U.S. Fighting Cyber-Spy Threat

UPDATED Spies have breached project plans for a vital U.S. fighter jet project and the Air Force's air traffic control system, reports the Wall Street Journal, hot on the heels of an earlier WSJ report detailing infiltration of the U.S. electrical grid by the Chinese and Russian governments.Fortunately, the U.S. is no longer asleep at the switch, with concurrent efforts under way spearheaded by government and private groups.

UPDATE: The Obama administration plans to create a new military command to coordinate defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to a Wall Street Journal report.

And self-regulating organizations like the North American Electric Reliability Corporation (NERC) will no longer be left to their own devices to determine compliance issues. The NERC had been granted authority to self-regulate the electrical grid by the Federal Electricity Regulatory Commission (FERC), but that will soon change.

Edward Markey, the chairman of the House Energy and Commerce Committee Subcommittee on Energy and the Environment, sent a letter to the FERC last week "regarding the escalating cyber breaches threatening to compromise the electricity grid," stating, "If there are holes in the government's ability to protect the electricity grid from attack I am committed to doing everything necessary to improving FERC's ability to defend against these threats."

Sean Sherman, senior compliance architect at IT configuration and compliance vendor Tripwire, told me the U.S. is "going to go into a much more intensive regulatory mode as we we try to target these things and frankly, it's probably appropriate." He also tweaked the very idea of self-regulation embodied by the NERC, saying, "The essence of self-regulation is kind of paradoxical, because compliance assumes some kind of oversight, doesn't it?"

At the heart of this issue, a recent survey conducted by the NERC showed that most utilities claim they don't have any critical cyber assets to protect, exempting them from any related compliance burden.

Talk about self-serving claims.

The federal government isn't alone in its efforts to shore up the security of critical infrastructure and key resources, noted Larry Shattuck, a spokesperson for InfraGard, a public-private partnership including private sector IT security professionals and the FBI.

Shattuck told me in an email that one of the group's principal activities is educating the general public and corporate leaders so they don't become the weakest link in the infrastructure security chain. "These folks repeatedly, time and time again, ignore the threat THEY pose to our country's security when they ignore simple protocol on their own systems," he noted.

InfraGard has been around for almost ten years, and Shattuck says the organization has been able to help avert attacks and solve cyber-crimes more quickly thanks to cooperation between the private sector and the feds. More is needed, as these recent reports have shown. But if you want to join InfraGard, be aware that you'll have to undergo a background check by the FBI.