Securing the US Electrical Grid

An anonymous reader writes The Center for the Study of the Presidency & Congress (CSPC) launched a project to bring together representatives from the Executive Branch, Congress, and the private sector to discuss how to better secure the U.S. electric grid from the threats of cyberattack, physical attack, electromagnetic pulse, and inclement weather. In this interview with Help Net Security, Dan Mahaffee, the Director of Policy at CSPC, discusses critical security challenges.

Great way to waste your money

[Anonymous Coward]

The best thing they could possibly do to protect the electric grid is to figure out how to make it not an electric grid. Because right now, J. Random Asshole can get in his pickup truck, drive 50 miles to some tower in the middle of nowhere, and cut it down with tools you can get at any construction supply store. Taking this one tower down would take out power to most of the East Coast. [wikipedia.org]

Or you could simply do nothing, because the power companies are doing a great job screwing things up on their own. [wikipedia.org]

Re:air gaps

[mlts]

Nothing is 100%, but an air gap will force a black hat to either get someone physically on site, do some social engineering, or find someone that they can control to do their work for them.

By keeping stuff off the Internet, either air gapping or having a separate network with tightly controlled access points (or perhaps even something like a data diode [1]), it blocks all but the most well-heeled attackers, and big firms/governments are well adapted to deal with physical threats far more than stuff coming via the Internet.

[1]: I've taken two machines, each on a different network, plugged in a serial cable with one of the lines cut (so bits only moved one way), then used syslog on the secure network, and redirecting the port's output to a file on the insecure network. This wasn't fast, but it got data to people who needed it, while keeping stuff on the secure side off the Internet unless someone physically accessed it. A true data diode does the same thing, except faster... however expensive. As a hack, a dedicated line-level Ethernet tap might be something to be used because the computer plugged into the mirrored port will be unable to change or reply to the network stream coming from the secure side.

Re:Cyber is easy, EMP is possible

[judoguy]

Cyber is easy - simply no direct connect to the internet. Anything less is effectively nothing. Anything more is not needed.

Not that easy. I worked for a company that did just that. Air gapped completely. We sneaker netted the web orders, etc. back and forth between the internal system and the outside world. Huge pain in the ass, but secure.

When we had to be certified as PCI compliant by our auditors, they wouldn't. Said that the air gap was a security risk! Made us connect and go through the hoops with more firewalls, et al., to be certified so we could stay in business.

I will NEVER believe that they are more secure now than before. We checked the sneakernet data for SQL injection, ran AV, limited removable media to a few trusted and audited employees and so forth. But in the end, we had to get that PCI cert or our bank would refuse to do business with us.