Protecting the SMART Grid From Cyber Attack

By Kevin Coleman
Defense Tech Cyber Warfare Analyst

Acts of cyber aggression and physical attacks against our critical infrastructure would be catastrophic events. Many believe a successful attack is inevitable, while others believe the threat is over-blown. One thing everyone agrees on is the fact that protection against cyber and physical attacks must be in place.

As discussed on this blog earlier the CIA and others have long warned of cyber threats against the nation’s critical infrastructure. Recent alarm bells have focused on the SMART GRID, which has been the rage as of late. Many point to these SMART devices as yet another exposure to acts of cyber aggression; efforts are underway to address SMART GRID security.

The Wall Street Journal (April 2009) cited intelligence sources that claim the power grid has already been compromised by Russia and China. Both of these countries were said to have installed malicious code that they could activate and disrupt or destroy portions of the grid at their command. If you believe this report and others from members of our intelligence sources, our grid is already compromised and it looks like Washington is now taking action.

Last week, the Grid Reliability and Infrastructure Defense Act (HR 5026 – the GRID Act) passed the House of Representatives. Analysis of this piece of legislation found that the bill, as passed is very similar to the Committee on Homeland Security’s H.R. 2195. One section of the GRID Act in the event of a Presidential emergency declaration provides the Federal Energy Regulatory Commission with the authority to take actions needed to protect our grid.

Reference: HR 5026, text of the bill.

This legislation is basically reactive to an attack. Don’t you think we should be taking a proactive approach and remove the vulnerabilities before they are exploited? Recent estimates put utility investment in Smart Grid Cyber Security will rapidly climb to $21 Billion by 2015. That is a start, but what about the Dumb Grid in place today?

  • Philo

    Come on Kevin, how are we supposed to pay for that when we’ve got 20 million illegals to insure. besides, thanx to the BP gulf spill, our entire energy policy is going to be based off of windturbines and fairy dust.

    Let’s see the CHICOMs hack that! LOL

  • BozoJoe

    Likely we will need to move critical infrastructure control networks, like power, water, maybe even cellular into a ghostnet. Basically a step between the military network and public/civilian IP networks.

    That all say………….this looks like more laws that do nothing to protect us.

  • Ted Washington

    The ghostnet idea has some legs, until it becomes penetrated. ALL networks can be had if a determined enemy wants to dedicate the energy and resources to do so. I do not for a second believe we are sitting on our hands here either and have probably done similar proactive events on others networks. Rather like the MAD doctrine from the 1960’s only for cyber warfare.

    There are so many vulnerabilities from basic switches and valves to massive controllers and whole networks this is no easy problem to solve. Physical and logical separation and security is a start but a network is still a network. This needs to be a national priority at least equal to the F-35 (sarcasm here).

  • Ive been hacked & know first hand what its like on the Consumer end, U get some super organized terrorist hackers & Good Bye US defense or energy.
    Very scary & very threatening alone.
    Must have a US CyberCommand estd.
    For ALL forces & key Defense Ins etc.
    Hire New Blood IT types

  • Ptsfp

    I think we should move on this immediately! Of course, it will have to be okayed by four different committees, debated in congress for weeks, bounced around as a rider on several different bills before being enacted on and put out to bid.

    Then it will be awarded to the lowest bidder, most likely a software company in India with hardware components manufactured in China. Of course they will have our national security as its top priority.