Today the WSJ reported that 'Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls...The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official...'
Protecting the nation's electrical grid is a key part of Obama's cybersecurity review. According to the results of a recent NERC survey, Michael Assante, VP and CSO, of NERC(North American Electric Reliability Corporation), raised the concern about the identification of critical assets and the associated Critical Cyber Assets which could be used to manipulate them.
The need is to identify and prioritize grid critical assets according to their relative importance to the infrastructure and then put the appropriate risk mitigation plans in place against these assets.
Current risk mitigation is organized more around single point of conventional failure rather than the type of cyber malware reported by the WSJ. We do,however, have technology available today that we can leverage. We can start with a focus on the intelligent application of tools that have been battle tested on the 'IT Grid' to the Electric Gridwhich can yield much if we can gain better visibility to the prioritized set of critical grid assets that must be protected.