According to Alan Paller, director of research at the SANS Institute, the blackout was confirmed by the CIA senior analyst, Tom Donahue. This was made official at a security conference that took place in New Orleans, which gathered international government officials, engineers, and security managers from North American energy companies and utilities.
Donahue presented Paller a written declaration in which the following facts were put forward: in many regions outside the United States were reported cyber intrusion and extortion demands. The main believe is that the cyberattackers were getting help from inside. The attackers remained unknown but they used internet to get in.
Paller also declared that future attacks are unlikely to occur and similar cases of power outage are not related to this.
Although a comment is expected from CIA, Donahue declared that any remark about making this information public must be done cautiously.
The government made public the information after the appearance of cyberattacks disabling multicity regions. They realized they “should fix” the problem as Paller affirmed.
Trying to discover methods of combating the problem, a name appeared: SCADA which is Supervisory Control And Data Acquisition and the Control Systems Survival Kit. It refers to devices that control critical infrastructure like power generators, traffic signals, and dams.
Howard Schmidt, a former Microsoft executive and government cybersecurity adviser, when watching a private screening of the new documentary The New Face Of Cybercrime, spoke about the weaknesses of SCADA systems and that the private sector controls 85% of the U.S. critical infrastructure.
Paller also talked about the imprudence of people when adding wireless and Windows to SCADA systems without really thinking about security. Quoting two Government Accountability Office reports on SCADA security he added that: “They're gotten radically unsafe”.
