At the recent GridSecCon conference of American energy firms, attendees were told by Caitlin Durkovich, the Assistant Secretary for Infrastructure Protection at the Department of Homeland Security about attempts by ISIS to focus its attention on hacking into the American electrical power grid. This threat from ISIS, while still in its infancy, is obviously very troubling. Last year malware was found that had already been installed on the computers of energy companies that appear to have been placed there by Russian government hackers. A study released on June 10, 2015 by the Congressional Research Service entitled “Cybersecurity Issues for the Bulk Power System” specifically identified some of the malware already used against American energy companies and highlighted the very real threat to “take down control systems that operate U.S. power grids, water systems and other critical infrastructure.” As these energy companies become more and more connected to the Internet the problem grows more serious. Although ISIS does not have the hacking capabilities itself to presently cause damage to our nation’s infrastructure, the availability of the malware programs capable of achieving this goal may well be soon available on the black market for ISIS to purchase and use. While countries such as Russia or Iran might hesitate to use such malware in an attack against the United States out of fear of retaliation, that concern does not appear to be present in regard to ISIS.
The Congressional Research Service’s report highlighted proposed legislation that could improve the situation. Certainly mandated security standards should be required. Also greater sharing of information and a greater commitment of resources of the energy companies to cybersecurity are important steps. In addition, as the Congressional Research Service’s report indicates, a greater focus should be made on identifying attackers rather than responding to attacks that have already occurred. I urge everyone to contact their senators and congressmen and urge them to support legislation to keep our country safer from cyberattacks.