Government Lagging in Response to Increased Cyber Threats
Vulnerability in the systems supporting the US critical infrastructure is a hot topic for professionals, in both the private and public sectors, who are dealing with cybersecurity issues on a regular basis. We’re seeing an increase in these threats due to the expansion of control systems, increased use of digital and IP-technology, expanded use of wireless communication and lagging security measure implementation.
On Tuesday, February 7, 2012, the Securis team attended the Northern Virginia Technology Council (NVTC)’s U.S. Critical Infrastructure Under Cyber Attack – Cybersecurity and Privacy Event.The panel brought together industry thought leaders to highlight the potential economic and homeland security impact these threats possess and the steps that need to be taken to minimize our vulnerabilities.
Among these panelists were Jim Woolsey, Former Director of CIA, Lyn McDermid, SVP and CIO of Dominion Virginia Power, and Dr. John Saunders, Director at National Defense University, and each offered differing positions on the topic.
Jim Woolsey recounted the experimental cyber attack launched by the Department of Homeland Security in 2007 that led to the self-destruction of a generator machine. Woolsey revealed that this same type of hack could take out massive generators responsible for providing power to the entire country. He noted that the fragmented utility industry (3,500 providers nationwide) makes it difficult to implemental universal protection standards and collaboration with the defense industry. It’s vulnerabilities and threats like these that Woolsey argues demand Congressional and Statutory commitment.
Dr. Saunders commented that budgets and allocations from the government are lacking focus on cybersecurity. He noted that after 9/11 one water utility company received $200 million from Congress to invest in security… and they purchased fences. This alone is a great example of critical infrastructure industry leaders’ lack of awareness regarding potential threats. Without a kickstart in funding and support, the U.S. could find itself caught off guard by a major cyber type catastrophe.
Lyn McDermid, CIO of Dominion Virginia Power, had a more optimistic view of the industry’s readiness and collaboration with government agencies. She detailed how her company is focusing on reliability of security vendors and their products. Currently, Dominion Virginia Power has 30 networks separate from the public internet, over 400 firewalls, and is continually investing resources in improving security of control devices. Combatting internal threats is also a major focus of the company’s cyber security plan. Frequent employee background checks, scanning and monitoring of devices and other measures are taken in order to protect systems from rogue employees and vendors.
Despite these measures being taken by private utilities, both Saunders and Woolsey aren’t convinced that the U.S. is prepared to deal with a debilitating, nationwide cyber-attack on critical infrastructure. Currently, there is no effective training structure in place that can simulate, train, and protect against an ever-evolving enemy.
In conclusion, decisions and strides demand urgency in order to determine how the private and public sectors can best protect the critical infrastructure of the United States – essential to our security, public health and safety, economic vitality and way of life. The panel concluded that one successful malignant hacker on the power grid could significantly damage our economy.
Just think– What would we do without electricity for four months or maybe up to a year?