Volume 10, Number 29 -- August 17, 2010

The Power System Malware Problem, and a 'Perfect' Solution

Published: August 17, 2010

by Alex Woodie

Security products vendor BrickHouse Security issued a warning last week over the malware that foreign computer hackers have placed in critical American industrial components using the Internet. The good news is that the security infiltration has to do with electrical power systems, not the IBM Power Systems servers that run a good chunk of midsize American businesses. The bad news is that bad guys may now have the ability to take everything off line, including your Power Systems servers and the Internet connections that feed them.

The Wall Street Journal sparked concern across the country with an April report about how Russians and Chinese spies hacked into the American electrical grid in an attempt to map it (apparently, they couldn't wait for the July 2010 National Geographic map of the three interconnected national grids). The WSJ reports that American intelligence officials detected Trojan Horses left behind by the spies that could be used to damage the grid and, by connection, network communications.

BrickHouse blogger Stan Shyshkin warns that new "smart grid" technology could make the problem worse. IBM is a big proponent of smart grids, in which sensors are implemented at end points to create a demand feedback loop, thereby lowering power consumption and boosting grid efficiency. "Transforming a largely one-way distribution network like the power grid into a two-way system that sends and receives information from consumers gives the hackers additional entrances into the grid," Shyshkin writes.

The National Security Agency (NSA) has stepped up to the plate and is promising to crack down on the security vulnerability with a new program called Perfect Citizen. Unveiled last month, the new program involves installing sensors at companies and organizations that are involved with running the power grid and other critical infrastructure components.

Perfect Citizen also involves patching the weak links in the grid, such as the end-point sensors in the new smart grids, or "smart meters," which are based on common off-the-shelf components that hackers could easily deconstruct. Defense contractor Raytheon reportedly has the first Perfect Citizen contract. It's hard to imagine how IBM, whose experts and technology are involved with counter-terrorism, is not somehow involved with Perfect Citizen.

The takeaway for Power Systems shops is to realize that threats to security and business continuity today come in many shapes and sizes. Not only must Power Systems shops worry about tornadoes, earthquakes, disgruntled employees, and computer hackers, but now they must consider the ramifications of a greater likelihood of disruptions in access to electricity and network bandwidth. (Malware, ironically, is one of the least of Power Systems shops' concerns.)

Granted, if the Western electrical grid is taken offline by hackers, there will be much greater problems for society than companies being unable to access their IBM i applications. Nuclear power plants would be damaged, financial networks would be taken offline, dams would be opened up, and sewage would back up. Even Facebook and Twitter would be effected.

But as the old saying goes, forewarned is forearmed. Perhaps now is a good time to review your disaster recovery plan, make sure the UPS is functioning properly, and check that there's plenty of diesel for the generator.

                     Post this story to del.icio.us
               Post this story to Digg
    Post this story to Slashdot

Sponsored By

Use all your existing Twinax Terminals, Twinax Printers, and other Twinax devices on new System i i5 Power6 & Power5 systems now, and the Power7 when it ships.

Simply connect the Xip Twinax Controller to Ethernet and your Twinax devices to it, and you will be able to use them to connect to your System i (Power6, power5, iSeries or AS/400) over aany Ethernet connection. With the choice of multiple protocols, you can choose what's best for your environment. You can even run IPDS printers without the need to purchase PSF/400 (save approx. $2,500).

The Xip is also the perfect way to upgrade your remote locations to run in any IP environment as well, even over a DSL or Cable Internet connection. Eliminate the costs of Frame Relay networks and any point-to-point phone lines.

Call us for details on the Xip and a 30-day trial:
1-800-597-2525 Domestic
1-908-855-8100 International


Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

Sponsored Links

SEQUEL Software:  FREE Webinar. Aug 25. Learn how SEQUEL simplifies EnterpriseOne data access.
PowerTech:  FREE Webinar! Top 10 IBM i Security Risks. August 25, 10 a.m. CT
COMMON:  Join us at the Fall 2010 Conference & Expo, Oct. 4 - 6, in San Antonio, Texas


IT Jungle Store Top Book Picks

Easy Steps to Internet Programming for AS/400, iSeries, and System i: List Price, $49.95
The iSeries Express Web Implementer's Guide: List Price, $49.95
The System i RPG & RPG IV Tutorial and Lab Exercises: List Price, $59.95
The System i Pocket RPG & RPG IV Guide: List Price, $69.95
The iSeries Pocket Database Guide: List Price, $59.00
The iSeries Pocket SQL Guide: List Price, $59.00
The iSeries Pocket Query Guide: List Price, $49.00
The iSeries Pocket WebFacing Primer: List Price, $39.00
Migrating to WebSphere Express for iSeries: List Price, $49.00
Getting Started With WebSphere Development Studio Client for iSeries: List Price, $89.00
Getting Started with WebSphere Express for iSeries: List Price, $49.00
Can the AS/400 Survive IBM?: List Price, $49.00
Chip Wars: List Price, $29.95

The Four Hundred
Power 750: Big Bang for Fewer Bucks Compared to Predecessors

Some Details and Thoughts About Impending Power7 Machines

Lotus Focus and Some Hocus Pocus

As I See It: Data Center Campground

IT Spending Projections for 2010 Boosted by Forrester

Four Hundred Guru
Remove Trailing Blanks from Legacy Columns with the IBM OLE DB Providers

How Did I Do That?

Admin Alert: Six Things You May Not Know About i/OS Passwords

Four Hundred Monitor
Four Hundred Monitor's
Full iSeries Events Calendar

System i PTF Guide
August 7, 2010: Volume 12, Number 32

July 31, 2010: Volume 12, Number 31

July 24, 2010: Volume 12, Number 30

July 17, 2010: Volume 12, Number 29

July 10, 2010: Volume 12, Number 28

July 3, 2010: Volume 12, Number 27

TPM at The Register
OpenSolaris axed by Ellison

Hawking's big-bang team harness SGI super power

Nvidia licenses Rambus memory tech

Nvidia takes charges punch as Q2 sales drop

Amazon, Novell to sell full SUSE Linux on EC2

Dell crafts mother of all graphics cards

Cisco optimistic despite 'unusual conservatism' in Q4

Cloud dollars fluff Rackspace's quarter

Rackspace does cloudy Windows servers

Next Solaris prepped for 2011

Oracle outlines Ellisonized Sparc roadmap

VMware packs Zimbra into virtual appliance


New Generation Software
Linoma Software
Twin Data Corporation

Printer Friendly Version

IBM Rounds Out Entry Power7 Server Lineup

IBM Quintuples Performance with the Power 795

Experia Touts SilverDev Tool for IBM i

Raz-Lee Unveils GUI for IBM i Journal Security Tool

RevSoft Delivers Smart Phone Interface for IBM i Monitoring Tool

News Briefs and Product Shorts:

mrc Unveils Software Exchange for m-Power Users . . . IBM i ERP Developer Achieves QA Gains with Original . . . Jack Henry Taps INETCO for Electronic Payment Monitoring . . . SugarCRM Has a Sweet Quarter . . . The Power System Malware Problem, and a 'Perfect' Solution . . .

Four Hundred Stuff


Subscription Information:
You can unsubscribe, change your email address, or sign up for any of IT Jungle's free e-newsletters through our Web site at http://www.itjungle.com/sub/subscribe.html.

Copyright © 1996-2010 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc., 50 Park Terrace East, Suite 8F, New York, NY 10034

Privacy Statement