You’ve Been Warned:
Why You Need to Be Ready
for Total Grid Failure
An electrical grid is an interconnected network for delivering electricity from suppliers to consumers.
Bracing for a big power Grid attack:
‘One is too many’
The Basics of Grid Security
America’s electric grid, data centers, telecommunications networks,
and other critical infrastructure can be damaged or destroyed in several
different ways: a nuclear weapon that generates an EMP (Electro-Magnetic Pulse)
effect; a geomagnetic storm from the sun that also can generate an EMP
effect; a smaller, localized EMP that can be created with every day
equipment from Radio Shack; cyber warfare; and direct physical attacks.
Cyber Attacks & Terrorism could damage the Grid for years; What can you do?
The Secure the Grid Coalition is an ad hoc group of policy, energy, and
national security experts, legislators, and industry insiders who are
dedicated to strengthening America’s electrical grid. The Coalition aims
to raise awareness to the national and international threat of EMP as well
as pass legislation to strengthen the grid. Press inquiries
How Trump can keep America’s grid safe from hackers
by Selena Larson @selenalarson
March 28, 2017: 10:02 AM ET
MIT released a report Tuesday calling for an overhaul of infrastructure cybersecurity. The authors — led by Joel Brenner, senior research fellow at MIT and former head of U.S. counterintelligence — want the administration to take more effective action on securing critical systems we use every day.
Crucially, Brenner said, it’s important to move controls for transportation, the electricity grid and gas pipelines off public networks.
“A generation ago, these were all locked up in a room, and only the operating engineers could get into that room,” Brenner told CNNTech. “Today, because we wanted to manage geographically dispersed equipment more cheaply and efficiently, we’ve hooked up all the controls to the internet.”
These networks are accessible to the general public — what most people connect with to watch movies, check email and tweet. Private networks are physically separate from the public internet, meaning that while they can also connect to common operating systems and websites, only select individuals can use them.
It’s much easier for hackers to take down the electric grid if it’s connected to a public network. While moving to private networks won’t make the grid completely unhackable, experts say it would drastically improve security.
In December 2015, a coordinated cyberattack on Ukraine’s electricity grid plunged hundreds of thousands of people into darkness, turning off everything from computers to call centers. The following year, another cyberattack on the state-run power provider in Kiev left people without power for 30 minutes.
Related: Big changes in Trump’s cybersecurity executive order
U.S. presidents have called for improving infrastructure security for more than two decades. In 1990 President George H.W. Bush issued National Security Directive 42, in which he warned: “Telecommunications and information processing systems are highly susceptible to interception, unauthorized electronic access, and related forms of technical exploitation.” Fast forward to a 2013 executive order from President Obama: “The cyber threat to critical infrastructure continues to grow and represents one of the most serious national security challenges we must confront.”
Yet the threats remain the same, Brenner said, with not enough done to prevent attacks. The 50-page report released Tuesday is meant to provide a roadmap for prevention.
The key point: For infrastructure to be protected against cyberattacks, companies and the government have to collaborate. The MIT report suggests incentivizing companies to mandate security upgrades, perhaps through tax breaks for improving security or by holding companies liable for damage to consumers caused by hacks.
The Report Source:
Bureaucracy hampering U.S. efforts to protect grid — ex-DOD secretary
Blake Sobczak, E&E News reporter
Published: Monday, March 6, 2017
Despite pouring resources into infrastructure security, the United States lacks a “chain of command” for dealing with a major cyberattack on the power grid, according to former Defense Secretary Robert Gates.
“We as a government have technical capabilities that can help defend this country and the infrastructure,” Gates said Friday at an event hosted by the Siebel Scholars Foundation. “The problem is, politically and bureaucratically, we are completely wrapped around the axle in terms of authorities.”
