By Kevin Coleman
Defense Tech Cyber Warfare Analyst
Acts of cyber aggression and physical attacks against our critical infrastructure would be catastrophic events. Many believe a successful attack is inevitable, while others believe the threat is over-blown. One thing everyone agrees on is the fact that protection against cyber and physical attacks must be in place.
As discussed on this blog earlier the CIA and others have long warned of cyber threats against the nation’s critical infrastructure. Recent alarm bells have focused on the SMART GRID, which has been the rage as of late. Many point to these SMART devices as yet another exposure to acts of cyber aggression; efforts are underway to address SMART GRID security.
The Wall Street Journal (April 2009) cited intelligence sources that claim the power grid has already been compromised by Russia and China. Both of these countries were said to have installed malicious code that they could activate and disrupt or destroy portions of the grid at their command. If you believe this report and others from members of our intelligence sources, our grid is already compromised and it looks like Washington is now taking action.
Last week, the Grid Reliability and Infrastructure Defense Act (HR 5026 — the GRID Act) passed the House of Representatives. Analysis of this piece of legislation found that the bill, as passed is very similar to the Committee on Homeland Security’s H.R. 2195. One section of the GRID Act in the event of a Presidential emergency declaration provides the Federal Energy Regulatory Commission with the authority to take actions needed to protect our grid.
Reference: HR 5026, text of the bill.
This legislation is basically reactive to an attack. Don’t you think we should be taking a proactive approach and remove the vulnerabilities before they are exploited? Recent estimates put utility investment in Smart Grid Cyber Security will rapidly climb to $21 Billion by 2015. That is a start, but what about the Dumb Grid in place today?