADA system security makes the nation "undeniably vulnerable" to cyberterrorism. Putnam is chairman of the House Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census.
"The more I've learned [about the lack of SCADA system security], the more concerned I've become," said Putnam. "I've learned that today's SCADA systems have been designed with little or no attention to computer security. Data are often sent as clear text; protocols for accepting commands are open, with no authentication required; and communications channels are often wireless, leased lines or the Internet." ..
Gerald Freese, director of information security at American Electric Power, said SCADA systems remain "open books" to any terrorist organization that wants to learn how to exploit them. In fact, U.S. energy companies assisted Pakistan in developing that country's SCADA and supporting telecommunications infrastructure. Modeling the Pakistani electric power infrastructure on the U.S., these companies used many of the same technologies and many of the same vendors to do the work, Freese said.
Richard Clarke and Howard Schmidt, the two former chairmen of the President's Critical Infrastructure Protection Board, acknowledged in interviews that raids conducted during the war on terrorism have uncovered evidence that al-Qaeda has been actively studying vulnerabilities in U.S. SCADA systems 11:04:22 PM