Cybersecurity, Executive Insight, Eye on the Smart Grid, T&D

Facebook… Equifax… Who’s Next?

Issue 4 and Volume 23.

Data breaches and cyberattacks have become as commonplace as Hollywood breakups and reality television singing competitions. Many people don’t give cyberthreats much thought, but they should. Possibly one of the biggest, most extreme data breaches occurred recently at Facebook, which revealed that data from up to 87 million users, mostly in the U.S., might have been “improperly shared” with political research firm Cambridge Analytica. Facebook originally estimated 50 million people were impacted. While the revelation that Facebook is not as secure as it let on sent its stock tumbling and caused some people to remove their Facebook pages, far more ignored the breach and they continue to share their daily trials and triumphs (some in great detail) for their friends and “creepers” to see.

Many Facebook users didn’t pay much attention to the breach, but it did get attention from U.S. lawmakers, who called FaceBook CEO Mark Zuckerberg to Capitol Hill to testify before a House oversight panel. And, several reports indicate that UK lawmakers also want Zuckerberg’s testimony because their country is home to Cambridge Analytica.

Another notable, massive data breach occurred at Equifax late last year. The consumer credit reporting company, which admitted last September that sensitive personal data was stolen, recently revealed that the breach compromised even more consumers and more data than first reported. The company originally said data on 143 million users was impacted by the breach. About six weeks later, it upped that number to 145.5 million and then in March Equifax revealed that it had discovered nearly 2.5 million additional victims, bringing the new total to 147.9 million individuals. It also revealed that in addition to names, social security numbers, birth dates and home addresses, in some cases driver’s license numbers also were taken.

Almost weekly, I hear of another company that has experienced a data breach—Sears, Delta Airlines, Saks Fifth Avenue and Lord & Taylor all revealed breaches within the last week. And, just a few weeks ago, President Trump’s administration put a spotlight on electric utilities when it openly accused Russia of a “concerted, ongoing operation” to hack and spy on the U.S. energy grid and other critical infrastructure.

As stories about data breaches and cyberattacks become everyday news, more and more people seem to shrug them off as common occurrences that someone will handle. These occurrences, however, should not be ignored.

When I see companies like Facebook and Equifax, whose primary purpose is to manage and secure data, becoming victims of cyber-attacks and massive data breaches, I begin to think that no entity, no matter how wealthy or technologically savvy, can adequately secure its networks and systems.

The fact that data security is not an electric utility’s core business, coupled with modern society’s dependence on electricity makes these stories of data breaches and cyberattacks even more concerning.

Utilities have many “disrupters” with which to contend, but I’ve been told by several utility executives that cybersecurity tops the list of concerns that keep them awake at night. POWERGRID International often features articles that cover fighting cyberthreats to both utilities’ infrastructures and their systems that house sensitive customer data. This issue is no exception. On page 8, “Stopping the Gap” provides tips to identify and stop network security breaches. Senior Editor Rod Walton’s article “Waves of Communication” on page 16, provides insight into the hoops utilities must jump through, even during major outage events, to satisfy regulations aimed at protecting customers’ privacy and data.

Cyberthreats are a permanent hazard of today’s digital-based society. We at POWERGRID International, therefore, will continue to include articles aimed at helping create solutions to combat the many hazards.