W1siziisimnvbxbpbgvkx3rozw1lx2fzc2v0cy9uagugqnjpzgdlieluic9wbmcvymfubmvylwrlzmf1bhqucg5nil1d

Blogs

Bridge Bytes: Cyber security in the public sector - lessons learned from the latest US power grid attacks

17 Oct 10:00 by Harry Robinson

W1siziisijiwmtkvmtavmtyvmtivmtgvmjgvnta3l3n1c2fubmfolwj1cmxlc29ulum3egkxngu4s2hnlxvuc3bsyxnolmpwzyjdlfsiccisinrodw1iiiwiodawedq1mcmixv0

The year is 2019, and global accusations of ‘cyberattacks’ are being launched with the fervour of cold war era ballistic threats.

A brief look at the Center for Strategic & International Studies’ (CSIS) incident list will quickly turn into an afternoon of anxious reading, with a grand total of 78 significant cyber security incidents listed since January. To put that into perspective, CSIS only document cyberattacks on government agencies, defence and high-tech companies, or economic crimes with losses of more than a million dollars.

Earlier this year Microsoft blamed Iran, North Korea and Russia for almost 800 cyberattacks in 12 months and in September, Huawei accused the US government of hacking into its intranet to disrupt its business operations. But attacks on tech businesses like Microsoft will only cause so much damage, at most some leaked emails and passwords, the worry really starts when hackers turn their focus to a country’s infrastructure.


Transatlantic power struggle

One such event took place this summer when the US power grids came under scrutiny after a cyberattack highlighted their lack of preparation and security. A ‘denial-of-service’ attack disabled the control systems in Utah, Wyoming and California. Thankfully there were no blackouts, or any harm caused to the power generation, instead the most direct impact was a temporary loss of visibility to parts of the utility's supervisory control and data acquisition.

The US can count themselves lucky that the first reported attack on their power grid was only a minor visibility issue, as the responsibility for any harm would have fallen to the cyber security team and the lack of preparation.
 

State of the nation

Asked about the power grid attack, director of intelligence analysis at FireEye Inc, John Hultquist said the following: 

“The grid runs everything. Forget how robust it is. How many other critical infrastructure sectors rely on electricity? It's the best way to cause cascading effects across society — the public knows that.”

Hultquist, as a senior director at one of the US’ largest cyber security firms, was quick to highlight the importance of cultivating digital talent, and he was far from alone with his belief. Jeanette Manfra, assistant director of cybersecurity for the United States Department of Homeland Security, made it clear that the cyber security talent pool needed to grow: 

“It’s a national security risk that we don’t have the talent for regardless of whether it’s in the government or the private sector. We have a massive shortage that is expected to grow larger.”


For the US, it’s now a priority that the tech community and the government agencies tasked with protecting the nation’s critical assets work together, a sentiment that should be shared in the UK. Here at the Bridge we pride ourselves on providing a breadth of talent, covering our clients needs, culture and values. As the focus on digital talent shortages increases, we understand that the future of cyber security recruitment needs to address the growing frequency of these cyberattacks.

 

Learn more about recent cyber security issues, including the Capital One data breach, here.