With all the recent news about cybersecurity breaches (or is it ‘cyber security’?), we thought it might be a good idea to share a few thoughts about how we’re using, or misusing, perhaps the greatest business facilitation tool ever invented, and the dangers of taking network security for granted.
Last year, EPP was asked to facilitate a session on smart grid technology for a regulatory agency. One of the topics involved cybersecurity, and to demonstrate some of the risks involved in operating any network-dependent system, we brought in a group of engineering students from a local university.
The results were impressive – and a little scary. With a few deft moves on their personal laptops, using the building’s WIFI capability, the students infiltrated the agency’s network and showed how they could wreak havoc if they wanted to, cracking passwords and doing all kinds of mischief. Their message: there is no such thing as absolute security when it comes to computer networks, the internet, or even individual computer files.
Think about it – in that ancient analog world over 50 years ago, documents and files were kept under lock and key, in vaults or steel cabinets. You needed physical keys, combinations, or the skills of a safecracker to get at them. And then you could do – what? Manipulate individual documents? Learn the addresses of key individuals for some nefarious reason? Probably not much.
Now instead of vaults, we have the cloud. Thousands of documents, files and records are digitized and easily manipulated with software anyone can buy online. There are programs that can generate thousands of password tries in a matter of minutes. Not to mention websites and blogs entirely dedicated to “cracking” and “hacking.”
Public utilities are potentially vulnerable in a number of areas. Hackers would love to get into your demographic data to help them steal customer identities. Terrorists would love to threaten the physical operations of transmission and distribution systems. Virus creators can effectively hold a network for ransom. Think what a bright teenager with a laptop could do to your billing files.
There are even more mundane threats. Steal a password, access an email account, and a disgruntled co-worker could ruin a career, simply based on an inter-office grudge. Or bring your hidden-virus-laden flash drive from home, plug it into your workplace computer and screw up the whole network for the day.
When it is virtually impossible to prevent bad things from happening to systems, engineers usually rely on erecting redundant barriers to at least slow the intrusion down so it can be detected and dealt with. Sometimes, just raising the cost-to-benefit ratio can discourage bad actors.
By now, we’re sure that every utility has developed sophisticated and capable network security resources. But to erect as many barriers to intrusion as possible, National Cyber Security Awareness Month might be a good time to ask if your security efforts have covered the basics at the individual worker level.
For both personal and business purposes, the US Department of Homeland Security advises two basic but frequently undervalued tactics:
- Set strong passwords, change them regularly, and don’t share them with anyone
- Maintain an open dialogue with your friends, family, and colleagues about internet safety
Both Cybersecurity Busting Measures Merit Deeper Thought
- Passwords: Perhaps the most misused and frequently-violated of all common security protections. They are annoying, hard to remember and even harder to create a good one. If, at minimum, your company does not require and enforce frequent hard-to-crack password changes, you’re leaving yourself open to intrusion. You may even want to consider fingerprint recognition hardware as an alternative.
- Open Dialogue: How often does your company talk with all employees about cyber security? We’re reminded of the annual ethics code most companies require employees to sign in an effort to see that everyone at least knows how to behave with customers and other stakeholders. It might be a good idea to copy that idea, and have everyone read and sign your cybersecurity guidelines.
So to answer that burning question – is it “Cybersecurity,” one word, or “Cyber Security,” two words? Grammarians may disagree, but according to the Associated Press Style Guide, they say it’s one word – cybersecurity.