Joe's been busy-- on panels and testifying before Congress

Our intrepid blogger has been a busy man. This week, he taught a course in security for IEEE in Seattle, was on a panel in Monterey, and testified before the Senate Commerce, Science and Transportation Committee. We'll hear more from Joe about this when he comes up for air, but for now, I thought I'd post something about it.

In an article from Federal Computer Week, by Ben Bain, the reporter described the hearing.

Cyber vulnerabilities could threaten research and development efforts, and action is needed to stop the commercial losses caused by cyber attacks, cybersecurity experts told a Senate committee today.

The group of experts testifying before the Senate Commerce, Science and Transportation Committee urged more education, research, private-sector involvement and regulations to close cyber vulnerabilities. Panelists also discussed the need to improve the cybersecurity of the systems used to control the delivery of electricity, water, gas and oil.

The government is working on a new Smart Grid that would use computer technologies to make the country's energy infrastructure more efficient.

But the government’s plans for increased technology research and a smart electric grid could be compromised if cybersecurity is not improved, said James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy Program.

“Unfortunately, if the new smart meters are not secure, they can be hacked, taken over by attackers and used to disrupt the delivery of electricity,” Lewis said. “If the smart grid is built to existing standards, however, it will not be secure.”

Lewis said that although cybersecurity is often considered a homeland security and military problem, the primary vulnerability is economic, and he emphasized the Commerce Department's role in improving cybersecurity.

“The real risk lies in the long-term damage to our economic competitiveness and our technological leadership,” he said.

Joseph Weiss, a managing partner at Applied Control Solutions and an expert in cybersecurity for systems used to control infrastructure, said action is needed to protect critical assets controlled by computers.

Weiss said current efforts to secure computerized control systems are at the point mainstream information technology security efforts reached 15 years ago. Control systems are similar to standard IT systems, but specific strategies are needed to secure them, he added.

“While sharing basic constructs with IT systems, control systems are technologically, administratively and functionally different than IT systems,” Weiss said. “And this will have a significant impact on the Smart Grid.” 

And the entire hearing is on video, and you can watch it here. We'll try to excerpt Joe's testimony and have it streaming on our site next week.