Who Turned Off the Lights? U.S. Electric Grid Sees Increase in Cyber Attacks

Ale Espinosa When news of Stuxnet broke out, the world was shocked. It was the first discovered malware to spy on and subvert industrial systems, as well as the first to include a programmable logic-controller rootkit, used to attack Iran’s nuclear facilities.

Yet, despite fears of retaliation from foreign governments against the U.S. electric grid, a recent report based on over 100 surveyed utility companies revealed alarming vulnerabilities in the nation’s energy system. The report was supported by members of the U.S. House of Representatives in an effort to bring awareness to the security gaps in the utilities sector.

Among some of the report’s key findings were:

• Attacks on the nation’s critical infrastructure – including energy – were up 68 percent from 2011
• Many utility companies reported receiving “daily,” “constant” or “frequent” cyber-attack attempts
• Among the attacks reported were phishing, malware infection, and unfriendly probes
• Most utility companies are compliant with mandatory cybersecurity standards issued by the government, but voluntary recommendations by the industry watchdog – the North America Electric Reliability Corporation (NERC) – have been ignored by many

The report also concluded that the rate of cyber-attacks against U.S. corporate and government infrastructure is on the rise, and the likelihood of this rate to ever go down is unforeseeable. This only reinforces what we at Guidance Software advocate as the cybersecurity rule of thumb: operate under the assumption that an attack is unavoidable.

When we first launched our incident response and sensitive data discovery solution, EnCase Cybersecurity, we received mixed reactions from our clients and followers. Some of them had already made substantial investments in perimeter security tools, making the argument for incident response software seem somewhat contradictory. But it only took a short amount of time for Information Security professionals to realize that most perimeter security tools rely on signature-based algorithms, meaning that only known threats would be stopped at the perimeter. New and unknown threats would evade the perimeter and go to infiltrate their networks.

Nowadays, the argument for incident response software like EnCase Cybersecurity is loud and clear, especially across heavily regulated industries, like the energy sector, and high-visibility organizations that are frequent targets of cyber-attacks. Having the tools in place to quickly respond, triage, and remediate a security breach can help utility companies avoid heavy fines from federal and regional energy compliance councils, while keeping the lights on for consumers across the nation.