{ "id": "RL31534", "type": "CRS Report", "typeId": "REPORTS", "number": "RL31534", "active": false, "source": "EveryCRSReport.com, University of North Texas Libraries Government Documents Department", "versions": [ { "source": "EveryCRSReport.com", "id": 101839, "date": "2004-01-20", "retrieved": "2016-04-08T14:29:15.905963", "title": "Critical Infrastructure: Control Systems and the Terrorist Threat", "summary": "Much of the U.S. critical infrastructure is potentially vulnerable to cyber-attack. Industrial\ncontrol\ncomputer systems involved in this infrastructure are specific points of vulnerability, as cyber-security\nfor these systems has not been previously perceived as a high priority. Industry sectors potentially\naffected by a cyber-attack on process control systems include the electrical, telephone, water,\nchemical, and energy sectors.\n The federal government has issued warnings regarding increases in terrorist interest in the\ncyber-security of industrial control systems, citing international terrorist organization interest in\ncritical infrastructure and increases in cyber-attacks on critical infrastructure computer systems. The\npotential consequences of a successful cyber-attack on critical infrastructure industrial control\nsystems range from a temporary loss of service to catastrophic infrastructure failure affecting\nmultiple states for an extended duration. \n The National Strategy for Securing Cyberspace , released in February 2003,\n contains a number\nof suggestions regarding security measures for control systems. A focus on the further integration\nof public/private partnerships and information sharing is described, along with suggestions that\nstandards for securing control systems be developed and implemented. \n The Homeland Security Act of 2002 ( P.L. 107-296 ) transferred and integrated several federal\nentities that play a role in cyber-security of control systems into the Department of Homeland\nSecurity. These entities include the Critical Infrastructure Assurance Office, the National\nInfrastructure Protection Center, the National Infrastructure Simulation and Analysis Center, and\nparts of the Department of Energy's Office of Energy Assurance. Additionally, the Homeland\nSecurity Act of 2002 created a new class of information, critical infrastructure information, which\ncan be withheld from the public by the federal government.\n Efforts in increasing the cyber-security of control systems occur both at federal government\nfacilities and, in critical infrastructure sectors, through industry groups. The Department of Energy\nNational Laboratories, the Department of Defense, and the National Institute of Standards and\nTechnology all have programs to assess and ameliorate the cyber-vulnerabilities of control systems. \nIndustry-based research into standards, best practices, and control system encryption is ongoing in\nthe natural gas and electricity sector.\n Possible policy options for congressional consideration include further development of uniform\nstandards for infrastructure cyber-protection; growth in research into security methods for industrial\ncontrol systems; assessing the effectiveness of the new exemptions to the Freedom of Information\nAct; and the integration of previous offices in the new Department of Homeland Security. \n This report will be updated as events warrant.", "type": "CRS Report", "typeId": "REPORTS", "active": false, "formats": [ { "format": "HTML", "encoding": "utf-8", "url": "http://www.crs.gov/Reports/RL31534", "sha1": "e5a05adc6a62169fd4c7db61577fc3b9da942ef3", "filename": "files/20040120_RL31534_e5a05adc6a62169fd4c7db61577fc3b9da942ef3.html", "images": null }, { "format": "PDF", "encoding": null, "url": "http://www.crs.gov/Reports/pdf/RL31534", "sha1": "e4b23c65ecd074cb74f0299647ac0949b6c0eafc", "filename": "files/20040120_RL31534_e4b23c65ecd074cb74f0299647ac0949b6c0eafc.pdf", "images": null } ], "topics": [] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metacrs5038/", "id": "RL31534 2003-07-14", "date": "2003-07-14", "retrieved": "2005-06-11T21:03:44", "title": "Critical Infrastructure: Control Systems and the Terrorist Threat", "summary": "This report addresses the cyber-vulnerability of critical infrastructure industries which regularly use industrial control systems. Industrial control systems may be vulnerable to infiltration by different routes, including wireless transmission, direct access to control system computers, exploitation of dial-up modems used for maintenance, or through the Internet. This report will specifically discuss the potential for access to industrial control systems through the Internet.