The United States is reportedly under attack by the Chinese government. America’s business secrets, critical infrastructure and wealth are the targets. But many businesses are taking a lackadaisical approach to cybersecurity. Multiple industry studies have shown that the vast majority of companies don’t begin following cybersecurity best practices until after they’ve been hit. The latest and most telling example came Tuesday. According to a new report from information security company Mandiant, the Chinese military is linked to one of the most prolific hacking groups in the world. That group, known as the “Comment Crew,” has attacked Coca-Cola (KO, Fortune 500), EMC (EMC, Fortune 500) security division RSA, military contractor Lockheed Martin (LMT, Fortune 500), and hundreds of others. It reportedly holds the blueprints to America’s energy systems, and has funneled trade secrets out of some of the country’s largest corporations. The implications of China’s presence in Corporate America’s networks are vast, from matters of economic competitiveness to international diplomacy.
cybersecurity
Sign up and get Breaking Energy news in your inbox.
We will never sell or share your information without your consent. See our privacy policy.
The Pentagon plans to add more than 4,000 people to its efforts to combat the growing number of cyberattacks in the country and to take the offensive against attacks from foreign countries.
Increasing the Defense Department’s Cyber Command by more than 4,000, well above today’s level of 900, will be a challenge, a New York Times article quoted defense officials as saying. The department said officials know that recruiting, training and retaining that many qualified people will be a difficult chore. Keep reading →
Utility companies confront security challenges daily, especially those related to securing the North American power grid. Increasingly, they’re responding by implementing comprehensive cyber security plans across their business networks and their generation, transmission and distribution systems.
From broad-based threats against corporate e-mail systems to targeted spear-phishing attacks aimed at nuclear operations, utilities face new challenges regularly. A focus area is the regular increase of vulnerabilities reported in the security of industrial control systems that monitor and control manage the power grid, as noted by the Department of Homeland Security and the media. Keep reading →
From the Lawyers: Senator Rockefeller Throws Cybersecurity Gauntlet to Fortune 500 CEOs
By Peter Gardett
On September 19th, Senator Jay Rockefeller, Chairman of the U.S. Senate Committee on Commerce, Science, and Transportation, sent a letter to the CEO of each Fortune 500 company requesting detailed information on his/her company’s cybersecurity practices. Given the particular importance of the energy sector to overall U.S. cybersecurity readiness, Senator Rockefeller’s expectations as to energy sector responses will undoubtedly be high.
The introductory message of the Rockefeller letter is emphatically simple: [we paraphrase] “In the face of an unprecedented national security challenge, The Chamber of Commerce and other inside-the-Beltway lobbyists have thwarted the passage of The Cybersecurity Act of 2012 which was supported by the President and the country’s top military officers. I now call on each of you as business leaders and Americans to express your support for the legislative efforts necessary to protect our economy and country.” Punchy perhaps, but on a stand-alone basis it would not be more than one would expect to get from a Ranking Democrat on a hotly debated issue in an election year. It does not, however, stand-alone. Keep reading →
Across the country, and increasingly around the globe, information technology is playing a key role in the operations and organizational management of utility service providers. From customer-facing smart-metering technologies to administrative software tools that enhance automation and network monitoring, the revolution in interconnectivity has brought increased productivity and efficiencies, but also new areas of risk and vulnerability.
As a result, utility service providers must take a broad-spectrum approach to hardening their facilities, especially to cyber-criminals and hostile nation states that have the capability to cause harm and catastrophic impact to a system without ever approaching its physical structure. Keep reading →
The US Senate’s energy panel did a status check Tuesday on actions taken to ensure the electric grid is protected from cyber-attacks. The hearing came as lawmakers are poised to consider yet another round of cybersecurity legislation.
Testimony we heard about cumbersome processes and the inability to react quickly didn’t sound too promising, but you can read the excerpts below or scan the full testimony here and decide for yourself. Keep reading →
Cyber security is of course a major issue for utilities. The risks, the potential vulnerabilities, the investments. And probably that nagging question: Is our security as good as we think it is?
A new tool from the Energy Department, the Cyber Security Self-Evaluation Survey Tool, has been released to help utilities answer that question. Part of an overall White House initiative to develop a Cyber Security Capability Maturity Model for the electricity industry, the new tool “helps electric utilities and grid operators identify opportunities to further develop their own cyber security capabilities by posing a series of questions that focus on areas including situational awareness and threat and vulnerability management.” Keep reading →
In one of his first public appearances since being officially named CIO at the Department of Energy, Robert Brese called for greater efforts to develop a skilled cybersecurity workforce, and stressed the importance of responding to cyber threats, not merely being prepared to prevent and recover from them. In a series of wide-ranging remarks on the state of cybersecurity in the federal government, Brese highlighted six factors shaping the evolution of federal cybersecurity policy, but concluded that despite many challenges, the federal government is “doing a better job than a majority of the private sector” in defending its networks.
