Critical Infrastructure Protection:

Challenges and Efforts to Secure Control Systems

GAO-04-628T: Published: Mar 30, 2004. Publicly Released: Mar 30, 2004.

Additional Materials:

Contact:

Robert F. Dacey
(202) 512-3317
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Computerized control systems perform vital functions across many of our nation's critical infrastructures. For example, in natural gas distribution, they can monitor and control the pressure and flow of gas through pipelines. In October 1997, the President's Commission on Critical Infrastructure Protection emphasized the increasing vulnerability of control systems to cyber attacks. At the request of the House Committee on Government Reform, Subcommittee on Technology, Information Policy, Intergovernmental Relations and the Census, this testimony will discuss GAO's March 2004 report on potential cyber vulnerabilities, focusing on (1) significant cybersecurity risks associated with control systems (2) potential and reported cyber attacks against these systems (3) key challenges to securing control systems, and (4) efforts to strengthen the cybersecurity of control systems.

In addition to general cyber threats, which have been steadily increasing, several factors have contributed to the escalation of the risks of cyber attacks against control systems. These include the adoption of standardized technologies with known vulnerabilities and the increased connectivity of control systems to other systems. Control systems can be vulnerable to a variety of attacks, examples of which have already occurred. Successful attacks on control systems could have devastating consequences, such as endangering public health and safety. Securing control systems poses significant challenges, including limited specialized security technologies and lack of economic justification. The government, academia, and private industry have initiated efforts to strengthen the cybersecurity of control systems. The President's National Strategy to Secure Cyberspace establishes a role for DHS to coordinate with these entities to improve the cybersecurity of control systems. While some coordination is occurring, DHS's coordination of these efforts could accelerate the development and implementation of more secure systems. Without effective coordination of these efforts, there is a risk of delaying the development and implementation of more secure systems to manage our critical infrastructures.

Apr 2, 2014

Jan 28, 2014

Jan 8, 2014

Sep 26, 2013

Feb 20, 2013

Feb 1, 2013

Sep 27, 2012

Sep 18, 2012

Jul 17, 2012

Jun 28, 2012

Looking for more? Browse all our products here