The need to secure the electric grid against cyberattacks has attracted attention at both the corporate and policy level. But no one actually knows what “secure” really means, and making that determination may prove challenging.
Decision-makers at energy companies and on Capitol Hill have been alerted to the danger of a cyber attack on the electric grid. While those concerns may be valid, calls to “secure the grid” assume a level of knowledge of the state of grid security that even experts in the field may not possess, said IBM Energy Security Lead Andy Bochman at the Advanced Energy Conference in New York this week. Keep reading →
Sophisticated worms – automated software that spreads between computer devices – can infect an entire electric grid in a matter of seconds, but there may be effective defenses against them, according to Rob Johnson, assistant professor of computer science at Stony Brook University.
The critical role various computing devices have assumed in the daily functioning of the power grid has dramatically altered the security needs of utilities. While safeguards are already in place to protect against physical threats, like natural disasters, utilities may lack the tools to protect their networks from cyber attacks, such as worms. Keep reading →
Quick Take: A few years back, a friend of mine served on a Department of Homeland Security committee on infrastructure protection. They heard lots about cyber threats. But the thing that worried them the most was the “Seven Bullets Theory.” That’s the idea that a terrorist group could shut down the entire East Coast grid with just seven well-placed bullets at seven different substations.
A miniature version of this scenario took place earlier this week in Silicon Valley. It prompts me to remind utilities not to let the current emphasis on cybersecurity cause them to overlook the very real and important issues around physical security. – Jesse Berst Keep reading →
We’ve all read the cyber-attack and data breach headlines about Stuxnet, Flame, Shamoon, and most recently, Red October. Critical infrastructure cyber attacks were even a focus of the President Obama’s State of the Union Address.
Organizations that operate critical infrastructure – including oil and gas companies, utilities, nuclear facilities, and more – is well aware it’s under attack. The problem right now is that many of these organizations are struggling to figure out how the protect themselves from potentially devastating attacks. Keep reading →
When Exelon merged with Constellation, Joe Glace started reporting directly to the president and CEO, Christopher Crane. As the Chief Risk Officer for the mega-utility, it was imperative that he was part of company’s executive committee.
“The new Exelon will have a significantly increased scope across the energy value chain,” Crane said at the time of the announcement in December 2011. “It is vital to our future success that we diligently manage risk from an independent and enterprise-wide perspective.” Keep reading →
For years predictions of the horror show that could happen if the nation’s electricity grid was compromised by hackers proliferated in inverse correlation to the number of attacks; the sector went about its peaceful way, adding security as it added increased interconnectivity and meeting standards that left service reliability levels intact.
That “quiet war” in cyberspace is over. The US energy sector is under attack, and there isn’t any indication the situation is going to improve. Keep reading →
The United States is reportedly under attack by the Chinese government. America’s business secrets, critical infrastructure and wealth are the targets. But many businesses are taking a lackadaisical approach to cybersecurity. Multiple industry studies have shown that the vast majority of companies don’t begin following cybersecurity best practices until after they’ve been hit. The latest and most telling example came Tuesday. According to a new report from information security company Mandiant, the Chinese military is linked to one of the most prolific hacking groups in the world. That group, known as the “Comment Crew,” has attacked Coca-Cola (KO, Fortune 500), EMC (EMC, Fortune 500) security division RSA, military contractor Lockheed Martin (LMT, Fortune 500), and hundreds of others. It reportedly holds the blueprints to America’s energy systems, and has funneled trade secrets out of some of the country’s largest corporations. The implications of China’s presence in Corporate America’s networks are vast, from matters of economic competitiveness to international diplomacy.
The Pentagon plans to add more than 4,000 people to its efforts to combat the growing number of cyberattacks in the country and to take the offensive against attacks from foreign countries.
Increasing the Defense Department’s Cyber Command by more than 4,000, well above today’s level of 900, will be a challenge, a New York Times article quoted defense officials as saying. The department said officials know that recruiting, training and retaining that many qualified people will be a difficult chore. Keep reading →
Utility companies confront security challenges daily, especially those related to securing the North American power grid. Increasingly, they’re responding by implementing comprehensive cyber security plans across their business networks and their generation, transmission and distribution systems.
From broad-based threats against corporate e-mail systems to targeted spear-phishing attacks aimed at nuclear operations, utilities face new challenges regularly. A focus area is the regular increase of vulnerabilities reported in the security of industrial control systems that monitor and control manage the power grid, as noted by the Department of Homeland Security and the media. Keep reading →
On September 19th, Senator Jay Rockefeller, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, sent a letter to the CEO of each Fortune 500 company requesting detailed information on his/her company’s cybersecurity practices. Given the particular importance of the energy sector to overall U.S. cybersecurity readiness, Senator Rockefeller’s expectations as to energy sector responses will undoubtedly be high.
The introductory message of the Rockefeller letter is emphatically simple: [we paraphrase] “In the face of an unprecedented national security challenge, The Chamber of Commerce and other inside-the-Beltway lobbyists have thwarted the passage of The Cybersecurity Act of 2012 which was supported by the President and the country’s top military officers. I now call on each of you as business leaders and Americans to express your support for the legislative efforts necessary to protect our economy and country.” Punchy perhaps, but on a stand-alone basis it would not be more than one would expect to get from a Ranking Democrat on a hotly debated issue in an election year. It does not, however, stand-alone. Keep reading →