Monday, February 9, 2015

January news roundup: Increasing awareness of threats to the power grid

The need for stronger critical infrastructure cybersecurity continues to become more evident. Attacks on U.S. and U.K. electric industries continue to increase, and governments are becoming more aware of these problems. President Obama touched on cybersecurity in his State of the Union address, urging Congress to pass legislation that will better protect the nation from attackers. However, his proposals focus heavier on data breach legislation, leaving ample room for improvement when it comes to ICS and SCADA security. Read about these evolving news stories and more in January’s news roundup:

President Obama’s State of the Union address in January hinted at his plans to work on cybersecurity issues. In what is being considered his “21st century agenda,” Obama includes increasing cybersecurity, as well as investing in security of physical infrastructures. Earlier this month, Obama released a series of proposals to address cyber-related problems. He included in this a plan to enhance government cybersecurity efforts. In his State of the Union address, Obama simply urged Congress to pass the appropriate legislation to prevent cyberattacks. With these plans, he is only scratching the surface of critical infrastructure security.

The growing skills of hackers are challenging security of the electric utility industry. While the energy sector is strengthening its levels of protection, it was the target of 40 percent of cyberattacks in 2013. According to security analysts, the hackers behind these attacks are seeking to inflict serious damage on the energy sector. U.S. officials are warning the industry that the electric grid is quite vulnerable to attacks.

The Government Accountability Office issued a report claiming that the United States Department of Homeland Security (DHS) is not paying enough attention to potential cyberrisks to building and access control systems in federal facilities. The report stated that the DHS has not been addressing risks at nearly 9,000 federal facilities, and that “DHS lacks a strategy that: (1) defines the problem, (2) identifies the roles and responsibilities, (3) analyzes the resources needed and (4) identifies a methodology for assessing this cyberrisk.” The DHS claims that it has not yet created a strategy to deal with this because this issue is slowly emerging.

Parliament member James Arbuthnot made comments that the U.K.’s power grid is under constant attacks from computer hackers. “Our National Grid is coming under cyberattack not just day by day, but minute by minute,” said Arbuthnot. These comments came very soon after the German steel mill attack. However, cybersecurity experts have responded by saying that the energy sector is a common target of attacks. Arbuthnot added that it is the responsibilities of individual companies to make sure they have the proper protection. 

Want to read more industry news? Check out our December news round up.