From: EnergyBiz.com
Every day it seems the newspapers are filled with stories of breached security at a bank, government agency, media outlet, or a utility. According to a recent US Department of Homeland Security report, in fiscal year 2012, ICS-CERT received and responded to 198 cyber incidents as reported by asset owners and industry partners. Attacks against the energy sector represented 41 % of the total number of incidents. While none of these attempted cyber-attacks on utilities were successful, many experts have said it is not a question of if, but when. As these threats evolve, we must make sure we are all doing everything we can to keep systems protected and consumers safe.
Just How Big of a Deal Is Cyber security?
Cyber-attacks continue to be reported in the media almost on a daily basis: A few examples:
- – “Hackers Crack Major Data Firms, Sell Info To ID Thieves, Says Report,” news.cnet.com, September 25, 2013;
- – “Hackers Hit Energy Department – Again,” Wall Street Journal, August 15, 2013;
- – “Washington Post, CNN Hit by Cyber-attacks,” Wall Street Journal, August 15, 2013;
- – “Exclusive: Cyber-attack Leaves Natural Gas Pipelines Vulnerable to Sabotage,” csmonitor.com, February 27, 2013;
- – “Hackers Take Aim at Key U.S. Infrastructure,” money.cnn.com, February 20, 2013.
- – “Power-Grid Cyber Attack Seen Leaving Millions in Dark for Months,” (Bloomberg, January 31, 2012).
Although reports about the most advanced cyber threats suggest that this risk is vastly different from other threats utilities have experienced in the past, the basic responsibilities of regulation are unchanged: the regulatory compact assures the provision of safe, adequate and reliable utility services, no matter the hazard, at just and reasonable rates.
As the power grid is updated and modernized to include more computer networks, control systems and smart grid technology, the opportunity increases for computer hackers to cause mischief. While many of these hackers may not have a malicious intent, others may want to steal money or confidential information (like credit card numbers) or shut down the grid entirely. Under a worst case scenario, a successful cyber-attack could disrupt our economy and national security.
Cyber security is really a three-pronged approach. First, utilities need a set of tools to prevent a cyber-attack in the first place. Such preventative strategies involve not only traditional security controls, like performing background checks on employees, but also use new technologies, much like antivirus software that you would install on your personal computer. Second, utilities must collaborate with other utilities to learn about the different kinds of threats out there as well as share best practices to combat them. Third, should a cyber-attack succeed, utilities must be resilient in quickly responding to and effectively recovering from such an attack.
We know our grid is vulnerable to natural disasters, age, reckless drivers, and excavation damage, to name just a few hazards. Utilities and their regulators deal with these risks every day, and although we will never eliminate them, electricity is extremely reliable in this country. Also, utilities are generally good at rebuilding the system, at least on the distribution level, after a major disaster.
What makes cyber threats different are the national security implications, which stresses the importance of multi-level communications between and among federal agencies, utility operators, and state regulators—all of whom have a unique role to play.
Threats vs. Vulnerabilities
Leave a Reply