What’s a lifeline service? In the telecom industry, we used to say landline voice was such a service, but that’s certainly no longer the case. Mobile or broadband Internet? To many people, those services seem like lifelines.
What about electricity, nuclear power, other forms of energy like oil and gas? Or transportation systems — highways, railways and airline networks? And don’t forget public safety — everything from the local first responders to national homeland security and border management. There’s little argument that all of the above are lifeline services as much as any telecom service is.
Yet, despite the extreme importance of these services, some of the world’s critical infrastructure for enabling these lifeline services could be at risk for potentially devastating cyber security attacks. We aren’t necessarily talking about hacker schemes targeting the IT systems of the companies operating this infrastructure the way Target and Sony have suffered embarrassing breaches.
That’s an issue, but even more concerning is the possibility of highly organized, malicious attacks intended to disable the operational technology (OT) frameworks — communications infrastructure, supervisory control and data acquisition (SCADA) systems, industrial control devices, sensors and other gear — of critical infrastructure operators.
If you don’t think it’s happened before consider that around the time of last year’s Sony hack, there was a much less publicized cyberattack on a nuclear power plant in South Korea. The famed Stuxnet virus, which affected nuclear power plants in Iran and Russia (never mind for this discussion who perpetrated it) is another recent example.
In North America, this encroaching reality is one of the driving forces behind the North American Electric Reliability Corporation’s (NERC) Critical Infrastructure Protection requirements. NERC CIP Version 5, which calls for utilities of all sizes to meet new cyber security protection requirements and has a compliance deadline of April 2016, less than nine months away.
All of this goes a long way to explain why Light Reading has recently started covering the critical infrastructure market. It’s a sector approaching a critical juncture. (Sorry to overuse the “c” word, but it’s more than apt.)
Many operators of critical infrastructure traditionally have a conservative attitude about spending on new technology, according to vendors that have worked with them. Even when given an end-of-life notice on a piece of equipment, they sometimes spend more time stocking up on spares and replacements than they do planning upgrades to the latest and greatest gear.
The drive to meet the NERC CIP v.5 requirements looks a lot like a turning point in the spending and upgrade practices of critical infrastructure operators. The rapid evolution of cyber security threats means they need to invest in their OT networks.
Along with the implementation of cyber security solutions, many of them are in a position to replace or modify traditional SCADA frameworks with with IP-based and mobile M2M connectivity. That’s good news for many technology suppliers — not only the GEs of the world, as you might imagine, but also an increasing number of traditional telecom vendors than have recognized the critical infrastructure market opportunity.
This period of critical infrastructure upgrades promises to be an interesting, exciting and possibly contentious time. Companies that don’t meet the NERC CIP v.5 requirements on time could face stiff fines. The clock is ticking — toward next year’s NERC deadline for sure — but also potentially toward a growing cyber security threat that will be hard to stop with antiquated attitudes and technologies.
View the original content and more from this author here: http://ift.tt/1UI5evH
from critical infrastructure alliance http://ift.tt/1hafvCP
via IFTTT
No comments:
Post a Comment