What if hackers took over our power grid?
Getting to the root of cybersecurity and protecting critical infrastructure
Cyber attacks and hackers are a reality. We wake up, we grab coffee, and then we read about the latest cybersecurity breach. That statement may seem to trivialize the problem. But in an interconnected, always-on world, cyber crime by increasingly agile hackers is quite serious and seemingly inevitable.
In a quote in a recent article, Derek Manky, global security strategist at Fortinet, said about a half million attempted attacks occur every minute. How we use the data from these attempts to understand who these hackers are becomes extremely important, so that we can quickly respond to and even prevent cyber crime.
Vital targets in hackers’ crosshairs
Even more alarming, however, is the possibility of hackers taking control of critical infrastructure such as our power grid. Just recently, reports surfaced that the 23 December 2016 power outage in Ukraine resulted from a cyber attack on its power grid. That attack caused a six-hour outage for roughly 100,000 customers. And very recently, Yuval Steinitz, Israel’s national infrastructure minister, announced that its Electric Authority was targeted by a severe cyber attack. Will the US be next?
Some pundits argue that hackers succeeding in an attack on the US power grid is highly probable, while others say it’s quite unlikely. Research, however, from US government experts revealed that in fiscal 2015 the nation’s critical infrastructure experienced a 20 percent increase in cyber incidents. And according to a 2015 survey of 20 different countries in the Americas, 53 percent of respondents said cyber attacks on critical infrastructure increased from the prior year.
Expert points of view in a cybersecurity discussion
What are we doing to prevent or minimize an attack on our power grid? No matter which side of the debate you’re on, take part in a live discussion on 16 February 2016 at 1 PM Eastern to hear experts discuss the topic, “What if hackers took over our power grid?” Here are some of the key questions to be discussed:
- The US’s critical infrastructure experienced a 20 percent increase in cyber incidents in fiscal 2015. Is the probability of a power grid cyber attack high or low? Why?
- How long would a successful attack have to last to really wreak havoc? Are cyber attackers equipped well enough to perpetrate a sustained attack? What are some emerging threats that we need to be concerned with?
- Broadcast journalist Ted Koppel indicated that the one agency that would be ready to counter a cyber attack of this magnitude is the Department of Homeland Security, but he also said it isn’t ready? What are your thoughts? Is this agency ready?
- A 2015 Lloyd’s of London and University of Cambridge report estimated a hypothetical worst-case scenario of $243 billion to $1.024 trillion in direct and indirect losses from a cyber attack on the US power grid. Is the US government adequately prepared for a worst-case attack scenario, and what would the plan look like? Can we survive such an attack?
- Should operators focus on detection and rapid response rather than on preventing a cyber attack on the power grid? Why?
- What role should governments play in helping operators fortify systems and prepare for an attack on critical infrastructure?
Here are a few resources to review in preparation for this discussion:
- “In the dark over power grid security,” CBS News, CBS Interactive, Inc., November 2015.
- “Biggest blackout in U.S. History,” CBS News, CBS Interactive, Inc., August 2003.
- “How much at risk is the U.S.’s critical infrastructure,” by Taylor Armerding, CSO, CXO Media, January 2016.
- “House probes cyber threats to power grid,” by Harper Neidig, The Hill, Capitol Hill Publishing Group, October 2015.
- “Light’s out! Can insurance help?” by Kevin Kalinich, Risk and Insurance, January 2016.
- “ICS-CERT 2015 report: Critical infrastructure sector sees spike in cyber attacks,” by Maritza Santillan, The State of Security, Tripwire, Inc. January 2016.
Bob Stasio is a senior product manager of cyber analysis with IBM i2 Safer Planet. He brings nearly 14 years of expertise fighting top-tier malicious actors in the intelligence community, the US military, the National Security Agency (NSA) and the commercial sector. Stasio also served on the initial staff of US Cyber Command. During the troop surge of 2007, his intelligence unit supported the detainment of more than 450 high-value targets.
Mobolaji "Manny" Moyosore, head of security design, threat and vulnerability management, Tesoro Companies. An information security professional with 14 years of IT experience and over a decade of information security experience that cuts across multiple continents and industry verticals. Moyosore provides thought leadership, strategic direction, subject-matter expertise and innovative ideas on most effective ways of supporting and defending organizational crown jewels against unauthorized access, disclosure, destruction and alteration. His experience and skills span the full breadth of the information security domain, primarily focusing on information risk management, threat modeling, security architecture, vulnerability management, security policies and standards, and controls gap analysis.
Michael Riley, reporter at Bloomberg News covers cyber security for Bloomberg News, Bloomberg Television and Bloomberg Businessweek magazine. Among his groundbreaking work, Riley wrote the first profile of PLA Hacking Unit 61398 seven months before Mandiant's APT1 report; he broke the story of the massive JPMorgan Chase breach in the summer of 2014; and he co-authored the first account of the destruction of Sands Corp computers by Iranian hackers, a report later confirmed by Director of National Intelligence James Clapper in congressional testimony. Riley was named 2014 Business Journalist of the Year by Talking Biz News. He has won national journalism awards from many distinguished organizations, including the Overseas Press Club, the American Bar Association, Columbia University, and the Society of American Business Editors and Writers. Riley is the author of a 2012 investigative series on cyber-espionage, including a profile of the Shanghai-based Comment Group. Before coming to Bloomberg in 2010, he was a national reporter for the Denver Post for eight years, winning many journalism awards including the American Bar Association's Silver Gavel award, Columbia University's Paul Tobenkin Award and the Society of American Business Editors and Writers 'Best in Business' award.