According to a report from the Bipartisan Policy Center (a Washington nonprofit group comprised of leading energy security experts), our national power grid is most definitely vulnerable to cyber attacks. Juniper’s own Nawaf Bitar, senior VP and general manager of the Security Business Unit, echoed this fact in his keynote at last week’s RSA conference in San Francisco.
Nawaf said, “Over the past five years, there have been attacks against nuclear sites, power grids, the intellectual properties of companies; sometimes for profit, sometimes by hacktivists, and more often now by nations seeking to exploit weakness in the cyber fabric of other nations. We are watching these attacks increase in sophistication and in the damage that they do. Government officials even admitted last year that cyber attacks posed a greater threat to us than terrorism.”
He followed by asking the audience what the unintended consequences may be of treating cyber attack threats the same way as we have terrorism. He suggested that taking a passive approach is not only undesirable, but, in the worst case, could be catastrophic.
Just as a nation will fight back if an enemy physically attacks and kills its citizens, it should also fight back if an enemy launches a cyber attack for a power grid takeover–something that could halt critical services, such as phone, other utility services, or, even, live-sustaining medical systems (e.g., oxygen and blood supply systems).
Can we afford to wait for such attacks? No way!
I echo Nawaf’s plea. Let’s turn the tables on the attacker ahead of the damage by thinking in terms of active defense, not passive.