I know there are low-tech ways of crippling the electric power grid that are difficult to defend against. I'm much less familiar with what it takes to prevent cyber attacks but I believe it could be done easier than physically protecting facilities.
Anything on the internet is inherently vulnerable, which is why military bases will put vital servers and the like on separate VLANs or entirely segregated networks. So: put these on segregated networks with no access to the internet. Disable USB ports on systems on said network, and when necessary have consoles setup for scanning USB drives ('cause there's always a need at some point).
Correct. I have worked in top secret military communications and in nuclear power where at least we could limit the threat to insiders. Constant observation is a must. Any aberrant behavior has to be addressed.
NIST 800-53 lays out an interlocking set of controls to deal with threats. But to implement them fully, it takes a lot of money and a rather large employee base. The larger the employee base, the bigger the pool of possible threats. Even the government has its leakers (Snowden, Manning). The best defense is having our cyber warriors on the offense. We need to roll up the cyber criminals and their tech enablers. I think part of the reason why we haven't is that they are protected by powerful foreign governments.
I guess it depends on location, but I think cyber attacks might be more difficult to defend against. The adversary could be anywhere and you might never know they exist.
Transmission lines are mostly unattended. Firmware monitoring voltage and frequency can prevent catastrophes but not shutdowns that can take days to resolve. Cyber attacks can happen only when remote access to the system is possible or when insiders are involved.
I wonder how much a general system backup can be used to restore access and functionality. At least a couple of days is somewhat bearable (see power safety shutoffs in CA - thanks PG&E!): we haven't invested in surge equipment that can handle a major solar event, which could knock out systems for months.
I know there are low-tech ways of crippling the electric power grid that are difficult to defend against. I'm much less familiar with what it takes to prevent cyber attacks but I believe it could be done easier than physically protecting facilities.
Anything on the internet is inherently vulnerable, which is why military bases will put vital servers and the like on separate VLANs or entirely segregated networks. So: put these on segregated networks with no access to the internet. Disable USB ports on systems on said network, and when necessary have consoles setup for scanning USB drives ('cause there's always a need at some point).
Correct. I have worked in top secret military communications and in nuclear power where at least we could limit the threat to insiders. Constant observation is a must. Any aberrant behavior has to be addressed.
NIST 800-53 lays out an interlocking set of controls to deal with threats. But to implement them fully, it takes a lot of money and a rather large employee base. The larger the employee base, the bigger the pool of possible threats. Even the government has its leakers (Snowden, Manning). The best defense is having our cyber warriors on the offense. We need to roll up the cyber criminals and their tech enablers. I think part of the reason why we haven't is that they are protected by powerful foreign governments.
I guess it depends on location, but I think cyber attacks might be more difficult to defend against. The adversary could be anywhere and you might never know they exist.
Transmission lines are mostly unattended. Firmware monitoring voltage and frequency can prevent catastrophes but not shutdowns that can take days to resolve. Cyber attacks can happen only when remote access to the system is possible or when insiders are involved.
I wonder how much a general system backup can be used to restore access and functionality. At least a couple of days is somewhat bearable (see power safety shutoffs in CA - thanks PG&E!): we haven't invested in surge equipment that can handle a major solar event, which could knock out systems for months.