The US Power Grid Needs Better Security

Uploaded on 2018-04-17 in NEWS-News Analysis, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Production-Utilities, BUSINESS-Production-Energy

A recent poll showed that more than 90 percent of Americans believe the government is not doing enough to protect the electric grid from cyber-security attacks. Their fears appear to be justified.

In March 2018, the US government revealed its concerns about Russian incursions into the operating systems of domestic electric power plants and noted that the efforts to disrupt date back to 2013. These attacks have the capability to bring down all or part of US electricity service.

Such large-scale grid cyberattacks were foreseen. The Departments of Energy and Homeland Security identified the grid’s vulnerability to cyber-attacks some time ago and called for new protective measures in the DOE-led January 2017 Quadrennial Energy Review.

The study, which analysed the entire US electricity system, noted that that the key critical infrastructures underpinning the nation’s economy and national security, transportation, water, finance, natural gas, oil, communications/IT, depend upon a reliable electricity “uber-network.”
 
A 2012 report by the National Research Council concluded that a cyber-attack could black out a large region of the nation for weeks or even months.

Public health and safety would be in jeopardy from an extended, widespread power outage, resulting in loss of life support systems in hospitals, nursing homes, and households, disruption of clean water supplies and sanitation, and a massive breakdown of the transportation system.

The economic disruptions from an extended blackout would also be enormous.

A 2015 Lloyds of London study found that a cyber-attack on 50 generators in the Northeast could leave 93 million people without power and cost the economy over $234 billion.

We’ve already seen previews of a successful cyberattack on the grid stemming from operational failures and extreme weather. The 2003 Northeast blackout left 50 million people without power for four days, causing economic losses between $4 billion and $10 billion.

In Puerto Rico, 400,000 people are still without power six months after Hurricane Maria, with staggering impacts on the commonwealth’s economy and well-being.

Russia, Iran, North Korea and others have large-scale, offensive cyber-attack programs.

The CIA has concluded with “high confidence” that Russian military attackers crippled computers in Ukraine’s financial system last year. This followed 2015 and 2016 cyber-attacks that disabled part of Ukraine’s electric grid.

Global security analysts say Russia is using Ukraine as a cyber-war testing ground. The US also appears to be in their crosshairs as the overall US-Russia relationship hits new lows, evidenced most dramatically by their interference in our 2016 elections.

According to DHS and the FBI, Russia appears to be laying a foundation for a large scale cyber-attack on US infrastructure. The Dragonfly 2.0 hackers, identified by DHS as Russian government cyber actors, pursued a prolonged cyberattack (since 2015) on a US power plant and computer networks controlling the grid.

Industry and government have been trying to address cyber vulnerabilities.

In 2015, Congress expanded DOE’s authority to take immediate measures in response to cyberattacks on the grid in the FAST Act. Congress has also proposed additional legislation to address grid-related cyber-defense deficiencies with resilience measures for electricity infrastructure.

These bills, introduced but not passed, focus on state assistance, authority to address cybersecurity gaps for other energy infrastructures, and identification of cyber secure products for the grid. Energy Secretary Rick Perry should also be commended for setting up a new cybersecurity office at DOE.

These actions are important but not enough.

It is time for a comprehensive examination of how the US can anticipate, recover, and deter cyber-attacks. They need to fund development and deployment of advanced designs and technologies to protect their grid and to provide states the tools they need to contribute to the defense of the nation’s electricity system.

They need to incorporate mandatory reliability and resilience measures into every aspect of our electricity system and the Internet. They must also address state-sponsored cyber-attacks at the legal, regulatory, operational and diplomatic levels, including the development of international protocols.

But the hardest part may be modernising our jurisdictional system to ensure seamless federal authority to prepare for and respond to cyber-attacks.

The DOE study concluded that the electricity system is a national security asset.

National security is inherently a federal responsibility and cyber-security attacks do not respect jurisdictional boundaries. It is time to adopt a regulatory system that meets 21st century realities. The US economy and national security depend on it.

The Hill

You Might Also Read: 

US Accuses Russia Of Attacking Energy Infrastructure:

 

« Snowden: The Deep State’s Influence On The Presidency
Julian Assange Has Internet Connection Cut »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation

UCD Centre for Cybersecurity and Cybercrime Investigation is Europe's leading centre for research & education in cybersecurity, cybercrime and digital forensics.

Devo Technology

Devo Technology

Devo Security Operations is a next-gen cloud SIEM that enables you to gain complete visibility, reduce noise, and focus on the threats that matter most to the business.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

Cyber Threat Intelligence Network (CTIN)

Cyber Threat Intelligence Network (CTIN)

CTIN provides cyber threat intelligence services including training, platform evaluation, ISAC/ISAO systems development and counter botnet operations.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

ZeroNorth

ZeroNorth

ZeroNorth provides a new approach to improve software and infrastructure security, simplify continuous compliance reporting and to create more cost-effective risk management programs.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

EPIC Insurance Brokers & Consultants

EPIC Insurance Brokers & Consultants

EPIC is an insuarnce broker and consultancy firm. Risk management services include risk consultancy and cybersecurity insurance.

Bellvista Capital

Bellvista Capital

Bellvista Capital connects entrepreneurs with capital and unmatched business expertise in the technology areas of Cloud Computing, Cyber Security and Data Analytics.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

Swiss It Security Group

Swiss It Security Group

Swiss It Security Group offers clients complete IT security concepts based on innovative solutions and technology, with a focus on protection, detection and defence.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Rimini Street

Rimini Street

Rimini Street is a global provider of enterprise software support products and services, and the leading third-party support provider for Oracle and SAP software products.

SMARTEST

SMARTEST

SMARTEST is a world-class IT solutions provider active in the most challenging and demanding industries such as the oil and gas industries.

Probity

Probity

Probity Inc. is a certified software development and systems engineering company, providing support to federal government and national defense related clients.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.