The mission of this group is to bring together utility professionals in the power industry who are in the thick of the digital utility transformation. 

Post

Critical Infrastructure Interdependencies are Driving Government Motivation on Baseline Cybersecurity Standards

image credit: embedded in image
Richard Brooks's picture
Co-Founder and Lead Software Engineer Reliable Energy Analytics LLC

Dick Brooks is the inventor of patent 11,374,961: METHODS FOR VERIFICATION OF SOFTWARE OBJECT AUTHENTICITY AND INTEGRITY and the Software Assurance Guardian™ (SAG ™) Point Man™ (SAG-PM™) software...

  • Member since 2018
  • 1,505 items added with 652,679 views
  • Aug 27, 2021
  • 781 views

It’s been said that a picture is worth 1000 words, but in this case it’s more like 10,000 words. The graphic accompanying this article, showing critical infrastructure interdependencies, was recently presented during a NARUC webinar. I’m re-purposing this graphic in a demonstration I’m delivering to NPCC next week and I’ve learned that this “concern” over interdependencies among critical infrastructure operators has been discussed in the past. What’s truly interesting is that these critical infrastructure operators are all well aware of their interdependent needs and during one particular meeting each representative was asked to identify their own most important dependency. Two critical infrastructure operations were identified by all representatives: Electricity and Communications.

The moral of the story is this: if either Electricity or Communications critical infrastructure operations become compromised the entire set of critical infrastructure operations are at risk.  And this is one of the drivers behind the Biden Administration’s aggressive pursuit of baseline cybersecurity protections across all critical infrastructure, as described in the July 28 Cybersecurity Memorandum, with a goal to produce baseline cybersecurity goals for critical infrastructure by September 2021.

The recent T-Mobile data breach, which took advantage of a software vulnerability in a router, is further evidence of the need for SBOM to help companies know which software components are installed in their digital ecosystems so that an effective, on-going, vulnerability risk assessment can be performed.

I think the Seven Sages of Delphi demonstrate real insight with this maxim: ΓΝΩΘΙ ΣEΑΥΤΟΝ (KNOW THYSELF)

Or learn the hard way from the hackers that know you.

 

Discussions
Matt Chester's picture
Matt Chester on Aug 27, 2021

The moral of the story is this: if either Electricity or Communications critical infrastructure operations become compromised the entire set of critical infrastructure operations are at risk

Not to mention how interconnected electricity and telecom are becoming as industries (may as well throw transportation as a sector into that as well now)

Richard Brooks's picture
Thank Richard for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »