IDG News Service - The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S. lawmakers said today.
The electric industry has pushed against federal cybersecurity standards and some utilities appear to be avoiding industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection, said U.S. Rep. Yvette Clarke, a New York Democrat and chairwoman of the House Homeland Security Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.
"This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry," Clarke said.
The U.S. electric grid is an "obvious target" for enemies of the nation, and a major outage would affect all aspects of everyday life, Clarke said during a hearing. "We simply cannot afford to lose broad sections of our grid for days, weeks or months," she said.
Despite years of warnings from lawmakers, electric utilities' efforts to secure themselves against cyber or electromagnetic pulse, or EMP, attacks seem to be lagging, Clarke added. During a three-year subcommittee review of electrical grid security, committee members and staff talked to hundreds of experts and read thousands of pages of studies, she said.
"They all reached one conclusion: The electric industry has failed to appropriately protect against the threats we face in the 21st century," Clarke said.
While the hearing mostly focused on cybersecurity, lawmakers also talked about the threat of an EMP attack on the U.S. An EMP is a burst of electromagnetic radiation, usually from a nuclear explosion. While such an attack may be unlikely, an EMP attack could shut down the electricity grid over a wide area and bring the U.S. to a standstill, some lawmakers said.
Representatives of the electric industry said they've worked hard to improve cybersecurity, and they share the lawmaker concerns about EMP attacks. The electric industry needs better information about how to protect against EMP attacks, said Steven Naumann, vice president of wholesale market development at Exelon, an electric utility.
Part of the problem with cyberattacks is that the U.S. government doesn't share enough up-to-date information, Naumann added. "In general, the North American grid is well-protected against cyberattacks -- at least those attacks that we know about," he said. "It's hard to protect against something you don't know."
Many electric utilities have taken significant steps in recent years to improve their cybersecurity, added Mark Fabro, president and chief security scientist at Lofty Perch, a control systems security vendor. The electricity grid will continue to converge with the Internet and that will introduce vulnerabilities, he added, but many utilities are working hard to improve security.
"We continue to witness excellent examples of effective cybersecurity activities from many entities, and observe progress that does not align with the popular opinion that the bulk power system is rife for total system compromise," Fabro said.
But several lawmakers said they're concerned that the electrical grid will become more vulnerable as its controls move onto Internet Protocol networks. "There is a massive computer espionage campaign being launched against the United States by our adversaries," said Rep. Bennie Thompson (D-Miss.), chairman of the full Homeland Security Committee. "Intelligence suggests that countries seek or have developed weapons capable of destroying our grid."
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!