An article in the Courant last week highlights the risks to our electric grid and the plans slowly moving forward to enhance its security: State Plan For Cyber Threats To Electric Grid Taking Shape – Utilities Cooperating With Regulators On Plan <read>
Dan Esty, the state’s energy commissioner, sat across a conference table from Art House, Connecticut’s head utility regulator, in the bunker of the State Armory in Hartford last July for a drill that simulated a statewide response to a major hurricane.
Esty, with other state officials and utility executives nearby, asked whether House remembered exercises like these from his days doing intelligence work for the federal government.
“There are two kinds of drills I’ve done in Washington,” House said. There’s the predictable type of emergency, like hurricanes and ice storms, that the state needs to be ready for. And then there’s the unpredictable.
“I worry more about unforeseen type, like a cyber attack,” he said.
That conversation, the two officials said, seeded a quickening and serious discussion of the state’s liability to hackers that would aim to control or damage critical facilities, like the electric grid. House, chairman of the state’s Public Utilities Regulatory Authority, is drafting a plan with utilities on how to prepare for, address and respond to cyber attacks.
“Cyber probes are a fact of life,” House said in an interview this week. “Connecticut needs to look at it in terms of defense. Are we doing everything we can?”…
Federal security officials warn that electronic attacks on these critical facilities could create “the potential for large-scale power outages or man-made environmental disasters” and cause “physical damage, loss of life and other cascading effects that could disrupt services,” the Department of Homeland Security’s deputy inspector general, Charles Edwards, said in a congressional testimony last month…
In Connecticut, House plans for a rough draft of the state’s cybersecurity plan to be finished by Labor Day, with a final version completed by January 2014. It will examine how state utilities could build up their electronic defenses against cyber attacks as well as how private and municipal emergency managers should be prepared in the event of such an attack.
A major piece of the state’s cybersecurity efforts will lean on the federal intelligence and security resources that track and investigate cyber attacks, said House, adding that his previous work for the U.S. National Geospatial-Intelligence Agency will aid in the state’s efforts. “Cyber defense is not a matter of geography. It’s a matter of national defense. It goes across state line and across industries.”
Joel Gordes, president of West Hartford energy consultancy Environmental Energy Solutions, has long called for attention to the cyber security issue. He cites testimonies attached to names like Defense Secretary Chuck Hagel, Former Defense Secretary Robert Gates and Former CIA Director Leon Panetta that raised concerns about the issue, concluding that it’s about time Connecticut takes a clear-eyed look at cyber security.
“When we see everybody from the CIA to Lockheed Martin and the Bank of America being hacked, it’s pure hubris to think that our electric grid could not be compromised,” he said…
Data sharing was one of inspector general Edwards’ concerns. He said that the Department of Homeland Security’s cyber security office needs to consolidate its information sharing efforts with other agencies and the private sector to “ensure that these stakeholders are provided with potential [industrial control systems] threats.”
A group of energy companies and public and private groups expressed concerns about the timeliness of federal assessments on cyber threats, specifically noting that they feel that “a great deal of time might elapse until stakeholders were made aware of the same of similar incident that could affect their systems.”
Tongue in cheek, we note that this may be a major redundancy in effort and expense by utility regulators, since the Legislature has mandated that the Secretary of the State and the Military Department come up with a plan to provide secure electronic voting to the military by October 1st. The Secretary is also mandated in that bill to not only come up with the plan but to implement it without any expenditure!
For the utilities “A major piece of the state’s cybersecurity efforts will lean on the federal intelligence and security resources that track and investigate cyber attacks”, however, we doubt that support would do much good since experts at Homeland Security and NIST claim that Internet voting cannot be made save.
For more details on the feats to be accomplished by the Secretary of the State and Military department, see our recent post: Governor Malloy: Please Veto Internet Voting Bill
To paraphrase Mr.House,
When we see everybody from the CIA to Lockheed Martin and the Bank of America being hacked, along with concerns for our grid from our utility regulators, it’s pure hubris to think that our elections could not be compromised.
