Getting serious on cybersecurity

There's no shortage of cyber-attack stories in the news, but as you read them you tend to wonder how serious the problem really is. Maybe this is because no group of hackers has been able to do something big and dramatic, like say triggering a cascading power outage that knocked San Francisco off the power grid for a full day.

But just because it hasn't happened yet is no guarantee that it can't or won't happen. I spoke with Marty Meyer, president and CEO of Corero Network Security, who said utilities, if anything, are more vulnerable than entities that have already been attacked.

"We're on the first step of a twelve-step program to admitting we have a potential problem with cybersecurity," Meyer said.

Cyber-attacks on utilities are up 52 percent, according to the Department of Homeland Security's cybersecurity protection arm.

An attack like a distributed denial of service attack (or DDOS attack) can flood a computer network with a large, sudden volume of attack traffic until it is overwhelmed and shuts down, he said. The systems that support power grids weren't designed to handle this level of attack traffic, and a DDOS attack is relatively unsophisticated — easily within the capability of a small group of hackers, such as Anonymous.

"There was an attack reported on an unnamed U.S. utility, and it was one of these DDOS attacks. The impact was that people could not pay their bills online. It wasn't people losing their electricity and freezing in their homes, but it was still a successful attack that denied service to people," he said.

Cyber-attacks can range in severity from "this is annoying" to something more malicious, he said. Furthermore, a relatively simple DDOS attack could be used as a diversionary tactic to distract from a more sophisticated network intrusion.

"So while I would say there's been no advertized take-down of a major utility where people lost actual services, but there certainly could be concerned from the utilities to protect themselves now instead of waiting around," he said.

Simple firewalls by themselves are not a prudent strategy to prevent malicious attacks, he said. Geoblocking (also known as geofiltering) is an extra layer of protection that works by cutting off network access to computers from IP addresses that are affiliated with a geographic area or country that you don't want to allow access to.

Another way of launching a malicious attack is to "spoof" an IP address, which lets a malicious computer disguise itself as coming from a trusted address. Utilities can upgrade their systems to unmask such attacks, he said.

"There are technologies that can make sure that addresses are trusted," he said. "Utilities need to specifically look at technologies that restrict access in terms of geography or known problem locations to ensure that the network connection that's coming in is a real connection and not a spoofed connection."

My thanks to Marty Meyer for his help in putting this post together. His company, Corero Network Security, is based in Hudson, Massachusetts.