BBC:间谍渗入美国电网
本帖最后由 yangfuguang 于 2009-4-9 19:35 编辑【原文网址】http://news.bbc.co.uk/2/hi/technology/7990997.stm
【登载媒体】BBC
【原文标题】Spies 'infiltrate US power grid'
间谍渗入美国电网
美国政府承认,美国国家电网易受网络攻击,接下来的报道显示,它(电网)已经被外国间谍侵入。
华尔街日报新闻报道说,中国、俄罗斯的间谍是这些“无孔不入”的破坏的幕后黑手。报道说,软件已经被植入电网,它可以关闭电网。
美国国土安全部部长珍妮特·塔诺说:“这些弱点我们早在几年前就知道了”。
她补充说:“我们承认,在这个网络迅猛发展的世界,这些是不断增加的威胁”。
她拒绝就华尔街的报道——入侵已经发生——发表看法。安全专家说,他们对这个声明不觉得奇怪。
IOActive负责渗透测试的网络安全分析家丹·凯明斯基说:“在安全领域有个共识,用来管理重要基础设施的数据采集与监控系统设备没有和其他工业领域一起进步”。
“桌面和因特网软件在过去十年前就开始处理这类安全问题,但没有进入数据采集与监控系统领域。从地缘政治上来讲,这为怀有敌意者熟练地获得在我们不愿看到他们出现的地方的入场券提供了可能”。
战略考量
华尔街日报报道说,目前为止入侵者还不想毁坏电网或者毁坏其他重要基础设施,但暗示他们会在危机或战争时改变他们的方式。
安全观察家说,如果中国和俄罗斯涉及此事是真的,这就显示他们在从战略上思考如何约束美国或给美国造成更大损失,如果他们不得不这么做。
哈佛大学政府贝尔法中心肯尼迪学院的埃里克·艾申巴赫教授告诉路透社说:“我认为,中国认识到如果在战略意义上,你想要保证你可以毁坏其他国家潜在的弱点或易受攻击点,但以一种非对抗性质的或不会造成国际危机,那么做这个事情是一个非常好的方法”。
世界最大安全组织美国RSA实验室首席安全战略家蒂姆·马瑟说,这次潜在攻击的背后动机无疑是军事或政治上的。
他告诉BBC:“这些国家是很乐意这样做的。这是有战术原因的,而且无疑有个长期的战略设想,如果他们想对美国不利,那无疑是很糟糕的,那时就是用这种方式来做的时机。这就像给中国和俄罗斯一张王牌,以防万一的王牌”。
自上而下的审查
在未来几周,一个对于网络安全的政府审查报告将会送达美国总统奥巴马的办公桌上。
白宫发言人尼克·夏皮罗说:“总统对网络安全事务很重视,这就是为什么他在就职后不久就开展了一个自上而下的检查”。
他补充说,白宫不知道“在美国有预谋的网络活动引起的美国电力中断的事情”。
密西西比州民主党主席本尼·汤普森是众议院国土安全委员会主席,他说,他将提起一项立法以应对这一系统中的弱点。
他说:“我们的电力系统对我们的生活重要,让它易受攻击是我们无法承受的。我们的疏忽显示在现行法律和保证基础设施安全有很大的鸿沟”。
北美安全电力公司是对电网可靠性和安全负责的工业集团,它说不知道由网络攻击引起的电力中断事情。
这个集团在一份声明中说:“自然环境研究委员会和工业领导正在就潜在的网络攻击的预防措施展开工作。要做的将必然是很多的”。
凯明斯基先生告诉BBC:“直到现在,对于数据采集与监控系统造成危害在这一职位上的人谢天谢地相对较少”。
但不管怎么少,这也足以成为一个问题,一个足以关闭电源、对经济造成危害的问题。这个问题在上升”。
【原文】
Spies 'infiltrate US power grid'
The US government has admitted the nation's power grid is vulnerable to cyber attack, following reports it has been infiltrated by foreign spies.
