by Pamela Williams
We know it is going to eventually happen, and I am thankful to see the President moving forward with a plan. The federal government is to prepare for a devastating cyber attack against America’s electric grid. We have North Korea’s satellites, which are directly over the US every day. There are some experts, who think it is possible to launch an EMP attack using a satellite.
A presidential order signed Thursday directed key federal agencies to assess preparations for a prolonged power outage resulting from cyber attacks designed to disrupt the power grid.
An assessment of the danger must be carried out by the Energy Department, Homeland Security, DNI and state and local governments to examine the readiness of the United State to manage a shutdown of the power grid. The assessment will also identify gaps and shortcomings in efforts that would be used restore power.
We as citizens are in shock right now, as we have just experienced the biggest cyber attack in history. It is mind boggling what we are experiencing at this time. Hospitals and banks have been attacked, and this is only the beginning.
Mike Shultz, CEO at Cybernance, a cyber risk management company based in Austin, Texas, said the cybersecurity executive order marks “a dramatic cultural shift in the way the federal government is looking at cybersecurity.”
President Trump is no slacker, and he is quickly moving ahead with preparations to protect our electrical grid. It is old, and I am sure we have had little proactive maintenance. When everything is moving along well, we sometimes forget, or we just do not want to spend the money on maintenance. This is a fool’s approach, and it is dangerous.
“Currently, all federal agencies have their own cybersecurity processes in place to protect their own systems. Trump’s order mandates that the security of federal agencies has to be controlled on an entire enterprise level — instead of building security protocols for specific systems, all people, processes, and policies within the agency must be analyzed and reported on,” Shultz told SearchSecurity via email. “We’ve never had a mandate that requires agencies to build a comprehensive risk and mitigation report for their organization and then report to the Department of Homeland Security and the director of the Office of Management and Budget.”
“[The cyber executive order] asks for a plan to protect the agency and to establish regular risk management evaluations in alignment with the NIST framework within 60 days. If the agency is struggling with priorities, then this should clarify it,” Richter told SearchSecurity via email. “Cybersecurity audits/risk-mitigation plans are a real part of every enterprise — and the agencies/departments should be scrutinized for this. In the commercial world, the plans are part of assessing real business risk and aren’t simply nice to have.”
However, Kevin Magee, global security strategist at Gigamon, said the act of writing these reports could be more important than the reports themselves.
“The more interesting question will be how agency and department heads approach their response to the requirement to document the risk mitigation and acceptance choices they have made to date and the strategic, operational and budgetary considerations that informed those choices,” Magee told SearchSecurity. “This directive forces agency and department heads to not only take ownership of their current cybersecurity posture, but also to demonstrate the degree to which they have strategically viewed cybersecurity risk and upon which factors they have prioritized their decisions. I think this will be an invaluable exercise.”
Leo Taddeo, former special agent in charge of the special operations cyber division of the New York FBI office and current CISO of Cyxtera Technologies, worried about the role of DHS in the plans.
“The order is not a plan to fix the federal government’s cybersecurity challenges. Instead, it’s a directive to each agency to implement the NIST framework to assess the agency’s cyber risks and create plans to mitigate them,” Taddeo told SearchSecurity. “The task of judging the adequacy of the assessments and the plans falls on DHS and OMB. This is a risky approach, given DHS’s questionable track record in cybersecurity.”
We know that nothing is perfect, and this should have started within the Obama Administration. The fact is, we have started too late. However, at least we have a President now who seeks to bring us up to date in our cybersecurity.
Since Vault 7 was leaked to the public, hackers across the globe have been using those tools revealed to access remote information while hiding their identity. This is only beginning, and you and I know it was bound to happen. When WIKILEAKS exploded with the leaks on the NSA, I knew it was a mistake. For the first time, I felt Julian Assange had gone too far. Now we will pay the price, as the world unravels before our eyes.
by Pamela Williams