Information Security News: Power Grid Hack Highlights Where Government Cyber-security Efforts Fall Short

[InfoSec News <alerts () infosecnews org>]

http://www.eweek.com/c/a/Security/Power-Grid-Hack-Highlights-Where-Government-Cyber-Security-Efforts-Fall-Short218464/

By Brian Prince
eWEEK.com
2009-04-08

Reports that the U.S. electric grid was penetrated by foreign spies may 
on the surface seem shocking. But as Brightfly Managing Director of 
Research Brandon Dunlap knows, attempts at cracking the networks of U.S. 
utilities are not new. Brightfly is a consulting company specializing in 
advising on security and governance, risk and compliance.

"While I was running the information protection program at Constellation 
Energy, we expanded our sensor network dramatically, on the order of 800 
percent, allowing us to get very granular and expansive information 
about malicious activity," Dunlap recalled. "What struck us almost 
immediately was the sheer volume of activity originating from well 
beyond our national borders. Many of these events were coming from 
foreign universities and large corporations."

As lawmakers decide how best to improve U.S. cyber-security, Dunlap 
noted cultural issues at play within the utilities industry that affect 
its security posture and extend beyond the reach of government 
regulation.

"Over the past few years, I have had the privilege to speak with 
numerous utilities across the U.S. and I have found that most NERC 
[North American Electric Reliability Corporation] CIP [Critical 
Infrastructure Protection] efforts seem to be driven from the plants and 
wires sides of their businesses," Dunlap explained. 

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/