During the peak of online holiday shopping, Target and other retailers saw hackers create a massive credit card security breach that clarified the growing vulnerability of 21st-century businesses and consumers alike.
And yet, as stupefying as that news was, the attack that businesses and citizens really need to be concerned about is one that occurred earlier in 2013. One dark night last April, snipers shot up 17 transformers at a Pacific Gas and Electric substation in Silicon Valley. Only the swift work of PG&E employees prevented a large-scale outage. While the FBI has declared the incident an act of vandalism, others, including former Federal Energy Regulatory Commission Chair Jon Wellinghoff, have their suspicions.
Better Coordination Necessary
Using this attack as a springboard, Wellinghoff has gone public with his apprehension about the vulnerabilities of our aging electric grid. His concerns mirror those of Gen. Michael Hayden, former director of the CIA and NSA and now a vocal proponent of better coordination between public and private entities in their preparations for increased cyber assaults. Gen. Hayden highlights three primary levels of cyber threats to our nation.
See Also: Manufacturing Industry Technology News & Trends
The first level stems from crooks like those in the Target case, often working out of Eastern Europe, who are simply out to steal stuff and make a buck. The second level often comes from more sophisticated criminal elements and from nation states, such as China (whose hackers infiltrate U.S. corporate networks to steal trade secrets) and Iran (responsible for a wave of computer attacks on U.S. corporations a year ago). These are most disruptive to corporate networks, and companies are spending increased resources on advanced security methods such as implementing data loss prevention (DLP) strategies and advanced persistent threat (APT) detection methods.
Finally, the third level -- which Hayden sees as potentially the most threatening -- derives from terrorist elements such as Al Qaeda, cyber activists and anarchists, with the goal of nothing short of bringing down a nation's, and in particular our nation's, critical infrastructure. This can occur through cyberattacks or, as occurred in Silicon Valley, physical assault.
Whether Silicon Valley was random or a test run for something bigger, as Wellinghoff suspects, it shows the extent of damage a well-coordinated, well-executed attack could inflict on our power grid. It took PG&E a month to repair the damage of a 20-minute attack to one substation. Imagine the recovery time it would take if a comparable physical or cyberattack on our electric grid were to occur with more sophisticated weaponry on a coordinated, broader scale.
But there's still plenty of opportunity to implement much-needed security measures. According to Gen. Hayden, while other "domains of engagement" -- ground, sea, air, space -- have historically been left to our government to protect and defend, the cyber realm is different. The private sector has greater expertise and agility than the government to take the lead on designing new security measures in this new frontier.
Manufacturers have a particularly important role. For several years they've been working diligently with power companies on incorporating intelligent designs into the electric grid that will allow us to overcome natural and man-made strikes. These days the smart grid is popularly associated with increased energy efficiency, as homes -- complete with smart thermostats, meters, refrigerators, and dryers -- communicate with a more intelligent electric grid to track the load and maximize efficiencies in energy consumption. But adding intelligence can also create a more secure and resilient grid.
For example, for several years manufacturers have been working with power companies to create a self-healing capacity, with the ultimate goal of incorporating advanced metering and sensors in transmission and distribution lines and centralized user management and role-based access control in substations. Depending on the degree and extent of damage, a smart substation should be able to restore power to customers within minutes after an isolated outage.
Read more of Stephen Gold's insights on public policy issues facing U.S. manufacturing at iw.com/author/stephen-gold.
The level of reliance of businesses and consumers on our cyber infrastructure is only going to increase in the coming years. Securing and protecting it must be a top priority.
Stephen Gold is president and CEO of Manufacturers Alliance for Productivity and Innovation, Arlington, Va. (www.mapi.net).