Partner Perspectives  Connecting marketers to our tech communities.
3/4/2015
11:15 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives
50%
50%

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks.

Electricity is so much a part of our everyday lives that we really only think about it when it is not there. That is why it is so important to build better security for our national electric power grid and other critical infrastructure.

The power grid is a highly complex system, with multiple layers of defense, backup systems, safety mechanisms, and human operators. These layers successfully protect the system from most single-point failures. As Professor Richard Cook points out in his paper How Complex Systems Fail, catastrophe requires multiple small failures joining together in a cascading effect. The 2003 blackout in the northeastern part of North America clearly confirmed this scenario, moving so quickly that it only took seven minutes from the initial failure to the full blackout – too fast for human operators to counter. It then took between two and seven days to restore power to customers.

Change introduces new forms of failure. The power industry is continually upgrading and evolving its systems, from generation to delivery. Smart meters enable time-of-day pricing, connected thermostats can be turned down during times of peak demand, and renewable energy sources need to be constantly monitored to adjust for fluctuations in their production. A lot of this involves equipment that is network-connected. And network connections mean the potential for cyberattacks.

Whether it is a gang of criminals trying to disrupt the electricity for extortion, terrorists attempting to damage it for headlines, or nation states attacking it as part of their intelligence or combat strategy, the end result of a successful attack is blackouts, economic damage, and potentially weeks or months of repair. And the risk of a successful attack is not theoretical, as repeatedly demonstrated by simulated attacks, field trials, and cyberwar games, dating back to at least 2007.

In our Internet of Things Security Solutions Group, we have been actively working on better protections for the electric power grid and other critical infrastructure. Our work with the Center for Strategic and International Studies (CSIS) has shown that this is a real and present danger. Of the 200 organizations from around the world that we surveyed, 85% have experienced network infiltration, 65% frequently find sabotage-capable malware on their systems, and 25% have been subject to cyber-based extortion.

Building security into the power grid is challenging, due to the importance of service availability and the amount of legacy infrastructure. Since December 2013, we have been field-trialing a joint project with Wind River for critical infrastructure protection at Texas Tech University, where our solution withstood penetration testing and protected the system from the Heartbleed vulnerability and Havex attacks. This solution, developed in collaboration with the Discovery Across Texas smart grid project, separates security management from operations, providing device identity, malware protection, and data protection in a secure platform. By understanding the needs of the industry, the solution works with both new and legacy infrastructure, with little or no changes to business processes or application software.

Electricity is critical to the daily operations of people, businesses, and governments around the world, and we need to improve its defenses against malicious attacks before some criminal group decides to demonstrate its capability to make us powerless.

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
White House Cybersecurity Strategy at a Crossroads
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/17/2018
Lessons from My Strange Journey into InfoSec
Lysa Myers, Security Researcher, ESET,  7/12/2018
What's Cooking With Caleb Sima
Kelly Jackson Higgins, Executive Editor at Dark Reading,  7/12/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14332
PUBLISHED: 2018-07-19
An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline::NewPadCallback function in moodbar/moodbarpipeline.cpp. The vulnerability is triggered when the user...
CVE-2018-1529
PUBLISHED: 2018-07-19
IBM Rational DOORS Next Generation 5.0 through 5.0.2, 6.0 through 6.0.5 and IBM Rational Requirements Composer 5.0 through 5.0.2 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential...
CVE-2018-1535
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1536
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...
CVE-2018-1585
PUBLISHED: 2018-07-19
IBM Rational Rhapsody Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.5 and IBM Rational Software Architect Design Manager 5.0 through 5.0.2 and 6.0 through 6.0.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus alteri...