ROCKVILLE, Md.--(BUSINESS WIRE)--Ultra Electronics, 3eTI President Benga Erinle issued the company's response to comments reported in recent days by Admiral Michael S. Rogers, director of the National Security Agency, about the potential threat China poses to the nation's power grid.
In addressing a congressional panel November 20, Adm. Rogers, who also serves as commander of US Cyber Command, warned that China and up to two other countries have the means to shut down the United States power grid and other critical infrastructure through a cyber-attack. In making the comments, the admiral said that malware originating from China and elsewhere had been detected in domestic computers. He also said such attacks represent trends in efforts to exploit vulnerabilities in US cyber systems.
Benga Erinle issued the following response:
We applaud Admiral Rogers' comments last week to Congress regarding the disastrous consequences our nation faces should organized, well-funded and hostile parties make a concerted assault on America's energy infrastructure. With the spotlight once again on the risks we face should such a cyber-attack succeed, we at 3eTI know from our work with the US Department of Defense, and Department of Homeland Security, as well as with other agencies and private American enterprises, how seriously these risks must be taken. More specifically:
- Cyber-security decisions must be based on identified risk. NSA, given its mission, has identified critical risks to the US electrical grid. Grid operators have a responsibility to our nation to act now to reduce these risks.
- Grid vulnerability relates to computers used by grid operators and the computerized controllers that actually direct generation and distribution.
- It is important to follow guidelines such as those outlined in the NIST Smart Grid Framework. Security must be funneled down to all computerized endpoints on the grid network, especially to the programmable logic controllers that initiate the start and stop sequences on the grid. Network firewalls are no longer a sufficient way to protect those devices.
- Decisions on cyber-security solutions must include products and systems that have been independently validated by NIST and NIAP for robust network security. It is not enough to specify solutions solely on the basis of vendor claims.