how manufacturers can prepare for cyber attacks

The Competitive Edge: Cyber Threats: Stealing Our Credit Cards Just Tip of Iceberg

March 4, 2014

Manufacturers playing a critical role in response to growing cyber insecurity.

During the peak of online holiday shopping, Target and other retailers saw hackers create a massive credit card security breach that clarified the growing vulnerability of 21st-century businesses and consumers alike.

And yet, as stupefying as that news was, the attack that businesses and citizens really need to be concerned about is one that occurred earlier in 2013. One dark night last April, snipers shot up 17 transformers at a Pacific Gas and Electric substation in Silicon Valley. Only the swift work of PG&E employees prevented a large-scale outage. While the FBI has declared the incident an act of vandalism, others, including former Federal Energy Regulatory Commission Chair Jon Wellinghoff, have their suspicions.

Better Coordination Necessary

Using this attack as a springboard, Wellinghoff has gone public with his apprehension about the vulnerabilities of our aging electric grid. His concerns mirror those of Gen. Michael Hayden, former director of the CIA and NSA and now a vocal proponent of better coordination between public and private entities in their preparations for increased cyber assaults. Gen. Hayden highlights three primary levels of cyber threats to our nation.

Industryweek Com Sites Industryweek com Files Uploads 2014 03 Pull Quote

The first level stems from crooks like those in the Target case, often working out of Eastern Europe, who are simply out to steal stuff and make a buck. The second level often comes from more sophisticated criminal elements and from nation states, such as China (whose hackers infiltrate U.S. corporate networks to steal trade secrets) and Iran (responsible for a wave of computer attacks on U.S. corporations a year ago). These are most disruptive to corporate networks, and companies are spending increased resources on advanced security methods such as implementing data loss prevention (DLP) strategies and advanced persistent threat (APT) detection methods. Finally, the third level -- which Hayden sees as potentially the most threatening -- derives from terrorist elements such as Al Qaeda, cyber activists and anarchists, with the goal of nothing short of bringing down a nation's, and in particular our nation's, critical infrastructure. This can occur through cyberattacks or, as occurred in Silicon Valley, physical assault. Whether Silicon Valley was random or a test run for something bigger, as Wellinghoff suspects, it shows the extent of damage a well-coordinated, well-executed attack could inflict on our power grid. It took PG&E a month to repair the damage of a 20-minute attack to one substation. Imagine the recovery time it would take if a comparable physical or cyberattack on our electric grid were to occur with more sophisticated weaponry on a coordinated, broader scale. But there's still plenty of opportunity to implement much-needed security measures. According to Gen. Hayden, while other "domains of engagement" -- ground, sea, air, space -- have historically been left to our government to protect and defend, the cyber realm is different. The private sector has greater expertise and agility than the government to take the lead on designing new security measures in this new frontier. Manufacturers have a particularly important role. For several years they've been working diligently with power companies on incorporating intelligent designs into the electric grid that will allow us to overcome natural and man-made strikes. These days the smart grid is popularly associated with increased energy efficiency, as homes -- complete with smart thermostats, meters, refrigerators, and dryers -- communicate with a more intelligent electric grid to track the load and maximize efficiencies in energy consumption. But adding intelligence can also create a more secure and resilient grid. For example, for several years manufacturers have been working with power companies to create a self-healing capacity, with the ultimate goal of incorporating advanced metering and sensors in transmission and distribution lines and centralized user management and role-based access control in substations. Depending on the degree and extent of damage, a smart substation should be able to restore power to customers within minutes after an isolated outage.

Read more of Stephen Gold's insights on public policy issues facing U.S. manufacturing at iw.com/author/stephen-gold.

The level of reliance of businesses and consumers on our cyber infrastructure is only going to increase in the coming years. Securing and protecting it must be a top priority.

Stephen Gold is president and CEO of Manufacturers Alliance for Productivity and Innovation, Arlington, Va. (www.mapi.net).

About the Author

Stephen Gold | President and Chief Executive Officer, Manufacturers Alliance

Stephen Gold is president and CEO of Manufacturers Alliance. Previously, Gold served as senior vice president of operations for the National Electrical Manufacturers Association (NEMA) where he provided management oversight of the trade association’s 50 business units, member recruitment and retention, international operations, business development, and meeting planning. In addition, he was the staff lead for the Board-level Section Affairs Committee and Strategic Initiatives Committee.

Gold has an extensive background in business-related organizations and has represented U.S. manufacturers for much of his career. Prior to his work at NEMA, Gold spent five years at the National Association of Manufacturers (NAM), serving as vice president of allied associations and executive director of the Council of Manufacturing Associations. During his tenure he helped launch NAM’s Campaign for the Future of U.S. Manufacturing and served as executive director of the Coalition for the Future of U.S. Manufacturing.

Before joining NAM, Gold practiced law in Washington, D.C., at the former firm of Collier Shannon Scott, where he specialized in regulatory law, working in the consumer product safety practice group and on energy and environmental issues in the government relations practice group.

Gold has also served as associate director/communications director at the Tax Foundation in Washington and as director of public policy at Citizens for a Sound Economy, a free-market advocacy group. He began his career in Washington as a lobbyist for the Grocery Manufacturers of America and in the 1980s served in the communications department of Chief Justice Warren Burger’s Commission on the Bicentennial of the U.S. Constitution.

Gold holds a Juris Doctor (cum laude) from George Mason University School of Law, a master of arts degree in history from George Washington University, and a bachelor of science degree (magna cum laude) in history from Arizona State University. He is a Certified Association Executive (CAE).