Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
8/8/2016
11:43 AM
Ned Miller
Ned Miller
Partner Perspectives
50%
50%

Guarding The Grid

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense.

A few weeks ago I was on Capitol Hill at an event sponsored by the Lexington Institute discussing the growing role of the National Guard in protecting the nation's critical infrastructure from cyberattacks -- specifically the electric power grid. Risks to US critical infrastructures are growing significantly; the Department of Homeland Security reported a seven-fold increase in cyber incidents on critical infrastructures between 2010 and 2015.

The ability to reliably generate and deliver electric power is foundational to modern civilization, and it is taken for granted by most of us. It is hard to imagine a more important function on which every individual, and the whole nation, depends. Those charged with the responsibility of protecting our critical infrastructures face great challenges. The electric power grid is highly distributed, with nearly 5,000 different entities of widely varying size and capacity generating and/or distributing energy.

Historically, the greatest threats to the reliable generation and delivery of energy were environmental such as major storms and natural disasters, but this is changing. Some portions of the grid are particularly vulnerable to physical attack. More significantly, the grid is the subject of increasing cyber penetrations and outright attacks. Last December, a relatively simple cyberattack on a portion of the Ukrainian power grid disrupted power to hundreds of thousands of customers.

A Growing Challenge

While there is general federal oversight and regulation of the electric power industry, most of the governance, regulation, and protection of the individual entities and their assets occur at the state and local level. Major technological and organizational changes -- notably the rise of distributed energy resources, the advent of the smart grid, and the creation of micro grids -- are changing the industry, adding more players and points of entry into the system. These changes are also increasing the difficulty of protecting the grid.

At the Lexington Institute event, I learned that the National Guard is uniquely positioned, in terms of authorities, responsibilities, and capabilities, to support the ongoing defense of the nation against such threats. The National Guard is state-based and able to respond across both state and federal lines of authority. Moreover, because they are embedded in their communities, National Guard units are particularly well suited to understanding and responding to local situations.

Quietly and without much public recognition, the National Guard has been developing a sophisticated capability for cyberdefense. In addition to meeting their defined requirements to support the active duty military, individual Guard units are shaping unique capabilities and operational concepts that reflect the specific conditions and needs of their states. Guard cyber units in California, Maryland, Wisconsin, and Washington, for example, have established collaborative relationships with local utilities. In some instances, Guard units and utilities have conducted joint exercises. Since no two states or utilities are exactly alike, this one-on-one collaboration is particularly important. It is also an approach well suited to the organization and operation of the National Guard.

With 54 states and territories, there is a real value to the National Guard as a laboratory for experimenting on ways to protect public and private infrastructure. Whether providing risk assessments, creating cyber centers of excellence, or collaborating with local companies on security training, the National Guard is always ready and always there.

Ned Miller, a 30+ year technology industry veteran, is the Chief Technology Strategist for the Intel Security Public Sector division. Mr. Miller is responsible for working with industry and government thought leaders and worldwide public sector customers to ensure that ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
A Startup With NSA Roots Wants Silently Disarming Cyberattacks on the Wire to Become the Norm
Kelly Jackson Higgins, Executive Editor at Dark Reading,  5/11/2021
Edge-DRsplash-10-edge-articles
Cybersecurity: What Is Truly Essential?
Joshua Goldfarb, Director of Product Management at F5,  5/12/2021
Commentary
3 Cybersecurity Myths to Bust
Etay Maor, Sr. Director Security Strategy at Cato Networks,  5/11/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-19924
PUBLISHED: 2021-05-18
In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks.
CVE-2020-20220
PUBLISHED: 2021-05-18
Mikrotik RouterOs prior to stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/bfd process. An authenticated remote attacker can cause a Denial of Service (NULL pointer dereference).
CVE-2020-20227
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.47 suffers from a memory corruption vulnerability in the /nova/bin/diskd process. An authenticated remote attacker can cause a Denial of Service due to invalid memory access.
CVE-2020-20245
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the log process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.
CVE-2020-20246
PUBLISHED: 2021-05-18
Mikrotik RouterOs stable 6.46.3 suffers from a memory corruption vulnerability in the mactel process. An authenticated remote attacker can cause a Denial of Service due to improper memory access.