Wednesday, April 15, 2009

US ELECTRICUTY GRID PENETRATED. WHAT IS NEXT IN CYBER SECURITY?

There was an interesting article in the WSJ last week entitled Electricity Grid in US Penetrated by Spies. Apparently, cyberspies penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The article notes that the review President Obama has ordered of cyber security of critical infrastructure industries is due out soon and the amount of money the government is spending in this area. The concept of spies is certainly exotic and it seems the intelligence agencies in the US and in countries around the world are appropriately focused on the subject as it relates to their own national security.

What I found most interesting in this article is that the intrusion was not detected by the companies whose systems were penetrated but rather were noted by US intelligence sources. I believe this will be one of the next big risks to be managed in the technology field and therefore a growth area for the technology firms and service providers.

Cyber security is an established discipline for business or information management computer systems. However, cyber security for manufacturing or operational computer systems is only beginning to be focused upon by most businesses.

Computer security for operating or manufacturing systems will continue to grow in importance and risk. The reasons for the increased risks is that these systems are no longer stand alone controlled systems. As more technology is continuously embedded into operating systems; companies are connecting their manufacturing and operating systems to other networks; and remote devices are being used to access these systems to get real time updates on manufacturing or operational status the risks increase that these systems can be penetrated.

This focus and attention to risk mitigation will start in infrastructure companies as they are right behind financial institutions in using technology in their operations and they are vital to every country's national security, it will quickly spread to all businesses. All companies are aware of the risks in information systems and are in varying stages of monitoring and controlling those risks. But that only addresses information technology (IT). What happens when you take the "I" away and instead look at the risks of all the technology you have deployed in your organization?

Do you know what the total technology risks are in your organization? Do you know what the monitoring and mitigation plans are to manage the risks? Have you thought about the opportunities this might create for your business to prepare to solve one of the next big risks to face companies around the world?

Until next time,
Gail

No comments:

Post a Comment