30 Sep 11. Standards for enabling an interoperable, interconnected electric energy system are emerging at a time when the appearance of a new class of threats is changing the way we think about cybersecurity.
There is an assumption that systems and networks already are or will be
compromised and a growing emphasis on responding to rather than preventing breaches. C-level executives attending a recent discussion convened in Washington by RSA and TechAmerica concluded that advanced persistent threats are a new fact of life and that organizations should assume that they already have been or will be breached. “If someone really has you in their sights, they’ve got you,” said Tim Roxey, director of risk assessment at the North American Electric Reliability Corp., which issued alerts about two new threats to power distributors this summer. This is the new landscape in which the nation is moving one of the most critical elements of its infrastructure — the electric energy grid — to a next-generation network that will enable the two-way flow of information and energy. Standards for security are being developed along with standards for interoperability. But if officials are being forced to concede they cannot keep out a determined attacker, how do we ensure the security of our power system? “I am concerned,” said Dick DeBlasio, chief engineer at the Energy Department’s National Renewable Energy Lab, who also is chairman of an Institute of Electrical and Electronics Engineers working group that develops smart-grid standards. The working group wrestled with the security question while developing an interoperability reference model for Energy’s smart grid. “It was tough,” DeBlasio said, and in the end, “it wasn’t something we could answer.”The short answer is that there are no assurances of security in a system as complex and expansive as a smart grid. There will be too many endpoints to ensure isolation from the Internet — too many doors, windows and cracks to ensure that a targeted threat does not get through. (Source: GCN)
10 Oct 11. If Congress fails to broker a deficit reduction deal, the Pentagon will be forced to halt information technology upgrades and shrink military forces, but still will have to boost funding for cyberspace security, outgoing Deputy Defense Secretary William J. Lynn III said Wednesday. The Defense Department faces, at best, upwards of $550bn in cuts over a decade and at worst — if lawmakers cannot negotiate a deal — losses of nearly $1trn through automatic spending decreases. “We need to reduce spending, but it must be done in a careful and considered fashion,” Lynn said on his last day in office during remarks at the left-leaning Center for American Progress. “We should bring troop levels down in an orderly manner. . . We need to trim modernization programs, but preserve increases in key areas such as cybersecurity and long-range strikes.” The deputy Defense secretary’s comments came on the same day that House Republicans unveiled U.S. network security reforms that propose offsetting all incentives for private network defenses. An estimated 85 percent of the nation’s critical infrastructure — banking, power and transportation systems — that supports civilians and troops is commercially operated. (Source: Len Zuga/National Journal)
06 Oct 11. Cybersecurity, a realm largely clouded in secrecy and hidden behind ample use of classification, ought to be a little less closed, retired U.S. Air Force Gen. Michael Hayden told Congress on Oct. 4.
The former head of the National Security Agency and CIA echoed experts who say excessive secrecy is stunting cyber defense and argue that even relatively nonspecific information can help in the battle against cyber attackers. “This may come as a surprise, given my background at the NSA and CIA and so on, but I think that this information is horribly over-classified,” Hayden said to the House Permanent Select Committee on Intelligence. “The roots to American cyber