Partner Perspectives  Connecting marketers to our tech communities.
8/8/2016
11:43 AM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Guarding The Grid

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense.

A few weeks ago I was on Capitol Hill at an event sponsored by the Lexington Institute discussing the growing role of the National Guard in protecting the nation's critical infrastructure from cyberattacks -- specifically the electric power grid. Risks to US critical infrastructures are growing significantly; the Department of Homeland Security reported a seven-fold increase in cyber incidents on critical infrastructures between 2010 and 2015.

The ability to reliably generate and deliver electric power is foundational to modern civilization, and it is taken for granted by most of us. It is hard to imagine a more important function on which every individual, and the whole nation, depends. Those charged with the responsibility of protecting our critical infrastructures face great challenges. The electric power grid is highly distributed, with nearly 5,000 different entities of widely varying size and capacity generating and/or distributing energy.

Historically, the greatest threats to the reliable generation and delivery of energy were environmental such as major storms and natural disasters, but this is changing. Some portions of the grid are particularly vulnerable to physical attack. More significantly, the grid is the subject of increasing cyber penetrations and outright attacks. Last December, a relatively simple cyberattack on a portion of the Ukrainian power grid disrupted power to hundreds of thousands of customers.

A Growing Challenge

While there is general federal oversight and regulation of the electric power industry, most of the governance, regulation, and protection of the individual entities and their assets occur at the state and local level. Major technological and organizational changes -- notably the rise of distributed energy resources, the advent of the smart grid, and the creation of micro grids -- are changing the industry, adding more players and points of entry into the system. These changes are also increasing the difficulty of protecting the grid.

At the Lexington Institute event, I learned that the National Guard is uniquely positioned, in terms of authorities, responsibilities, and capabilities, to support the ongoing defense of the nation against such threats. The National Guard is state-based and able to respond across both state and federal lines of authority. Moreover, because they are embedded in their communities, National Guard units are particularly well suited to understanding and responding to local situations.

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense. In addition to meeting their defined requirements to support the active duty military, individual Guard units are shaping unique capabilities and operational concepts that reflect the specific conditions and needs of their states. Guard cyber units in California, Maryland, Wisconsin, and Washington, for example, have established collaborative relationships with local utilities. In some instances, Guard units and utilities have conducted joint exercises. Since no two states or utilities are exactly alike, this one-on-one collaboration is particularly important. It is also an approach well suited to the organization and operation of the National Guard.

With 54 states and territories, there is a real value to the National Guard as a laboratory for experimenting on ways to protect public and private infrastructure. Whether providing risk assessments, creating cyber centers of excellence, or collaborating with local companies on security training, the National Guard is always ready and always there.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RIP, 'IT Security'
Kevin Kurzawa, Senior Information Security Auditor,  11/13/2018
Understanding Evil Twin AP Attacks and How to Prevent Them
Ryan Orsi, Director of Product Management for Wi-Fi at WatchGuard Technologies,  11/14/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-17906
PUBLISHED: 2018-11-19
Philips iSite and IntelliSpace PACS, iSite PACS, all versions, and IntelliSpace PACS, all versions. Default credentials and no authentication within third party software may allow an attacker to compromise a component of the system.
CVE-2018-9209
PUBLISHED: 2018-11-19
Unauthenticated arbitrary file upload vulnerability in FineUploader php-traditional-server <= v1.2.2
CVE-2018-9207
PUBLISHED: 2018-11-19
Arbitrary file upload in jQuery Upload File <= 4.0.2
CVE-2018-15759
PUBLISHED: 2018-11-19
Pivotal Cloud Foundry On Demand Services SDK, versions prior to 0.24 contain an insecure method of verifying credentials. A remote unauthenticated malicious user may make many requests to the service broker with different credentials, allowing them to infer valid credentials and gain access to perfo...
CVE-2018-15761
PUBLISHED: 2018-11-19
Cloud Foundry UAA release, versions prior to v64.0, and UAA, versions prior to 4.23.0, contains a validation error which allows for privilege escalation. A remote authenticated user may modify the url and content of a consent page to gain a token with arbitrary scopes that escalates their privileges...