The new ground zero in Internet warfare
The power grid is an obvious target for terrorists, but experts disagree about how to secure it
Computerworld - When it comes to critical national infrastructure, the highly distributed and ultra-interconnected U.S. power grid is, hands down, the most vulnerable to cyberattack. On this one point, many cybersecurity experts seem to agree.
Yet just how likely a terrorist target is the grid? And what's the best way to secure and protect the massive inventory of generators, power plants and transmission lines plus the cat's cradle of computer networks that make up the electric power system?
Talk to 10 experts, and you'll likely get 10 different answers.
"The problem is that we have a hard time assessing risk," says Jim Lewis, a senior fellow specializing in cybersecurity at the Center for Strategic and International Studies. "We seem to settle on either indifference or a Bruce Willis movie."
Up until about a decade ago, things were a lot simpler. The industrial control systems that manage the generation and flow of power were pretty much protected from intrusion by their closed-loop architecture. These control systems existed and operated in isolation from everything else.
But increasingly, these systems have been linked to countless corporate networks for everything from real-time monitoring of electricity generation and transmission to remote meter reading and automated grid operations.
"We had an explosion in business network technology, and as that occurred, individuals in accounting, for example, wanted real-time information at their desktop computers so they could do projection planning," says Michael Assante, chief information security officer at North American Electric Reliability Corp. (NERC), an industry organization of U.S. electrical grid operators.
The smart grid relies heavily on public communication networks, including cellular networks and WiMax, to digitally monitor and control the grid for more efficient operation, he explains.
But more connections mean more points of vulnerability, and that's what worries Sami Saydjari, president of Cyber Defense Agency, a privately held security consulting firm headquartered in Wisconsin Rapids, Wis.
"The power grid is controlled by systems that are antiquated and highly vulnerable because they have very little security. They've been historically protected by disconnection," he says.
But the rush to improve convenience and efficiency by tying together administrative systems and billing systems over the Internet has created gateways to the power grid control systems, Saydjari notes.
"The concern that many of us have is that an adversary can jump that gap directly or indirectly and exploit vulnerabilities," he says.
In particular, they could use these control systems to destroy physical things, like generators, or overload transformers and destroy them, Saydjari says. If that were to happen, it could take six months to replace transformers or generators, "and we have no [replacement] manufacturing capabilities in the U.S.," he says. "Germany, China and Japan are our sources."
This pilot fish is a contractor at a military base, working on some very cool fire-control systems for tanks. But when he spots something obviously wrong during a live-fire test, he can't get the firing-range commander's attention.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Reduce federal infrastructure risk with compliance management and situational awareness
- IBM continuous monitoring and management solutions deliver real-time situational awareness to help federal agencies understand vulnerabilities, and protect the infrastructure.
- Top 3 Myths about Big Data Security : Debunking common misconceptions about big data security
- Big data represents massive business possibilities and competitive advantage for organizations that are able to harness and use that information. But how are...
- Magic Quadrant for Data Masking Technology
- IBM is a leader in Gartner Inc's Magic Quadrant for Data Masking Technology. Read the full report to learn about IBM.
- Best Practices for Securing Hadoop
- Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges
- Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks... All Government IT White Papers
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer...
- Charting Your Analytical Future - "Making predictive analytics part of your business processes" Webinar This session will show how predictive analytics can be used throughout the organization by anyone looking for answers and how organizations can make...
- On-demand webinar - 7 Keys to Service Catalog Implementation Success Watch this webinar to learn 7 crucial keys to make your service catalog a success!
- Transform Your IT Service Management Watch this webinar, to learn how EasyVista can increase IT productivity & efficiency and deliver streamlined & integrated IT Service & Asset Mgmt.
- All Government IT Webcasts