The Wall Street Journal (WSJ) newspaper reported that Chinese and Russian spies were behind this "pervasive" breach.
It said software had been left behind that could shut down the electric grid.
"The vulnerability is something have known about for years," said US Homeland Security Secretary Janet Napolitano.
"We acknowledge that... in this world, in an increasingly cyber world, these are increasing risks," Ms Napolitano added.
She refused to comment on the WSJ story that an intrusion had taken place, but security experts said they were not surprised by the claims.
"There is a pretty strong consensus in the security community that the SCADA equipment, a class of technology that is used to manage critical infrastructure, has not kept pace with the rest of the industry," said Dan Kaminsky, a cyber security analyst and director of penetration testing for IOActive.
"Software for desktops and the internet have been dealing with the issue of security for the last 10 years, and that hasn't really come into the SCADA realm.
"From a geo-political standpoint, this has created an opening for skilled 'hostiles' to obtain a presence in places we would rather they didn't have one."
'Strategic thinking'
The WSJ reported that the intruders had not sought to damage the power grid or any other key infrastructure so far, but suggested they could change their approach in the event of a crisis or war.
Security watchers said that, if true, the involvement of the Chinese and Russians in such a scenario would show they were strategically thinking about how either to constrain the US or to inflict more damage if they felt a need to do so.
"I think that China recognises if in a very strategic sense you want to ensure you have the ability to exploit another country's potential weakness or vulnerability, but do it in a way that isn't confrontational or cause an international crisis, then this is a very good way of doing that," Eric Rosenbach, of Harvard University's Kennedy School of Government's Belfer Center, told Reuters news agency.
The motives behind these potential attacks are undoubtedly military or political in nature, said Tim Mather, chief security strategist for the RSA Conference, the world's biggest security event.
He told the BBC: "These countries are not doing this willy-nilly. There is a tactical reason for all of this and no doubt tied to a longer term strategic plan which is gosh if they need to jerk the chain of the US, then this is the way to do it.
"This is like having an ace in the hole for the Chinese or Russians, just in case," said Mr Mather.
'Top-to-bottom review'
In the coming weeks, a government review of cyber security is due to land on the desk of US President Barack Obama.
"The president takes the issue of cyber security very seriously, which is why he ordered a top-to-bottom review shortly after taking office," said White House spokesman Nick Shapiro.
He added that the White House was not aware of "any disruptions to the power grid caused by deliberate cyber-activity here in the United States".
Mississippi Democratic Representative Bennie Thompson, chairman of the House of Representatives Homeland Security Committee, said he would introduce legislation to address weaknesses in the system.
"Our electric system is critical to our way of life, and we cannot afford to leave it vulnerable to attack. Our oversight indicates there is a significant gap in current regulation to effectively secure the infrastructure," he said.
The North American Electric Reliability Corp, the industry group with responsibility for grid reliability and security, said it was unaware of any cyber-attacks that had led to disruptions of service.
"NERC and industry leaders are taking steps in the right direction to improve preparedness and response to potential cyber threats. There is definitely more to be done," the group said in a statement.
"To date the number of people in the position to cause harm on SCADA has been thankfully relatively small," Mr Kaminsky told the BBC.
"But however small, it is big enough to be a problem and a problem that can potentially turn the lights out and cause economic harm to our country. The game is up," he said. 【原文截图】 嗯嗯,中国威胁论 美国那么强大,还防范不了?就是找接口 贼喊抓贼,都老掉牙了.
反华势力自导自演的闹剧,目的是污蔑中国 美国这么牛B,还对不了吗? 他说中国和俄罗斯是什么意思?
想诬陷我们中国啊? 既然你们美国有世界上最先进的科技, 还怕我们的中国黑客袭击吗?这明显证明了你们美国的谬论不攻自破了。 你美国一TMD出问题,就中国怎么怎么地,you americans suck! haha 看来美国各部门还真时刻提高警惕, 好多刨点经费支出,很有经济头脑
页:
[1]