R&D work vulnerable to cyber threats

Cyber vulnerabilities could threaten research and development efforts, and action is needed to stop the commercial losses caused by cyber attacks, cybersecurity experts told a Senate committee today.

The group of experts testifying before the Senate Commerce, Science and Transportation Committee urged more education, research, private-sector involvement and regulations to close cyber vulnerabilities. Panelists also discussed the need to improve the cybersecurity of the systems used to control the delivery of electricity, water, gas and oil.

The government is working on a new Smart Grid that would use computer technologies to make the country's energy infrastructure more efficient.

But the government’s plans for increased technology research and a smart electric grid could be compromised if cybersecurity is not improved, said James Lewis, director of the Center for Strategic and International Studies’ Technology and Public Policy Program.

“Unfortunately, if the new smart meters are not secure, they can be hacked, taken over by attackers and used to disrupt the delivery of electricity,” Lewis said. “If the smart grid is built to existing standards, however, it will not be secure.”

Lewis said that although cybersecurity is often considered a homeland security and military problem, the primary vulnerability is economic, and he emphasized the Commerce Department's role in improving cybersecurity.

“The real risk lies in the long-term damage to our economic competitiveness and our technological leadership,” he said.

Joseph Weiss, a managing partner at Applied Control Solutions and an expert in cybersecurity for systems used to control infrastructure, said action is needed to protect critical assets controlled by computers.

Weiss said current efforts to secure computerized control systems are at the point mainstream information technology security efforts reached 15 years ago. Control systems are similar to standard IT systems, but specific strategies are needed to secure them, he added.

“While sharing basic constructs with IT systems, control systems are technologically, administratively and functionally different than IT systems,” Weiss said. “And this will have a significant impact on the Smart Grid.”

Experts also said increases in funding were necessary for general cybersecurity training, education and research.

Eugene Spafford, executive director of Purdue University’s Center for Education and Research in Information Assurance and Security, said cybersecurity problems involve technology, policy and people.

“We need significant, sustained efforts in education at every level to hope to meet the challenges posed by cybersecurity and privacy challenges,” he said. “We do not currently have the infrastructure to switch into high gear right away, nor do we have the students available.”

Spafford said the commercial losses due to cyber attacks are worth tens of billions per year, and losses stemming from intrusions into classified government systems are as large or larger.

“To put that in context, imagine a Hurricane Katrina-style event occurring every year and being ignored,” Spafford said.

Edward Amoroso, a senior vice president and chief security officer at AT&T, said the government must better address security requirements during the procurement process.

“I look almost daily at requests for proposal and requests for information that come from Washington to the private sector for the products and services that we would be selling them, and they generally don’t have sufficient security embedded in the set of requirements that come to us,” he said.

About the Author

Ben Bain is a reporter for Federal Computer Week.

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.

Featured

  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group