The Obama administration in late May announced a major initiative to protect electronic communications networks, including the electric power supply grid, from terrorist attacks. The intent of the initiative, the administration said, is to guard vital electronic networks from attack, while still preserving the essential privacy of users. Critics have suggested that the new cyber security plan is long on goals but short on specifics.
According to several analysts, the administration’s objectives are going to be difficult to reconcile among each other. Protecting privacy, securing communications against attack, and identifying culprits could involve essential conflicts. President Obama didn’t discuss the details of his plan, other than to say that he will appoint a “cyber security czar” in the White House to report directly to him on the issue.
Obama also revealed that his presidential campaign had been a target of hackers. “Between August and October,” he said, “hackers gained access to e-mails and a range of campaign files, from policy positions to travel plans. It was a powerful reminder: in this information age, one of your greatest strengths—in our case, our ability to communicate to a wide range of supporters through the Internet—could also be one of your greatest vulnerabilities.”
In conjunction with Obama’s statement, the White House released its long-awaited Cyberspace Policy Review (PDF), laying out the new administration’s views of how to deal with the threat of electronic warfare against key infrastructure, including the electric transmission and distribution grid. The review concludes, “The architecture of the nation’s digital infrastructure, based largely upon the Internet, is not secure or resilient. Without major advances in the security of these systems or significant change in how they are constructed or operated, it is doubtful that the United States can protect itself from the growing threat of cybercrime and state-sponsored intrusions and operations. Our digital infrastructure has already suffered intrusions that have allowed criminals to steal hundreds of millions of dollars and nation-states and other entities to steal intellectual property and sensitive military information.”
Smart Grid and Cyber Security Questions
The report raises serious questions about the administration’s plan for a “smart” electric transmission and distribution grid, which, according to most analyses, relies on the Internet for its intelligence. Some have raised the issue of whether a smart grid means a grid more vulnerable to cyber attacks. That’s particularly relevant if the U.S. high-voltage transmission grid, which is only marginally interconnected, becomes more seamless and interconnected, and connected to local distribution grids, as a result of national energy policy, note energy analysts.
Obama made no reference to the electric transmission grid. A recent report in The Wall Street Journal that China and possibly Russia had penetrated the U.S. electrical grid has not been confirmed by any other media sources, nor has the Journal or any other publication explained just what penetration of the grid—which is not a monolithic structure—actually means. The article didn’t specify what hackers targeted—specific substations or control centers—or what they were able to achieve.
Said one government expert on grid security, speaking to MANAGING POWER on condition of anonymity, “I’m not at all convinced the incident occurred. I’m not convinced it’s possible that a hacker of any status could get into a control center and bring down any major part of the grid. Our grid failures in the past have been a result of cascading circumstances that no hacker could either anticipate or initiate or replicate.”
In saying he will name a cyber security czar, Obama said the unnamed individual will be “responsible for orchestrating and integrating all cyber securities policies for the government, working closely with the Office of Management and Budget to ensure agency budgets reflect those priorities, and, in the event of major cyber incident or attack, coordinating our response.”
The administration’s cyber security initiative drew mixed responses from the interconnected world. IDG News Service, a wire service covering computer subjects, reported that speakers at a congressional Internet caucus event shortly after the announcement “raised some concerns, particularly that the report is short on details.” Lawyer Stewart Baker, a former policy official at the Department of Homeland Security during the George W. Bush administration, told the wire service that the Obama announcement “is not an indication that this office will be given large amounts of authority.”
The Wall Street Journal reported, “As security experts digested the details of the White House’s cyber security report…, they applauded the president’s acknowledgement that cyber-attacks threaten national security. But some said the report lacked details, and questions swirled around the effectiveness of a ‘cyber security coordinator.’”
Among the unanswered questions in the wake of the Obama announcement are what authority the cyber security czar will have over both government computer communications networks—involving, among other agencies, the Defense Department, the Department of Homeland Security, the National Security Agency, and the Energy Department—and far broader private-sector communications. The private-sector networks include most of the Internet, banking and financial networks, electric and natural gas distribution grids, and the nation’s telephone and telecommunications networks.
—Kennedy Maize is MANAGING POWER’s executive editor.