Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
8/8/2016
11:43 AM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Guarding The Grid

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense.

A few weeks ago I was on Capitol Hill at an event sponsored by the Lexington Institute discussing the growing role of the National Guard in protecting the nation's critical infrastructure from cyberattacks -- specifically the electric power grid. Risks to US critical infrastructures are growing significantly; the Department of Homeland Security reported a seven-fold increase in cyber incidents on critical infrastructures between 2010 and 2015.

The ability to reliably generate and deliver electric power is foundational to modern civilization, and it is taken for granted by most of us. It is hard to imagine a more important function on which every individual, and the whole nation, depends. Those charged with the responsibility of protecting our critical infrastructures face great challenges. The electric power grid is highly distributed, with nearly 5,000 different entities of widely varying size and capacity generating and/or distributing energy.

Historically, the greatest threats to the reliable generation and delivery of energy were environmental such as major storms and natural disasters, but this is changing. Some portions of the grid are particularly vulnerable to physical attack. More significantly, the grid is the subject of increasing cyber penetrations and outright attacks. Last December, a relatively simple cyberattack on a portion of the Ukrainian power grid disrupted power to hundreds of thousands of customers.

A Growing Challenge

While there is general federal oversight and regulation of the electric power industry, most of the governance, regulation, and protection of the individual entities and their assets occur at the state and local level. Major technological and organizational changes -- notably the rise of distributed energy resources, the advent of the smart grid, and the creation of micro grids -- are changing the industry, adding more players and points of entry into the system. These changes are also increasing the difficulty of protecting the grid.

At the Lexington Institute event, I learned that the National Guard is uniquely positioned, in terms of authorities, responsibilities, and capabilities, to support the ongoing defense of the nation against such threats. The National Guard is state-based and able to respond across both state and federal lines of authority. Moreover, because they are embedded in their communities, National Guard units are particularly well suited to understanding and responding to local situations.

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense. In addition to meeting their defined requirements to support the active duty military, individual Guard units are shaping unique capabilities and operational concepts that reflect the specific conditions and needs of their states. Guard cyber units in California, Maryland, Wisconsin, and Washington, for example, have established collaborative relationships with local utilities. In some instances, Guard units and utilities have conducted joint exercises. Since no two states or utilities are exactly alike, this one-on-one collaboration is particularly important. It is also an approach well suited to the organization and operation of the National Guard.

With 54 states and territories, there is a real value to the National Guard as a laboratory for experimenting on ways to protect public and private infrastructure. Whether providing risk assessments, creating cyber centers of excellence, or collaborating with local companies on security training, the National Guard is always ready and always there.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why AI Will Create Far More Jobs Than It Replaces
John DiLullo, CEO, Lastline,  5/14/2019
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
Baltimore Ransomware Attack Takes Strange Twist
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12216
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a heap-based buffer overflow in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-12217
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL stdio_read function in file/SDL_rwops.c.
CVE-2019-12218
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is a NULL pointer dereference in the SDL2_image function IMG_LoadPCX_RW at IMG_pcx.c.
CVE-2019-12219
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an invalid free error in the SDL function SDL_SetError_REAL at SDL_error.c.
CVE-2019-12220
PUBLISHED: 2019-05-20
An issue was discovered in libSDL2.a in Simple DirectMedia Layer (SDL) 2.0.9 when used in conjunction with libSDL2_image.a in SDL2_image 2.0.4. There is an out-of-bounds read in the SDL function SDL_FreePalette_REAL at video/SDL_pixels.c.