The House Homeland Security Committee yesterday heard testimony regarding the security of the nation’s supervisory control and data acquisition (SCADA) systems — the computer systems used to control such things as water flow through dams, the operation of power plants, and so on. The occassion was a joint hearing between the Subcommittee on Economic Security, Infrastructure Protection, and Cybersecurity and the Subcommittee on Emergency Preparedness, Science, and Technology. The news wasn’t very encouraging (from a related WaPo article):
“It’s four years later and we are no further down the line,” Rep. Bill Pascrell, D-N.J., said while questioning Andy Purdy Jr., acting director of the Homeland Security Department’s National Cyber Security Division. “We’re not prepared. You know it, I know it.”
Joining Purdy before the committee were Larry Todd (U.S. Bureau of Reclamation), Sam Varnado (Sandia National Lab.), K.P. Ananth (Idaho National Lab.), William Rush (Gas Tech. Inst.), and Alan Paller (SANS Inst.) — the written statement of each witness is available here.
Readers may also recall that earlier this year USACM sent a letter to the Nuclear Regulatory Commission (NRC) calling for stronger cybersecurity for U.S. power plants and highlighting the importance of SCADA systems:
Cybersecurity with respect to SCADA systems was also touched on in PITAC’s excellent cybersecurity report released earlier this year.