Securing critical infrastructure no short term fix

Federal officials have long sought to secure critical infrastructure from potential attack, and recent events like the 2003 blackouts and the Stuxnet virus have added increasing urgency to government and private sector efforts; speaking on a panel at the Government Security conference and expo in Washington, D.C., security experts that specialize in critical infrastructure discussed the challenges of protecting infrastructure and steps that both governments and businesses can take; experts discussed addressing vulnerabilities in the smart grid, Stuxnet as a game changing cyber attack, and protecting critical infrastructure as a portfolio management problem

Federal officials have long sought to secure critical infrastructure from potential attack, and recent events like the 2003 blackouts that left much of the Northeast without power for days and the Stuxnet virus,which damaged nuclear centrifuges in an Iranian enrichment facility, have added increasing urgency to government and private sector efforts.

Speaking on a panel at the Government Security conference and expo in Washington, D.C., security experts that specialize in critical infrastructure discussed the challenges of protecting infrastructure and steps that both governments and businesses can take.

Of particular concern were the measures needed to secure the U.S. electrical grid, especially as the smart grid begins to be implemented.

The smart grid essentially adds a digital layer to the existing power infrastructure, increasing efficiency and reducing costs by allowing utilities to adjust the delivery of power in real-time, transmit power generated by renewable source like wind and solar, and providing up to the minute updates on the status of the grid.

While the new grid offers advanced capabilities, it also opens up critical infrastructure to new vulnerabilities from cyber attack.

Mark Weatherford, the vice president and chief security officer for North American Electric Reliability Corporation (NERC), the organization tasked with ensuring the reliability of North America’s power system, discussed current efforts to secure the electrical grid.

Weatherford explained, “When people talk about the fragility of the grid, the grid is not fragile. The grid is actually very resilient. We just have to make sure that we apply the appropriate security controls on this digital infrastructure that’s lying on top of the existing electrical technology.”

He acknowledged that initially the grid had major cyber security vulnerabilities, but utilities have since made efforts to address those gaps.

When smart meters were first installed,“several of the utilities went to the lowest bidders to buy meters and some of these meters had such obvious cyber vulnerabilities that it was unbelievable,” Weatherford said.

“The good news is that the manufacturers and the utilities who are demanding these new technologies are understanding now that they can’t implement these kinds of technologies that they have the appropriate security, controls, and mitigation as they put these devices out there,” he said.

He added that currently “there is a lot of re-engineering and re-manufacturing going on right now to address that problem.”

Another concern noted was the Stuxnet virus which revealed an emerging threat from cyber attacksthat can cause physical damage to industrial processes. Experts unanimously agreed that it was

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: