The Wall Street Journal published a front page article on 8 April 2009 entitled Electricity Grid in U.S. Penetrated By Spies It is a chilling report on the weakness of our national electrical infrastructure. They point out that the utilities failed to detect the breaches, and that they were informed by the CIA of the breaches. Good for our intelligence agencies, but poor marks for the commercial enterprises which should be more vested in security. The report generalizes the potential threat from countries like Russia, and China. The threats exist from those nations, but I offer a more chilling thought.
Terrorists, rogue nations (North Korea and Iran), and cyber criminals pose a greater risk. Terrorists would love to black out a city and ravage it in the confusion. Shutting down the subways (electrical) in New York, or Chicago and releasing poison gas would be devastating.
Rogue nations like Iran and N. Korea do not have vested interests in the U.S. like Russia and particularly China. They have nothing to lose from disrupting our infrastructure. The Chinese have no interest per se in causing any financial disruptions since they are one of the largest U.S. Treasury debt holders. North Korea can not be said to have the same restraint.
Cyber criminals already cause major disruptions. Holding the utilities hostage would be one more item to add to their lists.
I don’t want to sound the alarm of doom. There is hope. Detection of the breaches by the CIA should be the siren’s call to take some action.
- Redundant control systems should be put in place on separate secured networks. The Internet was designed by DARPA to weather a nuclear attack. This same idea combined with the available dark fiber could serve as a backbone for a national monitoring grid.
- Every utility should be a part of a national utility grid which flows through a secured national monitoring system.
- The government should look at requiring that the utilities spend more than 2% of their revenue on R&D. An article in Wired points out that only 700 miles of infrastructure have been added since 2000. Perhaps we should require that utilities spend at least 10% on infrastructure and 2% on security.
- Breach information should be passed through a security information clearinghouse similar to CERT.
- The utilities should consider focusing on free open source software (FOSS) and collaborative development of technologies which can be shared. Common software would allow the groups to focus on more reliable and secure systems.