Monday, December 6, 2010

Congresswoman says chance of cyber attack against electric grid is 100%

Rep. Yvette Clarke (D-NY) delivered the evening keynote during the SC Congress in mid-town Manhattan yesterday, as the member of the House Committee on Homeland Security told the audience that the US electric grid remains vulnerable to a near-certain cyber attack.

The Congresswoman from New York’s 11th legislative district, which encompasses parts of Brooklyn, said that our electrical grid is “what distinguishes our nation as an advanced, modern civil society”. She subsequently warned of the all-too-familiar dangers that could potentially devastate the nation’s power supply.

“As many of you in this room are aware, the grid remains vulnerable” to advanced viruses that are designed specifically to target industrial control systems. Clarke cited Russia, Iran, China, and North Korea as nations that are known to regularly use “offensive cyber attack capabilities, while terrorist organizations continue to work to develop these capabilities”.

“We must do everything in our power to ensure that our grid is protected”, Clarke implored during her on-floor keynote. She reminded the crowd of what happens when the grid goes beyond capacity and breaks, like it did during the Northeast blackout in the summer of 2003, which interrupted service for more than 55 million people in the US and Canada.

“While our citizens remained relatively calm throughout the ordeal, it still caused 11 deaths and roughly $6 billion in damages”, Clarke said. “Imagine what those damages would be for a nationwide blackout lasting a few weeks.”

Clarke continued that, based on current scientific research, if we faced a long-term power outage lasting weeks or even months, our society as we know it would be “irreparably destroyed”.

She stressed that this characterization was hardly an overstatement of the research: “A 2009 National Academy of Sciences report warned that a severe geomagnetic storm is inevitable” and would cause $1–2 trillion in damage and could take anywhere from five to 10 years to recover from.

Next Clarke boldly proclaimed that “the likelihood of a cyberattack that could bring down our grid is also 100%. Our networks are already being penetrated as we stand here. We are already under attack. We must stop asking ourselves ‘could this happen to us’ and move to a default posture that acknowledges this fact and instead asks ‘what can we do to protect ourselves’?”

The representative said the good news is that Congress has begun to take steps to address the vulnerabilities in our electric grid, or at least acknowledge there is a problem. The subcommittee she chairs on Emerging Threats, Cybersecurity, Science, and Technology held a hearing in July 2009 to examine the issue, where, in Clarke’s words, “members of the committee were appalled to learn about the vulnerabilities that affect the electric grid and the lack of robust protection against cyber attacks”.

The solution, said Clarke, “will require efforts from both the government and the private sector. That partnership is something that must be held in high regard. The government cannot do this alone, and we don’t expect to do this alone. We must have partnership. It will take a joint effort between government and the private sector to result in the most robust, effective security practices.”

Congress has already begun to take action as well, according to Clarke, with the unanimous House passage of the GRID Act, which would grant the Federal Energy Regulatory Commission authority to require that expanded cybersecurity protections be put in place as part of broader bill on cybersecurity now being considered by the Senate.

“From what we’re hearing, there is interest in passing the bill”, Clarke said. However, the congresswoman said she was concerned that the current approach, which combines the GRID Act as part of a broader bill on cybersecurity, might be doomed to failure. “This approach”, she lamented, “will stall the potential passage of the bill, and the GRID Act may not come to pass in the end.”

She said the US should look toward its British allies, which recently pledged a nearly £1bn investment to strengthen cybersecurity defenses.   “We cannot afford to fail”, Clarke concluded. “The private sector, the administration, the Congress have all made progress, but we lack the sense of urgency that is necessary. We must move on this forcefully.”

Razorpoint can help organizations configure, deploy, and troubleshoot existing technology to eliminate security vulnerabilities that go undetected. A critical component of every security program is the process for addressing security monitoring, escalation, and follow-up procedures that provide your organization with preventative and adaptive security capabilities. Razorpoint works with organizations to define a rules-based escalation procedure for effective security incident response. The Razorpoint team conducts network and host security testing, and then relies on the results to assess the inventory of current security technology and processes in the organization, to evaluate the critical information assets, and to analyze the security roles related to the infrastructure.