Black Sky Hazards
While industry and government have made good progress in strengthening security against cyber threats, the destructiveness and sophistication of cyber weapons have grown rapidly. Critical infrastructures now typically work to continually advance and adapt protective measures, network architecture designs and security protocols.
The pervasive and covert nature of this threat has dramatically affected the architecture of security protocols in the United States and allied governments. During the 20th Century, the traditional security framework of the military-industrial complex was characterized by a clean division of responsibility, with private industry producing weapons and services for the Federal government, and the nation’s armed forces providing security for the nation. Now, utilities are attacked many thousands of times every day by cyber weapons, and are ultimately responsible to their customers and shareholders for securing their own systems and operations against such threats. To help meet this novel challenge, Federal agencies have partnered with utilities to create an unprecedented array of mechanisms for information sharing and security collaboration.
A similar transformation in security architecture is underway within the government – in particular, between states and the Federal Departments traditionally responsible for security challenges. Now, state-governors who have the primary responsibility for the public health and safety of their citizens must directly address security concerns stemming from cyber-threats.
The Cyber Threat to Electric Infrastructure
One of the most critical security priorities for state-governors has become protection of electric infrastructure against targeted attack. An extended power outage caused by a cyber-attack would jeopardize the functioning of hospitals, municipal water systems and other infrastructure vital for saving and sustaining lives, as well as directly threatening state information networks and functions that are vital for continuity of government and the delivery of essential services.
As cyber-attacks become more frequent, energy systems are increasingly being targeted. DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) reported responding to 198 cyber incidents in fiscal year 2012 across all critical infrastructure sectors. Forty-one percent of these incidents involved the energy sector, particularly electricity. The number of such reported attacks grew to 256 in 2013, with over half targeting the energy sector.
This targeting of the electric infrastructure is one of the central concerns that caused the widely reported, recent conclusion by the Federal Bureau of Investigation’s (FBI) that cyber-attacks are eclipsing terrorism as the primary threat facing the United States.
A key, central concern, for both the electric grid and other lifeline infrastructures, is that confidence in assuring the security of such infrastructures against a determined, carefully planned cyber attack on systems critical to national grid continuity is far less than 100%. As a result, it is now broadly accepted that the risk of a consequent multi-region, long duration power outage, associated with widely distributed grid IT, OT and critical hardware damage, is significant.
Get the EPRO® Handbook
More on Cyber Terrorism
- What is a Zero-Day Vulnerability?
- Aurora Attackers Still at Large, Targeting Mainly US Finance, Energy,and Education Companies
- Prosecuting Cyberterrorists: Applying Traditional Jurisdictional Frameworks to a Modern Threat
- Curbing the Market for Cyber Weapons
- A Window Into Russia’s Cyber Espionage Operations?
- Axiom Threat Actor Group Report
- Myth or Reality – Does the Aurora vulnerability pose a risk to my generator?
- Why the Sony hack triggered an unprecedented U.S. Response
- Anatomy of A ‘Cyber-Physical’ Attack
- U.S. Senate. Committee on Armed Services. Inquiry into Cyber Intrusions Affecting U.S. Transportation Command Contractors
- The ethics of Hacking 101
- We Still Don’t Know Who Hacked Sony
- Has the time come to give up penetration testing?