Partner Perspectives  Connecting marketers to our tech communities.
3/4/2015
11:15 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives
50%
50%

Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks.

Electricity is so much a part of our everyday lives that we really only think about it when it is not there. That is why it is so important to build better security for our national electric power grid and other critical infrastructure.

The power grid is a highly complex system, with multiple layers of defense, backup systems, safety mechanisms, and human operators. These layers successfully protect the system from most single-point failures. As Professor Richard Cook points out in his paper How Complex Systems Fail, catastrophe requires multiple small failures joining together in a cascading effect. The 2003 blackout in the northeastern part of North America clearly confirmed this scenario, moving so quickly that it only took seven minutes from the initial failure to the full blackout – too fast for human operators to counter. It then took between two and seven days to restore power to customers.

Change introduces new forms of failure. The power industry is continually upgrading and evolving its systems, from generation to delivery. Smart meters enable time-of-day pricing, connected thermostats can be turned down during times of peak demand, and renewable energy sources need to be constantly monitored to adjust for fluctuations in their production. A lot of this involves equipment that is network-connected. And network connections mean the potential for cyberattacks.

Whether it is a gang of criminals trying to disrupt the electricity for extortion, terrorists attempting to damage it for headlines, or nation states attacking it as part of their intelligence or combat strategy, the end result of a successful attack is blackouts, economic damage, and potentially weeks or months of repair. And the risk of a successful attack is not theoretical, as repeatedly demonstrated by simulated attacks, field trials, and cyberwar games, dating back to at least 2007.

In our Internet of Things Security Solutions Group, we have been actively working on better protections for the electric power grid and other critical infrastructure. Our work with the Center for Strategic and International Studies (CSIS) has shown that this is a real and present danger. Of the 200 organizations from around the world that we surveyed, 85% have experienced network infiltration, 65% frequently find sabotage-capable malware on their systems, and 25% have been subject to cyber-based extortion.

Building security into the power grid is challenging, due to the importance of service availability and the amount of legacy infrastructure. Since December 2013, we have been field-trialing a joint project with Wind River for critical infrastructure protection at Texas Tech University, where our solution withstood penetration testing and protected the system from the Heartbleed vulnerability and Havex attacks. This solution, developed in collaboration with the Discovery Across Texas smart grid project, separates security management from operations, providing device identity, malware protection, and data protection in a secure platform. By understanding the needs of the industry, the solution works with both new and legacy infrastructure, with little or no changes to business processes or application software.

Electricity is critical to the daily operations of people, businesses, and governments around the world, and we need to improve its defenses against malicious attacks before some criminal group decides to demonstrate its capability to make us powerless.

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
What We Talk About When We Talk About Risk
Jack Jones, Chairman, FAIR Institute,  7/11/2018
Ticketmaster Breach Part of Massive Payment Card Hacking Campaign
Jai Vijayan, Freelance writer,  7/10/2018
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-14084
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell().
CVE-2018-14085
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address to his sweepers. The evil contract looks like this: contract Exploit { uint public start; function swe...
CVE-2018-14086
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will cause an integer overflow in sell(...
CVE-2018-14087
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPrices() then the "msg.value * buyPrice" will cause an integer overflow in the fallback functio...
CVE-2018-14088
PUBLISHED: 2018-07-16
An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large number then the "amount * 1000000000000000" will cause an integer overflow in withdrawToFounde...