There’s special concern for the electric grid because power companies use SCADA networks to control their industrial systems
Utility companies and government officials are working on a list of ways to protect the electric grid from cyber security threats.
At a Congressional hearing on cyber security, Kenneth DeFontes, CEO of Baltimore Gas & Electric Co., said he was collaborating with other utility companies and government officials to find ways to prepare for cyber attacks against the electric grid.
“Cyber threats are constantly evolving in real time. They require quick action and flexibility that can come only from constant vigilance and close collaboration with the government and emergency response protocols that are planned and practiced before a disaster strikes,” DeFontes said.
There’s special concern for the electric grid because power companies use Supervisory Control and Data Acquisition (SCADA) networks to control their industrial systems. However, SCADA networks are designed to keep the grid 100 percent efficient — not necessarily secure. In fact, today’s security issues were not recognized when these systems were built.
To address this, DeFontes and his team are considering a few fixes, including constant maintenance (such as updated control infrastructure); greater security behind the firewall; keeping an eye on shared network gear and peripherals (hackers can get to other networks just from these connections); develop ways to keeps computers assigned to a corporate network from working on a production network; better software and hardware; monitoring SCADA connections to the Internet (notify utilities when their systems are found online); alerts to utilities that have devices connected online, so they know when they’ve been hacked, and better industry standards for cyber security.
Cyber security has been a huge worry in the U.S. Last month, the Pentagon said it would boost cyber security five-fold over the next several years from 900 troops to 4,900 troops.
Just this week, the Department of Defense (DOD) said it worried that cyber experts were undertrained and unprepared for huge security threats encountered in the DOD and other government entities. The current requirements for cyber security workers was put in place in August 2004 under DOD Directive 8570. It could use an update, especially considering technology and security measures have changed significantly since that time. And the problem is that technology changes so often that it’s difficult for DOD to keep up.
Source: The Wall Street Journal