Partner Perspectives  Connecting marketers to our tech communities.
8/8/2016
11:43 AM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Guarding The Grid

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense.

A few weeks ago I was on Capitol Hill at an event sponsored by the Lexington Institute discussing the growing role of the National Guard in protecting the nation's critical infrastructure from cyberattacks -- specifically the electric power grid. Risks to US critical infrastructures are growing significantly; the Department of Homeland Security reported a seven-fold increase in cyber incidents on critical infrastructures between 2010 and 2015.

The ability to reliably generate and deliver electric power is foundational to modern civilization, and it is taken for granted by most of us. It is hard to imagine a more important function on which every individual, and the whole nation, depends. Those charged with the responsibility of protecting our critical infrastructures face great challenges. The electric power grid is highly distributed, with nearly 5,000 different entities of widely varying size and capacity generating and/or distributing energy.

Historically, the greatest threats to the reliable generation and delivery of energy were environmental such as major storms and natural disasters, but this is changing. Some portions of the grid are particularly vulnerable to physical attack. More significantly, the grid is the subject of increasing cyber penetrations and outright attacks. Last December, a relatively simple cyberattack on a portion of the Ukrainian power grid disrupted power to hundreds of thousands of customers.

A Growing Challenge

While there is general federal oversight and regulation of the electric power industry, most of the governance, regulation, and protection of the individual entities and their assets occur at the state and local level. Major technological and organizational changes -- notably the rise of distributed energy resources, the advent of the smart grid, and the creation of micro grids -- are changing the industry, adding more players and points of entry into the system. These changes are also increasing the difficulty of protecting the grid.

At the Lexington Institute event, I learned that the National Guard is uniquely positioned, in terms of authorities, responsibilities, and capabilities, to support the ongoing defense of the nation against such threats. The National Guard is state-based and able to respond across both state and federal lines of authority. Moreover, because they are embedded in their communities, National Guard units are particularly well suited to understanding and responding to local situations.

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense. In addition to meeting their defined requirements to support the active duty military, individual Guard units are shaping unique capabilities and operational concepts that reflect the specific conditions and needs of their states. Guard cyber units in California, Maryland, Wisconsin, and Washington, for example, have established collaborative relationships with local utilities. In some instances, Guard units and utilities have conducted joint exercises. Since no two states or utilities are exactly alike, this one-on-one collaboration is particularly important. It is also an approach well suited to the organization and operation of the National Guard.

With 54 states and territories, there is a real value to the National Guard as a laboratory for experimenting on ways to protect public and private infrastructure. Whether providing risk assessments, creating cyber centers of excellence, or collaborating with local companies on security training, the National Guard is always ready and always there.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
It Takes an Average of 3 to 6 Months to Fill a Cybersecurity Job
Kelly Jackson Higgins, Executive Editor at Dark Reading,  3/12/2019
Box Mistakes Leave Enterprise Data Exposed
Dark Reading Staff 3/12/2019
How the Best DevSecOps Teams Make Risk Visible to Developers
Ericka Chickowski, Contributing Writer, Dark Reading,  3/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: LOL  Hope this one wins
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6149
PUBLISHED: 2019-03-18
An unquoted search path vulnerability was identified in Lenovo Dynamic Power Reduction Utility prior to version 2.2.2.0 that could allow a malicious user with local access to execute code with administrative privileges.
CVE-2018-15509
PUBLISHED: 2019-03-18
Five9 Agent Desktop Plus 10.0.70 has Incorrect Access Control (issue 2 of 2).
CVE-2018-20806
PUBLISHED: 2019-03-17
Phamm (aka PHP LDAP Virtual Hosting Manager) 0.6.8 allows XSS via the login page (the /public/main.php action parameter).
CVE-2019-5616
PUBLISHED: 2019-03-15
CircuitWerkes Sicon-8, a hardware device used for managing electrical devices, ships with a web-based front-end controller and implements an authentication mechanism in JavaScript that is run in the context of a user's web browser.
CVE-2018-17882
PUBLISHED: 2019-03-15
An Integer overflow vulnerability exists in the batchTransfer function of a smart contract implementation for CryptoBotsBattle (CBTB), an Ethereum token. This vulnerability could be used by an attacker to create an arbitrary amount of tokens for any user.