R&D work vulnerable to cyber threats

Cyber vulnerabilities could threaten research and development efforts, and action is needed to stop the commercial losses caused by cyber attacks, cybersecurity experts told a Senate committee today.

The group of experts testifying before the Senate Commerce, Science and Transportation Committee urged more education, research, private-sector involvement and regulations to close cyber vulnerabilities. Panelists also discussed the need to improve the cybersecurity of the systems used to control the delivery of electricity, water, gas and oil.

The government is working on a new Smart Grid that would use computer technologies to make the country's energy infrastructure more efficient.

But the government’s plans for increased technology research and a smart electric grid could be compromised if cybersecurity is not improved, said James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy Program.

“Unfortunately, if the new smart meters are not secure, they can be hacked, taken over by attackers and used to disrupt the delivery of electricity,” Lewis said. “If the smart grid is built to existing standards, however, it will not be secure.”

Lewis said that although cybersecurity is often considered a homeland security and military problem, the primary vulnerability is economic, and he emphasized the Commerce Department's role in improving cybersecurity.

“The real risk lies in the long-term damage to our economic competitiveness and our technological leadership,” he said.

Joseph Weiss, a managing partner at Applied Control Solutions and an expert in cybersecurity for systems used to control infrastructure, said action is needed to protect critical assets controlled by computers.

Weiss said current efforts to secure computerized control systems are at the point mainstream information technology security efforts reached 15 years ago. Control systems are similar to standard IT systems, but specific strategies are needed to secure them, he added.

“While sharing basic constructs with IT systems, control systems are technologically, administratively and functionally different than IT systems,” Weiss said. “And this will have a significant impact on the Smart Grid.”

Experts also said increases in funding were necessary for general cybersecurity training, education and research.

Eugene Spafford, executive director of Purdue University’s Center for Education and Research in Information Assurance and Security, said cybersecurity problems involve technology, policy and people.

“We need significant, sustained efforts in education at every level to hope to meet the challenges posed by cybersecurity and privacy challenges,” he said. “We do not currently have the infrastructure to switch into high gear right away, nor do we have the students available.”

Spafford said the commercial losses due to cyber attacks are worth tens of billions per year, and losses stemming from intrusions into classified government systems are as large or larger.

“To put that in context, imagine a Hurricane Katrina-style event occurring every year and being ignored,” Spafford said.

Edward Amoroso, a senior vice president and chief security officer at AT&T, said the government must better address security requirements during the procurement process.

“I look almost daily at requests for proposal and requests for information that come from Washington to the private sector for the products and services that we would be selling them, and they generally don’t have sufficient security embedded in the set of requirements that come to us,” he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

Featured

  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.