The Cyber Threat: Cybercom Trains for Infrastructure Attack as Power Companies Play Down Threat to Grid

Cyber Guard war games simulate major cyber attack

The U.S. Cyber Command will conduct large-scale military exercises this week simulating cyber attacks against critical U.S. infrastructure, and the war games will highlight the growing threat posed by foreign states capable of crippling the electrical grid and financial networks through digital attacks.

The exercise, known as Cyber Guard 16, is the latest annual war game involving scores of military personnel and civilians at the Fort Meade-based command. Other players will include officials from the Pentagon, FBI, Homeland Security Department, and private industry.

“Cyber Guard offers a fascinating, realistic (but not predictive) scenario of a cyber attack of significant consequence on U.S. critical infrastructure,” Maj. Gen. Paul Nakasone, head of the command’s National Mission Force, said last week.

The month-long exercise is an example of both interagency security cooperation as well as working with private sector stakeholders in dealing with cyber threats, he told Federal News Radio in an online chat.

Currently, the federal government is relying on a private consortium of companies that appears to be playing down threats to the power grid from cyber and other attacks.

The non-profit North American Electric Reliability Corporation is the official organization designated by the federal government to be in charge of setting security standards for electrical networks. It is responsible for making sure electrical owners and operators of the bulk power system are taking the steps needed to protect the lattice of power companies stretching throughout the United States, Canada, and Baja California, Mexico.

The private regulatory authority was given the task of setting grid security standards by the Federal Energy Regulatory Commission, or FERC. Testimony before the commission last week reveals that current industry standards for reporting cyber security incidents are allowing power companies to game the system to underreport potential attacks.

In 2014, for example, the non-profit corporation reported only three cyber security incidents, and a draft of the forthcoming annual reliability report is said to report zero incidents.

Rogers noted that the electrical power industry and a couple of others in charge of critical infrastructure are resisting efforts to bolster cyber defenses since doing so would require rate increases.

That seems to be one factor motivating the North American Electric Reliability Corporation to undercount in its reporting of cyber incidents.

Full article: The Cyber Threat: Cybercom Trains for Infrastructure Attack as Power Companies Play Down Threat to Grid (Washington Free Beacon)

Comments are closed.