Reuters Business Report - Cyber attacks not limited to retailers- U.S. utilities are increasingly vulnerable. The assaults are now eclipsing terrorism as the primary threat facing the United States according to the FBI.
A new report from the Bipartisan Policy Center looks at those growing risks, and says a new independent organization needs to be created to centralize efforts to combat the growing danger.
"One of the things that we are trying to shore up against is, you know, looking at a report that came out from the Dept. of Homeland Security, where there were literally hundreds of incidents and a large percentage of those were on the energy sector. Specifically on the electricity sector. And we know that electricity, when you look at critical infrastructure, it is the very foundation of critical infrastructure. When electricity breaks down, we break down everywhere else, don't we? With telecommunications, healthcare, financial markets and just the lights and public safety and things like that."
Utilities present a unique danger- because there is no stuff to steal says Former CIA Director Michael Hayden:
"There is no intellectual property lurking there. There are no trade secrets. There are no pin numbers. When you see someone, an adversary, in this case probably a nation state, but not necessarily; it could be a criminal gang. It could simply be the disaffected in an industrial control system. They are there to my mind for only one of two reasons. One - recreational espionage, right it's just fun. Or two, doing what the military folks would call IPB: Intelligence Preparation of the Battlespace. Because there is no espionage upside for being in there in terms of stealing information that has another use."
One of the key problems is lack of information sharing, making it harder for private companies to fix vulnerabilities- without knowing the whole picture, says Frank Keating, President and CEO of the American Bankers Association and a board member of the BPC.
"What is important again, is to bring together the best and brightest in the private sector, but also the government to share information, to share technology, to share modes of attack and times of attack so we can protect ourselves as a society."
But the Edison Electric Institute, which represents investor owned electric companies says yet another group weighing in- is just not needed. Senior Director of National Security policy Scott Aaronson:
"We are not doing this on our own. We are taking some of the biggest, brightest brains from the Lockheeds and Boeings and General Dynamics, and some of these other companies, who are doing really good work in this space, and deploying them in the industry. So, I keep going back to challenges and opportunities. I am certain that the vendors and defense companies who do cyber security so well see an opportunity in helping the critical infrastructure sectors protect themselves."
And that protection will come at a cost. Curt Hebert says estimates are that it could cost the electric industry itself about $7 billion trying to boost cyber security in the next several years.