Anyone who wasn't clued in on the ridiculous vulnerability of the U.S. power grid hopefully got a wake-up call earlier this month, when a single technician inadvertently caused a blackout that left 4 million people in the Southwest without power for up to 12 hours. A second wake-up call is needed for anyone who doesn't recognize that we need all the homegrown IT security acumen we can get to fix the problem.
It was a jarring eye-opener on Sept. 8, when a worker in Arizona who was performing some routine maintenance triggered the blackout. A report on mydesert.com encapsulated the situation:
Upgrades to smarter technology, which have been put off for years because of the cost to utilities and customers, would likely have kept the failure of power systems from spreading across such a large region, experts said Friday [Sept. 9].
Technicians were still baffled how an unremarkable local event - a utility worker's removal of a faulty, voltage-regulating capacitor in Yuma, Ariz. - could trigger a cascade of outages from western Arizona, across a swath of Southern California and down into Baja Mexico.
"The way the system is designed, that should have had no impact on any customer, in Yuma or anywhere else," said Damon Gross, a spokesman for Arizona Public Service Co., the utility whose worker set off the blackout.
The blackout left more than 4 million people without power for up to 12 hours, including about 135,000 customers of the Imperial Irrigation District. In the San Diego area, it caused business losses estimated at more than $100 million.
A Tuesday blog post by Janet Pinkerton on the website of IT trade association CompTIA shed some much-needed light on the fact that the vulnerability of the power grid is largely an IT problem that requires a fix by IT professionals. Here's an excerpt:
Who will protect the nation's power grid? Experts involved in the University of Tulsa Cyber Corps program say the task demands IT workers at all levels with the right combination of education, training, hands-on experience, and just as important, fierce desire to constantly learn and stay steps ahead of would-be attackers.
Attracting talent from the nation's youngest generation, for whom technology is a way of life, and proactively engaging males and females in cybersecurity careers, will help meet that need, they say.
"The security of the nation depends on the power grid," said Richard "Dickie" George, the technical director of the National Security Agency's Information Assurance Directorate who is NSA liaison to the Cyber Corps program, which produces computer security experts employed by U.S. intelligence agencies. Without power, modern life and modern military defense can screech to a halt. A long-term power outage, even localized, could be catastrophic. How secure is the nation's power grid currently? "It's pretty vulnerable," said George.
Victor Sheymov, head of InVicta Networks Inc., a Reston, Va., company that develops new technologies for cybersecurity, separately answers: "Not secure at all, and this is an understatement."
Sheymov, a former KGB officer who defected to the United States in 1980 ... and University of Tulsa Cyber Corps Director Dr. Sujeet Shenoi agree with the assessment that other nations, and possibly even organized crime or terrorists, are probing the U.S. power grid's network of private utilities to discover its vulnerabilities and exploit them in the future. "The fact that the malware is already installed and sitting in the network, waiting to be activated, is known among top-levels of national security experts," Sheymov said. Shenoi wants a long-term focus on science, engineering and mathematics to cultivate the IT workforce needed by critical infrastructure. "We need to focus on community colleges. The largest numbers of people who secure our assets are technical-level people."
According to Pinkerton, the NSA's George stressed the need to attract young people into the IT field to fight the cyber security problem:
Students, from kindergarten to seniors in high school, need to be told that there are "really exciting jobs in computer security and information assurance" where they can tackle very important and very challenging problems.
"The bottom line is that when you come to work in computer security, it's all about making a difference to the country. People have to understand that this is something that the nation needs," added George.
And George contends the industry has to do a better job communicating that message to women and girls who could join the current and future IT workforce. "We certainly aren't going to outnumber the adversary if we aren't telling half the workforce that cybersecurity is the place to be."
This is just one more reason why I have so little patience with disenchanted IT workers who steer their kids away from IT careers. If the next and subsequent generations aren't equipped to defend the IT-centric critical infrastructure that is so integral to everything we do in our daily lives, on whom shall we depend to defend it?