"On Wednesday, in New Orleans, US Central Intelligence Agency senior analyst Tom Donahue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge."
In evaluating this type of threat, it is important to recognize the likelihood (or requirement) of collusion with insiders. It is critical for security professionals to understand and address this element when developing both preventive and investigative capabilities in a SCADA environment.
Developing controls to mitigate threats involving collusion requires more than the standard perimeter controls (both physical and logical) normally applied to IT systems. This type of threat requires additional processes to make the collusion more difficult and easier to detect and investigate if it does occur. Too often, organizations fail to apply the appropriate, layered controls beyond simple firewalls and other perimeter defenses.
CIA Confirms Cyber Attack Caused Multi-City Power Outage