The bots vs the Transformers [Commentary]

snagfilms-a.akamaihd.net0e21cae3ee154ffe8fb8a5cf5f519849infrastructure-power-grid-cyberattacks-2-488c99361951260d0fc068003763dab40237f513

In this Wednesday, May 20, 2015 photo, contractors walk past a capacitor bank at an AEP electrical transmission substation in Westerville, Ohio. (AP Photo/John Minchillo)

Most power outages can be traced to such mundane threats as squirrels and ice storms, but a well-coordinated cyberattack on America’s electrical grid is much more threatening. Even with its sophisticated cyber defenses, the U.S. isn’t immune to attack.

“It’s only a matter of the when, not the if, you are going to see a nation state, a group or an actor engage in destructive behavior against critical infrastructure of the United States,” said NSA Director Adm. Michael S. Rogers, addressing the RSA Conference, an annual gathering of security professionals, in 2016. “That isn’t the last we are going to see of this, and that worries me.”

The fact is that we’re making great strides to shore up our defenses and prevent attacks. Recently, Raytheon and Utilidata formed a strategic alliance to deliver next-generation, defense-grade cybersecurity to protect utility companies. The partnership is offering services such as assessments, digital forensics and proactive threat hunting through its Virtual Security Operations Center, all aligned to short and long-term strategic capabilities that will limit risks and reduce dwell time.

There have already been crippling cyberattacks against power systems around the world. Hackers breached the power grid in Western Ukraine on Dec. 23, 2015, shutting off electricity to 225,000 people. Worse, they crippled the restoration process by flooding the power provider’s customer service center with calls, causing confusion and slowing the response.

A year a later, a similar hack was carried out near the capital city Kiev.

It’s important for our country to keep its guard up against such attacks. A particular threat could come from terrorist organizations that are losing the fight on the traditional battlefield or nation states that are technologically overmatched. If the enemy can’t defeat our military, then they’ll seek other means to do us tremendous harm with civilian impacts. With a computer and a few keystrokes, a determined and cyber-savvy adversary could disrupt our economy and cause dire social and economic impact.

The Northeast blackout of August 2013 wasn’t caused by a hack, but a software bug. Yet it showed how much we rely on power. The blackout affected 55 million people across eight states and reached into Ontario, Canada. All told, it contributed to 12 deaths and an estimated $6 billion in costs. It grounded planes, stopped trains and brought all kinds of activities to a halt in the Northeast corridor.

Today, agencies and first responders spend a lot of time and resources in preparation for natural disasters, and we’ve become much more resilient to disaster. Yet even with that preparation, most of us don’t have generators.

What’s really scary about the prospect of a cyberattack against the power gird is that it’s often difficult to detect malicious activity even as it’s under way.  Should there be a full -n cyber battle, as in Ukraine, the task will be to not only repair the damage, but also restoring the lines of communications to let customers know when and where service is being impacted and restored.

That’s why alliances between the cybersecurity industry and energy delivery companies, combining the expertise of cyber threat hunting with power grid operational technology, is so important to our national security, economy and way of life.

It’s crucial to leverage the expertise in the operational technology of the grid, and experience with supervisory control and data acquisition software, which controls the industrial equipment that keeps our power grid up and running. To understand the impact of that technology is an important as understanding the business-critical process at any company before you secure the intellectual property or the systems that keep the business active.

Equally important is to dispatch cyber threat hunters who think like attackers, police targets of opportunity and search for exploits that might be employed or modified to reduce dwell time. The longer attackers are in your enterprise, the more damage they can do. We should expect that they will get in, but our job as security professionals is to push them where they belong and that is outside of the circle of trust.

Working together, our country and world can more aggressively protect its critical infrastructure, which controls the flow of power and energy, from cyberattack.

Joshua Douglas is chief strategy officer for Raytheon Foreground Security.