WASHINGTON- Stopping massive cyber assaults on infrastructure, similar to the December attack in Ukraine that caused a widespread loss of electricity, will require a dual effort by the public and private sector, security experts said Wednesday.
Partnerships between businesses and the government and information sharing can help prevent these kinds of digital threats, Suzanne Spaulding, undersecretary of national protections and programs directorate at the Homeland Security Department, said at a Financial Times cybersecurity summit.
Information sharing between government and the private sector is one obvious way to lower the risk. The situation in Ukraine, where destructive malware shut down parts of the electric grid for hundreds of thousands of people, could happen to infrastructure systems in the United States, but is preventable, Spaulding said.
“What we saw there does not reveal a risk that is unique to the electric sector,” Spaulding cautioned.
More than 80,000 people lost electricity in Ukraine when hackers took over the power system. Workers had to travel around regions to reset the system and restore power.
While there is a real threat of cyberattacks in the U.S., the electricity infrastructure here is reliant on technology and systems dating back to the 1970s, which are natural barriers to these types of attacks, according to Stephen Woerner, president of the Baltimore Gas and Electric Company. Power companies in this country are not as vulnerable to the kind of hacking that took down the power system in Ukraine, he said.
But as power company technology is replaced and modernized, the government and the private sector are working together to put appropriate security in place, Woerner said.
“What protected us yesterday and today will not necessarily protect us tomorrow,” he said.
Traditionally, the private sector’s relationship with the government on security has been as a contractor or as a victim of cyberattacks, a system which is beginning to change, Spaulding said.
“You are not just to be brought in at the last minute when we tell you you’ve been had or you’re about to be had,” she said. “You really need to be part of the conversation all the way through.”
The Department of Homeland Security, for example, has a council that connects government officials with 16 critical infrastructure sectors, such as transportation and chemical sectors.
Another means, the cyber information sharing and collaboration program, allows private companies to share data automatically, which could prevent someone from using the same attack against multiple companies in the sharing network.
“We have these networks (of private companies) who are sharing information with machine speed, the speed of our adversaries,” she said.