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20030714_RL31534_fca7b03da484cadb697054a97b615fa0652eb35f.pdf" }, { "format": "HTML", "filename": "files/20030714_RL31534_fca7b03da484cadb697054a97b615fa0652eb35f.html" } ], "topics": [ { "source": "LIV", "id": "Infrastructure", "name": "Infrastructure" }, { "source": "LIV", "id": "Terrorism", "name": "Terrorism" }, { "source": "LIV", "id": "Information storage and retrieval systems", "name": "Information storage and retrieval systems" }, { "source": "LIV", "id": "Criminal justice", "name": "Criminal justice" }, { "source": "LIV", "id": "Technology", "name": "Technology" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metacrs5037/", "id": "RL31534 2003-04-23", "date": "2003-04-23", "retrieved": "2005-06-11T21:03:10", "title": "Critical Infrastructure: Control Systems and the Terrorist Threat", "summary": "This report addresses the cyber-vulnerability of critical infrastructure industries which regularly use industrial control systems. Industrial control systems may be vulnerable to infiltration by different routes, including wireless transmission, direct access to control system computers, exploitation of dial-up modems used for maintenance, or through the Internet. This report will specifically discuss the potential for access to industrial control systems through the Internet.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20030423_RL31534_85a07fac17d0d0ed70d764998a1822f6c0c3188e.pdf" }, { "format": "HTML", "filename": "files/20030423_RL31534_85a07fac17d0d0ed70d764998a1822f6c0c3188e.html" } ], "topics": [ { "source": "LIV", "id": "Infrastructure", "name": "Infrastructure" }, { "source": "LIV", "id": "Terrorism", "name": "Terrorism" }, { "source": "LIV", "id": "Information storage and retrieval systems", "name": "Information storage and retrieval systems" }, { "source": "LIV", "id": "Criminal justice", "name": "Criminal justice" }, { "source": "LIV", "id": "Technology", "name": "Technology" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metacrs5031/", "id": "RL31534 2003-02-21", "date": "2003-02-21", "retrieved": "2005-06-11T21:02:42", "title": "Critical Infrastructure: Control Systems and the Terrorist Threat", "summary": "This report addresses the cyber-vulnerability of critical infrastructure industries which regularly use industrial control systems. Industrial control systems may be vulnerable to infiltration by different routes, including wireless transmission, direct access to control system computers, exploitation of dial-up modems used for maintenance, or through the Internet. This report will specifically discuss the potential for access to industrial control systems through the Internet.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20030221_RL31534_987094e6d03b0b9c9f21b197ec80dd69c173bac1.pdf" }, { "format": "HTML", "filename": "files/20030221_RL31534_987094e6d03b0b9c9f21b197ec80dd69c173bac1.html" } ], "topics": [ { "source": "LIV", "id": "Infrastructure", "name": "Infrastructure" }, { "source": "LIV", "id": "Terrorism", "name": "Terrorism" }, { "source": "LIV", "id": "Information storage and retrieval systems", "name": "Information storage and retrieval systems" }, { "source": "LIV", "id": "Criminal justice", "name": "Criminal justice" }, { "source": "LIV", "id": "Technology", "name": "Technology" } ] }, { "source": "University of North Texas Libraries Government Documents Department", "sourceLink": "https://digital.library.unt.edu/ark:/67531/metacrs3173/", "id": "RL31534 2002-10-01", "date": "2002-10-01", "retrieved": "2005-06-11T21:02:14", "title": "Critical Infrastructure: Control Systems and the Terrorist Threat", "summary": "This report addresses the cyber-vulnerability of critical infrastructure industries which regularly use industrial control systems. Industrial control systems may be vulnerable to infiltration by different routes, including wireless transmission, direct access to control system computers, exploitation of dial-up modems used for maintenance, or through the Internet. This report will specifically discuss the potential for access to industrial control systems through the Internet.", "type": "CRS Report", "typeId": "REPORT", "active": false, "formats": [ { "format": "PDF", "filename": "files/20021001_RL31534_8bcbfe3a02c54e49704d2c93e9c3dc351203f7a8.pdf" }, { "format": "HTML", "filename": "files/20021001_RL31534_8bcbfe3a02c54e49704d2c93e9c3dc351203f7a8.html" } ], "topics": [ { "source": "LIV", "id": "Infrastructure", "name": "Infrastructure" }, { "source": "LIV", "id": "Terrorism", "name": "Terrorism" }, { "source": "LIV", "id": "Information storage and retrieval systems", "name": "Information storage and retrieval systems" }, { "source": "LIV", "id": "Criminal justice", "name": "Criminal justice" }, { "source": "LIV", "id": "Technology", "name": "Technology" } ] } ], "topics": [ "Intelligence and National Security" ] }