The Smart Grid Needs to be a Safe Grid

By T.J. Kasperbauer

Imagine you wake up one morning to discover that your entire city has lost power. What would you guess is the most likely cause? A tornado? Equipment malfunction? Terrorist attack?

Increasingly, American’s energy grid is under threat from cyberattacks. This is not a new problem, but so far the solutions have been inadequate. In order to improve our energy grid, we must build cybersecurity into its main functions.

One way the U.S. is currently trying to combat cyberattacks is through development of the Smart Grid. Under Smart Grid, energy production and distribution are decentralized. Decentralization creates redundancies that help prevent a single attack from taking down the whole grid. Devices on the Smart Grid are also in constant communication, which enhances detection of attacks and outages.

The main problem with the Smart Grid is that its interconnectedness produces vulnerabilities. By putting all devices in two-way communication with each other, the Smart Grid increases the number of possible entry points for attacks. Moreover, the Smart Grid connects the energy grid to lots of other “grids.” For instance, household electricity usage can be monitored on the internet. Foreign or domestic adversaries—including lone wolf hackers—could potentially use this sort of connectability to influence the Smart Grid.

Some attempts have been made to address this problem. For instance, DARPA is currently installing automated cybersecurity defense systems into power grids. And the Department of Energy routinely funds projects aimed at testing and improving the cybersecurity of the energy grid ($34 million in August 2016). There are also published guidelines for protecting energy cybersecurity (in 2010 and 2015). These are all important and should continue, but must be better integrated into the Smart Grid as it develops.

In order to preserve the benefits of the Smart Grid, we must build security alongside connectability. This requires better anticipation of future problems in order to design security into grid functions.

Advertisements

Cyberizing Covert Action

Jenn Lato

The 21st century presents a host of new challenges to national security. The United States is no longer embroiled in a Cold War, and the current strategic environment entails threats that are complex and remarkably more sophisticated. Terrorism, transnational organized crime, cyber crime, and weapons of mass destruction are examples of these threats, and challenge the state in exceedingly new ways. However, the evolution of national and global security threats does not necessitate entirely new security measures. In particular, covert action has advanced with the national security demands of the 21st century. It will continue to play a role as a key instrument of U.S. foreign policy and national security, and in the digital age, covert action is essential for preventing and thwarting threats via the cyber domain.

Throughout the Cold War era, the U.S. Government undertook a variety of covert actions against a Soviet hegemony and leftist, often militant, political movements that posed a threat to U.S. national security. Covert operations to combat these threats were met with varying degrees of success, and have resulted in a re-examination of covert action as either a necessary policy instrument or an antiquated Cold War phenomenon. For instance, throughout the 1960s and early 1970s, the CIA used financial backing and anti-communist propaganda to overthrow the democratically elected government of Salvador Allende. While considered a success, the overthrow of Allende gave rise to the military dictatorship of Augusto Pinochet, whose notoriously brutal regime put a black mark on U.S. covert operations in South America. Moreover, in 1987 the Iran-Contra affair raised legal questions over the use of covert action, specifically, covert action that is not congressionally authorized. However, covert action has not been eliminated. It has kept pace with advances in technology, and its importance is both strong and increasing. For instance in 2010 Stuxnet, a U.S.-Israeli computer virus, successfully destroyed 1/5 of Iran’s nuclear centrifuges at the Natanz Nuclear Plant. In March 2015, Adan Garar, a member of Al-Shabaab’s intelligence outfit, was successfully killed by a U.S. drone strike. Therefore, the question is not whether covert action will continue, but how will it be used in the digital age?

Today, almost everything is in digital format. A person posts his or her personal information, opinions and ideas on social media platforms. As demonstrated by the Arab Spring, social media platforms such as Twitter can be used as an outlet to transform an idea into a revolution. Rather than place covert propaganda in newspapers and on the radio, the CIA today could foster political influence through Facebook or Twitter. Social media allows propaganda to be distributed to across the globe, and its transmission time is extremely faster than Cold War communication. This means that not only is covert action evolving, its continued effectiveness has redefined the way in which the intelligence community operates.

Cyber security is also expanding the nature of covert action. Anything that has an Internet connection is at risk, and the potential for state and non-state actors to leverage this presents both new opportunities and threats. Therefore, while covert action may involve paramilitary conflict or foreign direct financial assistance, we will see an increase and shift toward cyber attacks. The U.S. could be faced with or initiate an attack directed at critical infrastructure, used to destabilize a financial system, or could involve the insertion of malware into a government computer system. These covert actions hardly existed in the Cold War era.

Given the current nature of conflict, covert action will continue to be a foreign policy instrument, and its use in the cyber domain will extend into the foreseeable future. Its value did not end with the Cold War, and the need for it is expanding with developments in technology and cyber security. To be successful, covert action must remain in line with strategic policy goals, and strike a balance between national security and an integrated international system of governance and laws. Covert action will continue throughout the 21st century and into the 22nd and such, the U.S. Government must continue to cyberize the covert world.