Shows & Panels
- AFCEA Answers
- Ask the CIO
- The Big Data Dilemma
- Carrying On with Continuity of Operations
- Connected Government
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Cyber Imperative
- Cyber Solutions for 2013 and Beyond
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Expert Voices
- Federal Executive Forum
- Federal IT Challenge
- Federal Tech Talk
- Mission-critical Apps in the Cloud
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- The Real Deal on Digital Government
- The Reality of Continuous Monitoring... Is Your Agency Secure?
- Veterans in Private Sector: Making the Transition
Shows & Panels
Could we be hacked back in time?
Friday - 4/10/2009, 1:21pm EDT
Senior Internet Editor
The news earlier this week about a potential attack on America's electric grid are raising questions about vulnerabilities throughout the system.
FederalNewsRadio asked Greg Garcia, president of Garcia Strategies and former Assistant Secretary of Cybersecurity and Telecommunications at the Department of Homeland Security, if the "news" is much ado about nothing.
"This is where cyber exploitation penetrates our physical security," says Garcia. "It is a new form of wargame, if you will, and we need to be more vigilant."
Garcia is careful to note that the vulnerability isn't just in the electrical grid: it's everywhere.
I think the electrical grid is vulnerable, and it's not just the electric grid. It is all of our critical infrastructures that rely on digital control systems. It is very simply the valves and switches that control any kind of process such as:
- electrical power generation and distribution,
- chemical manufacturing,
- water purification,
- transportation services.
Many of our critical infrastructures rely on these systems that are increasingly interconnected with their corporate networks, and their corporate networks are connected to the internet. So there you have a portal though which hackers are able to get into a corporate network, worm their way to the critical infrastructure - the power substations, the chemical plants, et cetera - and alter the settings of those valves and switches to corrupt the system or to bring it down.
The private sector is pushing back a bit about proposed legislation which would put authority over the security of both government and private networks in the hands of the federal government. Garcia says the grumbling isn't just about money.
The objection is cost and the objection is endemic doubt about the government to be able to devise a standard that is a) effective and b) is not counterproductive. You can actually impose security standards that can cause other systems within a network to break, so we have to be very careful about that; about devising standards that, it isn't necessarily the most security that's important, but the best security, and the most security can actually cause other software systems, operating systems, to fail.
As of this writing, bills S 778, which would establish an Office of National Cybersecurity Advisor within the Executive Office of the President, and S 773, "The Cybersecurity Act of 2009", have both been referred to Senate committees.
On the Web:
Center for Strategic and International Studies - Securing Cyberspace for the 44 Presidency
(Copyright 2009 by FederalNewsRadio.com. All Rights Reserved.)