About 4 years ago I met some interesting folks from Idaho National Laboratory, a DOE group at an OSIsoft user conference who work on cybersecurity threats on power plants and the grid. Information Week covers NSA joining the cybersecurity threat.
NSA Launches Infrastructure Cybersecurity Program
The "Perfect Citizen" program will seek to help mitigate cyber attacks on critical infrastructure like power plants, air traffic control systems and the electrical grid.
By J. Nicholas Hoover
InformationWeek
July 9, 2010 08:00 AMThe National Security Agency plans to launch a program aimed at assessing vulnerabilities and developing capabilities to help secure critical infrastructure like power plants, air traffic control systems and the electrical grid.
In an e-mail sent Thursday evening to InformationWeek, NSA refuted parts of an earlier Wall Street Journal report that the effort, called Perfect Citizen, would monitor communications or place "sensors" on utility company systems, instead calling it "a research and engineering effort."
The Idaho National labs has a web site with their efforts.
National Security
SCADA/Cyber/Power Grid Security
INL National SCADA Test Bed web site
Comprehensive computer and cyber security programs are an essential element for today’s personnel computers as well as for the digital control systems that operate our nation’s infrastructure systems such as transportation and telecommunication systems and facilities such as chemical and water treatment plants.
Leveraging the Laboratory’s more than 50 years of experience in developing, operating, and maintaining complex control systems for nuclear reactors and other infrastructure systems, the INL created a Critical Infrastructure Test Range complete with full-scale infrastructure systems, remote and secure testing grounds, and an expert staff to aid the utility and control systems industry in developing tools and solutions to improve cyber security.
In 2004, the departments of Energy and Homeland Security established two multi-year programs at INL to protect the nation’s infrastructures against attacks from hackers, virus writers, disgruntled employees, terrorist organizations and nation states.
The National Supervisory Control and Data Acquisition (SCADA) Test Bed is funded by the Department of Energy and works in collaboration with Sandia National Laboratory to systematically analyze, test, and improve cyber security features in the control systems that operate the nation’s electric power grid. SCADA systems are also commonly found in the water and oil and gas industry.
And there is Department of Homeland Security site as well.
Control Systems Security Program (CSSP)
The goal of the DHS National Cyber Security Division's CSSP is to reduce industrial control system risks within and across all critical infrastructure and key resource sectors by coordinating efforts among federal, state, local, and tribal governments, as well as industrial control systems owners, operators and vendors. The CSSP coordinates activities to reduce the likelihood of success and severity of impact of a cyber attack against critical infrastructure control systems through risk-mitigation activities.
What is the gov'ts role and who should you contact to understand the cybersecurity threats to your power infrastructure?
Even so, the program raises unanswered questions about the government's role in -- and undefined turf over -- protecting the nation's critical infrastructure from cyber attacks, what technologies and processes might be used in such an effort, how any such effort would protect critical infrastructure owners' independence as well as privacy, and whether the effort should be public rather than classified.
I need to go back and find the business cards for the Idaho National Lab guys I talked to. I think there would know some answers.