So I’m not surprised that a power grid could be impacted by malware. It’s disappointing, but it’s going to happen, and this certainly won’t be the last time.
Most analysts talk about the need for industrial control systems (ICS) operators to keep the bad guys out. Fair enough, but don’t for a minute think those ICS folk will be perfectly successful. Power suppliers’ ICS teams need to be prepared for failures and have in place industrial-strength incident response planning and preparation. I’ve seen some that do this very well, but the ICS world is quite new to incident response (at least, of the computer security variety). There is still plenty of work to be done, but at least ICS operators know, all too well, that they have to plan and drill for emergencies.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.
Sign up for CIO Asia eNewsletters.