Ads by TechWords

See your link here
Receive the latest technology news and information.
Computerworld Daily News (First Look and Wrap-Up)
Computerworld Blogs Newsletter
The Weekly Top 10
Cloud Computing
View all newsletters




Privacy Policy
 

The new ground zero in Internet warfare

The power grid is an obvious target for terrorists, but experts disagree about how to secure it

April 27, 2009 12:00 PM ET

Computerworld - When it comes to critical national infrastructure, the highly distributed and ultra-interconnected U.S. power grid is, hands down, the most vulnerable to cyberattack. On this one point, many cybersecurity experts seem to agree.

Yet just how likely a terrorist target is the grid? And what's the best way to secure and protect the massive inventory of generators, power plants and transmission lines plus the cat's cradle of computer networks that make up the electric power system?

Talk to 10 experts, and you'll likely get 10 different answers.

"The problem is that we have a hard time assessing risk," says Jim Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies. "We seem to settle on either indifference or a Bruce Willis movie."

Up until about a decade ago, things were a lot simpler. The industrial control systems that manage the generation and flow of power were pretty much protected from intrusion by their closed-loop architecture. These control systems existed and operated in isolation from everything else.

But increasingly, these systems have been linked to countless corporate networks for everything from real-time monitoring of electricity generation and transmission to remote meter reading and automated grid operations.

"We had an explosion in business network technology, and as that occurred, individuals in accounting, for example, wanted real-time information at their desktop computers so they could do projection planning," says Michael Assante, chief information security officer at North American Electric Reliability Corp. (NERC), an industry organization of U.S. electrical grid operators.

The smart grid relies heavily on public communication networks, including cellular networks and WiMax, to digitally monitor and control the grid for more efficient operation, he explains.

More vulnerability

But more connections mean more points of vulnerability, and that's what worries Sami Saydjari, president of Cyber Defense Agency, a privately held security consulting firm headquartered in Wisconsin Rapids, Wis.

"The power grid is controlled by systems that are antiquated and highly vulnerable because they have very little security. They've been historically protected by disconnection," he says.

But the rush to improve convenience and efficiency by tying together administrative systems and billing systems over the Internet has created gateways to the power grid control systems, Saydjari notes.

The power grid is controlled by systems that are antiquated and highly vulnerable because they have very little security.
Sami Saydjari, president, Cyber Defense Agency

"The concern that many of us have is that an adversary can jump that gap directly or indirectly and exploit vulnerabilities," he says.

In particular, they could use these control systems to destroy physical things, like generators, or overload transformers and destroy them, Saydjari says. If that were to happen, it could take six months to replace transformers or generators, "and we have no [replacement] manufacturing capabilities in the U.S.," he says. "Germany, China and Japan are our sources."



Jump to comments

electric grid

Additional Resources

WHITE PAPER
Approximately 60 percent of data migration projects overrun time or budget, while some fail completely. Download this white paper, "Enhancing Your Chance for Successful Data Migration," to learn the critical steps you need to take to execute a data migration project with minimum cost and risk to your business.
WHITE PAPER
Read the Gartner research note to learn why the TCO of a server-based computing deployment used to deliver all applications to users is around 50% lower than that of an unmanaged desktop deployment.
WHITE PAPER
Economic downturns have a tendency to accelerate emerging technologies, boost the adoption of effective solutions, and punish solutions that are not cost competitive or that are out of synch with industry trends. This IDC White Paper presents the results of an IDC survey of 330 companies in Western Europe, Asia/Pacific and the Americas that measures the receptiveness to Linux and takes into consideration changing views driven by the disruptive economic environment that businesses face today.

What People Are Saying