This week I attended the Fall meeting of Women in Communications and Energy (WICE) in New York City. WICE began approximately 25 years ago when a small group of women in the public and private sectors involved in energy and telecom policy began getting together for networking purposes. At that point in time, they were very few women working in these areas in either of these industries. As time went on, the group grew as the presence of women in significant positions in these sectors increased. Today, WICE holds regular conferences twice a year in Albany and New York City and boasts a mailing list of over a thousand individuals. A new generation of young, successful women has energized the group.
One of the reasons that WICE has become so successful is the fact that it not only has provided a medium for networking for women in these industries, but its conferences have addressed issues that are vital to the industries these women are involved in. The topic of this week’s conference is a perfect example of one such issue: cyber security. Speakers included high-level officials from the Public Service Commission (Commissioner Diane Burman), the FBI, the New York Power Authority, Con Edison, and New York’s Deputy Chief Information Security Officer.
All of the speakers emphasized the importance of cyber security to our state’s critical energy and telecommunications infrastructure. A few of the many interesting data points coming out of the conference included:
- 96% of the incidents reported to U.S. CERT could have been avoided through simple cyber hygiene.
- The new US Energy Secretary has identified cyber security as the biggest single threat to the electric grid.
- 70% of cyber incidents are caused by insiders.
- Several speakers discussed the need to ‘compartmentalize’ data within a company to limit damage if an incident occurs. They also noted the importance of separating work and personal devices.
- The FBI described Infragard, which is a newly established public/private partnership that shares threat and incident information between the FBI and various sectors (energy, banking, telecom, etc.). The Deputy CIO described the new National Cybersecurity and Communications Integration Center (NCCIC).
- ‘Hacktivism’ (the use of cyber invasions for political purposes) is on the rise, as is the commercialization of cyber crimes (e.g. sale of malware).
- Stuxnet threats (worms that spy on and take control of industrial processes) are also increasing.
New York has been in the forefront of cyber security issues for the last decade. In the wake of 9/11, Governor George Pataki established one of the first Cyber Security Offices. That office established the MultiState ISAC (Information Sharing and Analysis Center) which, under the leadership of Will Pelgrin, was eventually merged into the Center for Internet Security. Located in East Greenbush, New York, the CIS has expanded its roles to include benchmarking, cost effective procurement of cyber tools for public entities, training and resources available to the general public, and has developed an integrated intelligence center.