IDG News Service - The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S. lawmakers said today.
The electric industry has pushed against federal cybersecurity standards and some utilities appear to be avoiding industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection, said U.S. Rep. Yvette Clarke, a New York Democrat and chairwoman of the House Homeland Security Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.
"This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry," Clarke said.
The U.S. electric grid is an "obvious target" for enemies of the nation, and a major outage would affect all aspects of everyday life, Clarke said during a hearing. "We simply cannot afford to lose broad sections of our grid for days, weeks or months," she said.
Despite years of warnings from lawmakers, electric utilities' efforts to secure themselves against cyber or electromagnetic pulse, or EMP, attacks seem to be lagging, Clarke added. During a three-year subcommittee review of electrical grid security, committee members and staff talked to hundreds of experts and read thousands of pages of studies, she said.
"They all reached one conclusion: The electric industry has failed to appropriately protect against the threats we face in the 21st century," Clarke said.
While the hearing mostly focused on cybersecurity, lawmakers also talked about the threat of an EMP attack on the U.S. An EMP is a burst of electromagnetic radiation, usually from a nuclear explosion. While such an attack may be unlikely, an EMP attack could shut down the electricity grid over a wide area and bring the U.S. to a standstill, some lawmakers said.
Representatives of the electric industry said they've worked hard to improve cybersecurity, and they share the lawmaker concerns about EMP attacks. The electric industry needs better information about how to protect against EMP attacks, said Steven Naumann, vice president of wholesale market development at Exelon, an electric utility.
Part of the problem with cyberattacks is that the U.S. government doesn't share enough up-to-date information, Naumann added. "In general, the North American grid is well-protected against cyberattacks -- at least those attacks that we know about," he said. "It's hard to protect against something you don't know."
Many electric utilities have taken significant steps in recent years to improve their cybersecurity, added Mark Fabro, president and chief security scientist at Lofty Perch, a control systems security vendor. The electricity grid will continue to converge with the Internet and that will introduce vulnerabilities, he added, but many utilities are working hard to improve security.
"We continue to witness excellent examples of effective cybersecurity activities from many entities, and observe progress that does not align with the popular opinion that the bulk power system is rife for total system compromise," Fabro said.
But several lawmakers said they're concerned that the electrical grid will become more vulnerable as its controls move onto Internet Protocol networks. "There is a massive computer espionage campaign being launched against the United States by our adversaries," said Rep. Bennie Thompson (D-Miss.), chairman of the full Homeland Security Committee. "Intelligence suggests that countries seek or have developed weapons capable of destroying our grid."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts