From: EnergyBiz.com
Larry Castro
THE NATURE OF THE CYBER THREAT to our nation’s electric grid and the efforts at both the national level and state regulator levels to address this threat are well documented.
A recently reported example of these evolving vulnerabilities is that of the Niagara Framework. The Framework, a suite of interface software used to connect users to a wide range of SCADA-associated functions across a broad scope of industries, including those in and supporting the electric power sector, links at least 11 million individual devices and machines in 52 countries worldwide to the Internet. Such a vast network of users makes it ripe for exploitation by determined threat actors. The potential for vulnerabilities such as those found in Niagara to compromise the security of the grid has been recognized by Congress. At a recent Senate Energy and Commerce hearing,
Gerry Cauley, president and chief executive officer of the North American Electric Reliability Corporation, emphasized that he was “deeply concerned about the changing risk landscape from conventional risks, such as extreme weather and equipment failures, to new and emerging risks where we are left to imagine scenarios that might occur and prepare to avoid or mitigate the consequences.”
In addition to recognizing the significance of the threat, numerous members and committees in Congress have concluded that there is a role for cybersecurity legislation in addressing this issue. There are several competing bills under consideration and there is some concern that the Senate will be unable to debate their merits before its late-summer adjournment. There is consensus, however, that enhanced information sharing enabled by legislation that clarifies current ambiguities is a necessary ingredient in the drive to fortify our nation’s cybersecurity.
This information sharing has already begun. Cauley describes how NERC uses the Electricity Sector Information Sharing and Analysis Center (ES-ISAC) as a vital information-sharing element. In addition, another critical sharing function is provided by the Department of Homeland Security’s Industrial Control System Cyber Emergency Response Team (ICS-CERT). There are other information-sharing models under consideration beyond the ISAC and functional constructs.
Now is the time to formally build on current information-sharing models. Doing so will require examining what has worked and what has not. A recently released report produced by the Bipartisan Policy Center’s Cyber Security Task Force goes into detail regarding what works for information sharing. The report states that the information shared must be timely and actionable. Information must flow between the industry players and the government’s cybersecurity centers of excellence such as the Department of Homeland Security’s U.S. Computer Emergency Readiness Team and the National Security Agency’s Threat Operation Center bidirectionally and at net speed. Sharing constructs must recognize that the parameters of the threat may change in the course of the intrusion event and that the bottom line is to use the shared information to determine and execute response courses of actions.
In addition, the information shared must be tailored to the specific customers and events at hand. Along with malware signatures associated with an event, there needs to be event-specific cyber threat intelligence describing tactics and methods. To the greatest extent possible this information should result from sanitizing classified information to prevent the disclosure of our nation’s own sources and methods. The key is the provision of relevant information described in accurate context.
The report goes on to state that the information shared must be shared with care. As industry situational awareness information is fed to our government’s cybersecurity centers to allow the centers to aggregate their view of net activity associated with a given event, care must be given by the industry providers of this data to protect the privacy of individual grid customers.
These are exciting times for enhancing cybersecurity for the grid. The electric power sector has been a proactive leader among our nation’s critical infrastructures in this regard. Enhancing information sharing will enable individual companies to access their security, identify shortfalls and prioritize investments where more needs to be done.
Leave a Reply