Expert: Intel sharing is key to preventing more infrastructure cyberattacks
Old technology and fear of sharing proprietary information are keeping companies from helping each other thwart attacks.
TechRepublic’s Karen Roby spoke with Neal Dennis, a threat intel specialist at Cyware Labs, about threats to the U.S. power grid. The following is an edited transcript of their conversation.
Karen Roby: Intel sharing, this is something that you’ve been immersed in for many years as a former Marine and then made cybersecurity your specialty. Talk a little bit about where we are with the sharing of information and our power grid. You can also touch on President Joseph Biden, what he’s doing, who he’s calling on for help to protect what we now see is a very vulnerable asset of ours.
SEE: Security incident response policy (TechRepublic Premium)
Neal Dennis: First, it’s a very sensitive topic depending on who you talk with. There’s some people who take the approach that, “Ah, it’s whatever, laissez-faire, we’re good to go. Just let the system run.” Other people understand that antiquated technologies exist obviously in this environment, and there’s things that need to be done to bolster that and then make it more 21st century instead of running things from the 1980 or 1990s.
It’s a long road, for sure. Like I mentioned, there’s a lot of old tech there. There’s a lot of things that go on with this. Before the internet, it wasn’t an issue. Even with just general networking, these things were very cloistered off. And in the last couple of years, we’ve seen a huge push for remote work, not just currently with COVID-19, but even prior to COVID for a lot of workspaces. And these proficiently technical engineers that manage these grids and manage the devices on them, they’re not going to move 20 states over to work nowadays when they can do it all remote. So, facilitating remote working has also introduced a lot of concerns and issues that have to be addressed. And it’s a difficult piece to do, for sure.
Karen Roby: With President Biden calling on industry leaders to bring in this technology to help thwart attacks and to protect our power grid, is that happening? Are we making some strides, do you think, in that way?
SEE: Biden’s executive order faces challenges trying to beef up US cybersecurity (TechRepublic)
Neal Dennis: I do. So President Biden’s address for that, I think it’s a good sign on what the focus of that address was. There was a big focus in the discussion on identifying threats. And in order to do that, to me, that sounds like we’re going to have to update a lot of tech anyways to be able to do that. There’s going to have to be a lot more new procedures developed, a lot better procedures developed to bridge the gap between operational technology and information technology to get those control systems where they need to be.
I believe by proxy a lot of these systems nationally are going to get some really good overhauls courtesy of that. There’s going to be a really good focus on what it means to be at that national, and even the regional levels within the control systems there, to start having more robust sharing of that information that’s going on within these networks.
Then, hopefully at some point in time, because of all that, we don’t have a water treatment plant that was accidentally connected to because of some one-off bad password in Florida. We have the ability to set the right standards, which are available, but also maintain and monitor those standards more effectively across. So, a lot of little things to go into that, but the identification of the threats, big piece, for sure. And there’s going to be a lot more push for information sharing behind that. And there’s just going to be a really cool push on tech to update to be able to do all that stuff as well, which would be kind of fun to watch.
Karen Roby: As I touched on in the beginning, intel sharing, and this is something that you are immersed in and talking about a lot, and much of that coming from your past in the Marine Corps and working in cybersecurity. When we talk about intel sharing, is that something that people in the industry, do you think, understand enough? Is this something that we’re hearing about more and more, and will be layered in more and more?
Neal Dennis: I work with a lot of ISACs [information sharing and analysis centers] and ISAOs [information sharing and analysis organizations] for probably the last five or six years now, which is really fun to see. There are industry specific ISACs for the electrical industry, for the energy industry. There’s, in all their subsequent providers for like the natural gas providers and the co-ops and all this other fun stuff. So the concept is already there, but utilizing the concept and making it easy to access for everybody to do both, not just consume, but to share as well, I think that’s kind of where we’re at now from a hurdle perspective, is getting everybody on board with what it means to share, the value behind that sharing, for sure.
They see the ISACs. They’re members of the ISACs, whether because they need to be, or because they just want to be, whatever the requirement is. But you’ve got to get them over that cultural hurdle of sharing could potentially be bad because of either proprietary information or even legal teams are still constraining data that’s being shared. And this is across all the verticals and a lot of weird things. But I think they know it’s good. They just need to overcome the hurdle of actually doing it, and we need to help provide the right technology to facilitate it in a more automated fashion. And I think that’s probably where the real crux is.