“This is a new kind of enemy that we are looking at utilities by themselves cannot stand to that kind of warfare.” – Mamatha Chamarthi, VP and CIO, CMS Energy. Smart Grid has a lot of areas of concern and interest for utilities: Big Data, Renewables, Smart Cities, the aging infrastructure. Perhaps no one however could’ve guessed that cyber warfare would be one of them.
Mamatha Chamarthi, the VP and CIO of CMS Energy, had a scary realization in discussing the Smart Grid threats on our Viewpoint “Utility Resilience and Security.”
At CMS, they noticed a large amount of activity coming in to their servers from Turkey. What they feared was that this IP address was actually China disguising themselves as Turkey. The ramifications of this are obvious for our national security, but what’s even scarier is realizing that the intelligence utilities currently have access to is not on the level of the NSA’s, and this is not something they’d be able to detect.
The greater concern is that no level of investment utilities make will be able to stave off an attack without federal government intervention. Chamarthi took it upon herself to support the recent bill defeated in the Senate known as CISPA, the Cyber Intelligence Sharing and Protection Act. Although this particular bill was controversial in terms of Internet privacy and civil liberties as they relate to cyber security, the necessity of a bill such as this, as Chamarthi sees it, is to allow critical intelligence and information sharing to happen between utilities and the government.
Utilities have a hard enough time maintaining resiliency when Mother Nature attacks. This is an entire nation state attacking the whole critical infrastructure with the intent of doing harm. Chamarthi says questions and preparedness concerns need to come from the top and bottom to address this fully. “What kind of defense mechanisms do we have in place? Do we have the right kind of strategy?
Do we have the right kind of talent? When the board starts asking you those kind of questions, the executive and the management team automatically starts focusing on the topic.” Her initial suggestions are to develop best practices to “deter, detect and react” such that recovery can happen swiftly.
“One of the best factors that every business should go through is to have a cross functional team that goes through business continuity and disaster recovery and also does those exercises in relation to a coordinated physical and cyber attack,” Chamarthi said. “This is an exercise we and other utilities do multiple times a year, and it would help check our preparedness in the event of a coordinated attack.”
Hear more from Chamarthi and listen to our Viewpoint “Utility Resilience and Security”