Securing Our Electric Power Grid Is Critical

Highly complex infrastructure systems require protection against cyberattacks.

Lorie Wigle, Vice President, General Manager IOT Security Solutions, Intel Security Group

March 4, 2015

3 Min Read
Dark Reading logo in a gray background | Dark Reading

Electricity is so much a part of our everyday lives that we really only think about it when it is not there. That is why it is so important to build better security for our national electric power grid and other critical infrastructure.

The power grid is a highly complex system, with multiple layers of defense, backup systems, safety mechanisms, and human operators. These layers successfully protect the system from most single-point failures. As Professor Richard Cook points out in his paper How Complex Systems Fail, catastrophe requires multiple small failures joining together in a cascading effect. The 2003 blackout in the northeastern part of North America clearly confirmed this scenario, moving so quickly that it only took seven minutes from the initial failure to the full blackout – too fast for human operators to counter. It then took between two and seven days to restore power to customers.

Change introduces new forms of failure. The power industry is continually upgrading and evolving its systems, from generation to delivery. Smart meters enable time-of-day pricing, connected thermostats can be turned down during times of peak demand, and renewable energy sources need to be constantly monitored to adjust for fluctuations in their production. A lot of this involves equipment that is network-connected. And network connections mean the potential for cyberattacks.

Whether it is a gang of criminals trying to disrupt the electricity for extortion, terrorists attempting to damage it for headlines, or nation states attacking it as part of their intelligence or combat strategy, the end result of a successful attack is blackouts, economic damage, and potentially weeks or months of repair. And the risk of a successful attack is not theoretical, as repeatedly demonstrated by simulated attacks, field trials, and cyberwar games, dating back to at least 2007.

In our Internet of Things Security Solutions Group, we have been actively working on better protections for the electric power grid and other critical infrastructure. Our work with the Center for Strategic and International Studies (CSIS) has shown that this is a real and present danger. Of the 200 organizations from around the world that we surveyed, 85% have experienced network infiltration, 65% frequently find sabotage-capable malware on their systems, and 25% have been subject to cyber-based extortion.

Building security into the power grid is challenging, due to the importance of service availability and the amount of legacy infrastructure. Since December 2013, we have been field-trialing a joint project with Wind River for critical infrastructure protection at Texas Tech University, where our solution withstood penetration testing and protected the system from the Heartbleed vulnerability and Havex attacks. This solution, developed in collaboration with the Discovery Across Texas smart grid project, separates security management from operations, providing device identity, malware protection, and data protection in a secure platform. By understanding the needs of the industry, the solution works with both new and legacy infrastructure, with little or no changes to business processes or application software.

Electricity is critical to the daily operations of people, businesses, and governments around the world, and we need to improve its defenses against malicious attacks before some criminal group decides to demonstrate its capability to make us powerless.

Read more about:

2015

About the Author

Lorie Wigle

Vice President, General Manager IOT Security Solutions, Intel Security Group

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University and a BA degree from the University of Oregon. Lorie was named one of the three most powerful women in smart grid by Smart Grid Newsletter and one of top 10 women in sustainability by PINK magazine. In 2011, she received the Sustainable Business Leadership Award from Sustainable Business Oregon.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights