Larry Karisny is the director of Project Safety.org, an advisor, consultant, speaker and writer supporting advanced cybersecurity technologies in both the public and private sectors.
In this Q&A, a security expert discusses the problems and approaches in fixing cybersecurity.
Real-time cybersecurity is now a necessity, and has reached the point of requiring big changes in how we are going to fix cybersecurity today.
Today, all cybersecurity technologies secure information processes at points that are too late to achieve true cybersecurity -- and hackers know this.
The old model of "good enough security" is being replaced by a new model of "0 trust security" -- the new platform on which cybersecurity must be built.
The penetrate-and-patch cybersecurity market is a short-term solution and actually demonstrates how weak current security methodologies are.
Security is only the anomaly detection of an incorrect process action.
Frankly, the exploit offense technologies are currently beating the security prevention and detection defense technologies every which way.
There is no "it won’t happen to me" anymore.
If we have cybersecurity protection, then why are hackers hacking? Because they can.
New evidence of startling increases in the volume and scale of cyberattacks suggests that current security technologies may have reached their limits.
Google’s recent network, acquisitions and hires in Austin, Texas, have created an opportunity to do security right the first time.
One expert applauds that information security company Mandiant released its research, looking at it as a wake-up call.
"We lose control of our grid, that's far worse than a botnet taking over my home PC."
Networking and software pioneer Rajeev Bhargava discusses his unique way seeing and correcting our recent surge of cyberbreaches.
According to security expert Curt Massey, standards, certifications and compliance force industry and government to keep an inherently insecure system insecure.
The $388 billion cybercrime business is now as large as the international illegal drug trade, and brings threats of foreign espionage.
"One would hope that after all of the power issues with Hurricane Sandy, utility executives will take ICS cyber security more seriously before it is too late."
What if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes?
Security needs to change to protect utilities and the grid.
We can’t continue to patch cyber security while thinking we can manipulate these vulnerabilities in targeted cyber attacks.
"We are ultimately seeking a modernized power system that is somewhat self-aware, self-healing and self-managed."
With immediate security needs evident, there must be a way out of what people in the security business are now calling the "smart grid security circus."
We can no longer look security solutions of the past when trying to secure the enormous amount of data that will flow through the smart grid. Old methods are too complex and too slow.
IPS can eliminate man-in-the-middle spoofing/sniffing risks or denial-of-service vulnerabilities.
"The clearest example of vulnerability brought on by computer controls happens to be the one system that everything else depends upon: the electric power grid."
"The next Pearl Harbor we confront could very well be a cyber attack that cripples our power systems, our grid, our security systems, our financial systems our governmental systems."
In spite of power-grid security breaches, just stopping the smart grid isn't an answer or even an option.
Loss of power though natural or man-made causes can range from an inconvenience to a global catastrophe.
Sandra Manning, utility marketing manager, City of Tallahassee, demonstrated a running smart-grid application.
Remote control functionality always opens additional pathways for attackers.
If Stuxnet is any indication, then the serious attackers are way ahead of us and can pretty much operate with impunity.
Stuxnet brings years of warnings from theory to reality.
"Our goal is to become the leading provider of universal smart-grid operating systems for any device and any broadband technology."
There are actually ways to offer high-end security with low overhead through layer 2 security techniques.
"What I found most interesting is the assertion by some vendors that the meters have security features built in that utilities often choose not to implement for their own reasons."
Rock Hill incorporated wireless broadband as part of a strategy to build a multi-use communications foundation.
"One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet." -- Vint Cerf
So now with little knowledge of the Internet and security the power companies have billions of dollars of grants in hand with one big problem. The grants mandate an iron-clad security platform.