March 21

Lights out, everybody! A nationwide, permanent power outage could occur.

As our daily live grow more entangled with sophisticated devices and technology, so too does the potential for exploitation of vulnerabilities in those devices and systems.

On Valentine’s Day, the Department of Energy announced it would be showing the nation’s power grid some cybersecurity love in the form of a new office. This office aims to protect the power grid and associated infrastructure against cyberattacks and natural disasters.

We’ve heard it all before: the increasingly connected Internet of Things (IoT) increasingly perpetuates a growing concern over tech vulnerabilities impacting more than just businesses. Should a breach occur, whole industries could be impacted and infrastructure on a national level. When we’re all plugged in to the same source, you can never be too careful.

DOE logo United States Secretary of Energy Rick Perry recently affirmed the national commitment to cybersecurity, citing the DOE, “plays a vital role in protecting our nation’s energy infrastructure from cyber threats, physical attack and natural disaster, and as secretary, I have no higher priority.” We concur!

The Past

Perry isn’t the only one prioritizing more secure infrastructure. Just last year (May 2017), Trump signed a long-awaited and much heralded cybersecurity Executive Order (EO) with the goal of “strengthening the cybersecurity of federal networks and critical infrastructure.”
On similar policy note, The Internet of Things (IoT) Cybersecurity Improvement Act of 2017 was a bill proposed in August 2017 (we briefly covered it back in November). To address the growing web of interconnected devices, the legislation would require vendors who produce or sell IoT devices to guarantee the devices don’t have known vulnerabilities or, if they do, immediately disclose them and create patches. The bill hopes to raise the bar for businesses’ accountability.

To read up on recent cybersecurity policy changes, check out one of our recent blogs: The Gift That Keeps On Giving: 5 Critical Changes to Cybersecurity Policy.

A nationwide attack or disaster that would devastate the U.S. power grid feels like an improbably scenario. However, recent events suggest otherwise.

In September 2017, a Russian hacking group known as “Dragonfly” and “Energetic Bear” created a “series of computer intrusions at electric companies and nuclear-plant operators.” The group specializes in power-grid control networks, in other words, sophisticated code that can turn circuits on and off. Symantec, a cybersecurity software specialist, believes hacking is entering a new phase: disruption of operational systems, ones that keep virtually everything up-and-running.

Robert Lee, CEO of Dragos—a company at the forefront of industrial control system (ICS) cybersecurity challenges—agrees: “It’s very concerning to see threat actors targeting the U.S. energy sector[…] We’ve seen no indication that there’s an ability to take down infrastructure. Of course, we don’t want them to have that option.”Suddenly, “lights out” doesn’t seem so inconceivable. At least for now, cybersecurity contingency planning and protection efforts are preemptive rather than reactive.

The Present

Now, the new Office of Cybersecurity, Energy Security, and Emergency Response (CESER)—a division of the Department of Energy—focus on “energy infrastructure security.” The office is intended to protect against manmade and natural threats (i.e. cyberattacks versus natural disasters), both which could cripple the United States power grid.

President Trump’s proposed budget would allocate $96 million to the office. Hopefully, this gives policy change the monetary push necessary for the initiative to succeed. According to Politico, the budget proposal increases digital defense spending by more than 4 percent across the federal government. The largest recipients being The Pentagon, the Department of Homeland Security, the Department of Justice, the Department of Energy, and the Department of Education—all for cybersecurity initiatives.

The Future

For the most part, hackers are up to the same old tricks, like run-of-the-mill email phishing scams. But a small sector of cybercriminals is quietly mobilizing for big, sophisticated schemes. Ransomware is just the tip of the iceberg.

According to Oilprice.com, there’s a negative correlation between cybersecurity defense and oil production. Essentially, the world’s largest players in oil production are lacking in the cybersecurity department. So, the U.S. power grid isn’t the only energy industry at risk. OPEC is also in the danger zone, especially Iraq, Saudi Arabia, Venezuela, Iran, and the United Arab Emirates.

And of course, let’s not forget Mother Nature. Cyberattacks aren’t the only major threat to data, systems, and infrastructure. While it’s true, April showers bring May flowers, spring is no stranger to severe weather including severe storms, severe flooding, and repeated freezing and thawing. Due to transition months like March and April, extreme contrast in temperature permits the highest potential for hazardous weather, like blizzards and tornadoes.

From June until November, the east coast and surrounding areas are threatened by severe weather and natural disasters. Not your average thunderstorm, these summer weather patterns promise damage from flooding, high winds, and extreme heat. These dangerous environmental conditions can impact computer systems, disturb data storage, and become a calamity to local business operations.

Once again, preparation is the greatest tool for prevention.

Category: data loss prevention

Tags: , , , , , , , , , ,

Comments

Commenting is closed for this article.