Senate Hearing Highlights Grid Defense
Sanders and other witnesses, including Robert M. Lee, CREDC advisory board member and CEO of Dragos, Inc., pointed out the differences between attacks on utilites' information technology systems and those on operational technology systems such as supervisory control and data acquisition (SCADA).
“Fortunately, the successful attacks to date have largely been concentrated on utility business systems, as opposed to monitoring and control systems, in part because the operational technology systems have fewer attack surfaces, fewer users with more limited privileges, greater use of encryption, and more use of analog technology,” said Sanders. “However, there is a substantial and growing risk of a successful breach of operational technology systems, and the potential impacts of such a breach could be significant.”
Sanders also stated that the Department of Homeland Security and researchers should focus their research and development projects on developing six capabilities: continuous data collection, fusion of sensor data, visualization, analytics, restoration, and post-event tools.