Issues

• Government Authentication
• Personal Identity
• Federal Standards
• Governance
• R&D
• Resources
• Legislation and Policy
• Liability
• Power Grid
• Procurement


Library

o Government Authentication Library
o Personal Identity Library
o Federal Standards Library
o Governance Library
o R&D Library
o Resources Library
o Legislation and Policy Library

CRE Interventions
•  Agency Administrative Actions
•  Rulemaking
•  Litigation

• ICANNfocus Archives

  

Getting Ready to Keep the Lights On
A DHS official informed Congress that federal and federally-backed organizations will be releasing several initiatives next year to help secure essential control systems. However, more than government action will be needed to protect critical infrastructure. As the official explained, the "exposure of these systems to malicious actors in cyberspace is greater than in the past, because these systems are more often connected to the Internet. With the profit margins of many of the owners and operators, it is a challenge to convince them to spend to reduce the risk."

Of particular concern are Supervisory Control And Data Acquisition (SCADA) and related types of systems because they "regulate real world activity, such as the amount of water flowing though a dam or the electricity flowing through a transformer...."

One report estimates that "almost a quarter of companies with SCADA systems did not have a firewall separating the control network from the corporate network, leaving the systems open to attack from the Internet." Furthermore, "only 40 percent of power utilities with such networks bothered to keep detailed access and network-data logs...."

An official with the Gas Technology Institute explained to Congress that the problem will be difficult and expensive to solve because the control systems are expensive to patch or replace. "Because many of these systems were designed before critical infrastructure security was a major concern, they often have significant vulnerabilities to unauthorized electronic operations. The question confronting the skilled cyberattacker is less ‘Can we enter the system?' and more ‘How long will it take us to penetrate it?'"

A professor at the University of Illinois at Urbana-Champaign testified that "proposed solutions need to allow companies to make small steps to secure their systems today, with more in-depth proposals for the long term."

The challenge for both government and industry is to recognize that: 1) better-securing the grid is both necessary and expensive; and 2) any realistic solutions will have to take into account cost-benefit analyses and the need for all stakeholders to work cooperatively.

  • See story


    • Copyright © 2005 The Center for Regulatory Effectiveness.
    All rights reserved.