Washington, D.C., United States—How can you shield your military installations, your nuclear power plants, your hospitals, and indeed all of your critical infrastructure against cyberattacks?
Doctor Paul Stockton, a former Assistant Secretary of Defence for Homeland Defence and Security Affairs under the Obama administration, appears to have the answer. In research published by the Johns Hopkins University Applied Physics Laboratory (APL), Doctor Stockton argues that the Department of Energy (DoE) must partner with power companies to create a defensive system that would be unbreachable by cyberattacks.
“We need better plans and capabilities to ‘play defense’ in cyberwarfare,” said Doctor Stockton.
In particular, the research, titled Resilience for Grid Security Emergencies: Opportunities for Industry-Government Collaboration, examines how the DoE and power companies could utilise the Federal Power Act to develop emergency orders and coordinate their operations before or during a cyberattack. Moreover, Dr Stockton argues that if power is lost, emergency orders could assist in its restoration, even if enemy hackers persist in their attacks.
Furthermore, the study recommends particular steps that will enable the defence or prompt restoration of power on military bases, or in nuclear power plants, hospitals, and other critical national security infrastructure. In the event of a cyberattack, such facilities would be plump targets for an adversary looking to shut down the United States’ response capabilities and spread panic through the population. But, according to Dr Stockton, if the private and public sector cooperate, critical infrastructure could resist an attack and thus demoralise any attackers.
“Power companies are rapidly improving their own resilience against cyber and physical attacks. What is missing is operational coordination between government and industry, so that if adversaries strike, federal agencies will be ready to support grid operators through integrated, preplanned [sic] emergency orders,” added the former DoD Assistant Secretary.
The recent Chinese and Russian cyberattacks in both the U.S. and Europe highlight the urgency of the matter. This isn’t a doomsday contingency scenario. This is real—happening now. In the summer, for example, the Department of Homeland Security announced that in 2017 the GRU, Russia’s military intelligence agency, successfully penetrated U.S. defences and gained control of multiple power plants across the U.S. Evidently, then, in the event of an incident between the two countries, GRU could grapple control away from the U.S., shut down the system, and spread panic.
The study concludes by warning that the U.S. is in a “cyber glass house.” Doctor Stockton avers that President Trump “cannot credibly threaten to use cyberweapons to defend US allies and interests” given the current weakness of the power grid systems. However, according to the study, “Improving preparedness for grid security emergencies can help address these concerns and support ongoing reassessments of U.S. strategies for deterrence.”
Both the U.S. intelligence community and the world’s major computer companies understand the threat. Microsoft, for instance, has actively been trying to shield U.S. networks against foreign cyberattacks.