Gates alluded to various critical infrastructure security programs at the Department of Homeland Security, National Security Agency and Department of Energy, the lead organization for helping privately owned utilities head off threats from hackers. In 2015, U.S. lawmakers broadened the secretary of Energy’s ability to respond to emergencies such as a major cyberattack on the grid, though DOE has not yet settled how it will act on its new authority (Energywire, Feb. 8).
“It’s not like people have been neglecting the problem,” said Gates, who became chancellor at the College of William & Mary after leaving the Department of Defense in 2011. But he added that “as somebody who spent 50 years in the bureaucracy, when you have that many commissions and committees and groups, the question is: Who’s in charge?”
Gates’ comments kicked off a weekend of grid cybersecurity programming for alumni of the Siebel Scholars program, funded by technology industry billionaire Thomas Siebel. The goal was to encourage scholars, most of whom had no background in computer science, to consider new approaches to an issue that one cybersecurity executive called a “slow-moving train wreck.”
“The United States is probably the hardest country in the world to defend in cyberspace,” said Liam O’Murchu, director of security technology and response at software giant Symantec Corp., citing the huge amount of internet-connected — and potentially hackable — technologies here.
O’Murchu, who played a central role in unmasking the Stuxnet malware that damaged Iranian nuclear centrifuges in 2010, said Saturday he’s seen evidence of state-sponsored hackers “scoping out” critical infrastructure networks in America. But he suggested attackers might not risk pulling the trigger unless their governments are locked in a physical conflict with the United States elsewhere.
If hackers did cause a power outage, experts and government officials agreed the private sector would need to play a central role in recovery. The bulk of the U.S. grid is owned and operated by private utilities.
“People have the mistaken notion that government is going to come in and solve the problems when there’s this grid outage,” said Douglas Maughan, director of the cybersecurity division in the Homeland Security Advanced Research Projects Agency. Maughan’s office, part of the Department of Homeland Security’s Science and Technology Directorate, funds promising technical solutions to the grid cybersecurity problem and other homeland security challenges.
“We need to make sure we have those lanes better defined, and maybe [make] more information available” about how the public and private sectors would coordinate in an emergency, Maughan said.
‘How bad could it be?’
Several speakers at the conference tamped down fears that a nationwide blackout was imminent, whether through hackers disabling key networks or physical attackers targeting large power transformers at major substations.
Retired Gen. Michael Hayden, who formerly headed the NSA and the CIA, said the grid security outlook is “probably not quite as apocalyptic as some might think.”
He pointed out that large electric utilities already deal with massive outages caused by hurricanes. “This is one industry that actually does more than tabletop [exercises] when it comes to, ‘What do we do if that happens?'” he said.
Still, Hayden also acknowledged that hackers pose a distinctly different threat compared with the weather. He pointed out that a draft executive order circulating in the Trump administration would direct DHS and a few other agencies to “actually assess the impact” of a grid cyberattack, answering the basic question, “How bad could it be?”
In his comments Friday, former Defense Secretary Gates cited another pressing question surrounding grid cybersecurity: When would the U.S. military have to respond to an attack?
“I suspect [officials] are no closer to an answer to that question today than they were when I asked it 10 years ago: What kind of a cyberattack constitutes an act of war?” Gates said. “My guess is, you end up where the Supreme Court did in defining obscenity — ‘You’ll know it when you see it.’ I don’t think that’s a legal answer.”
Twitter: @BlakeSobczak Email: firstname.lastname@example.org
RESIZE TEXT RESIZE TEXT EMAIL EMAIL PRINT PRINT
Senate hears case for DOE cyber research as budget cuts loom
Energywire: Wednesday, April 5, 2017
Officials hope Trump cyber order is worth the wait
Energywire: Tuesday, April 4, 2017
Senators to tackle hacking defenses
E&E Daily: Monday, April 3, 2017
Senators look ‘back to the future’ for grid security
Energywire: Wednesday, March 29, 2017
Grid execs seek to reopen threat-sharing pipeline with Trump
Energywire: Friday, March 24, 2017
ENERGYWIRE HEADLINES — Monday, March 6, 2017