Lawmakers: Electric utilities ignore cyber warnings

The U.S. electrical grid remains vulnerable to cyber and electromagnetic pulse attacks despite years of warnings, several U.S. lawmakers said Tuesday.

The electric industry has pushed against federal cybersecurity standards and some utilities appear to be avoiding industry self-regulatory efforts by declining to designate their facilities or equipment as critical assets that need special protection, said Representative Yvette Clarke, a New York Democrat and chairwoman of the U.S. House Homeland Security Committee's Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology.

"This effort seems to epitomize the head-in-the-sand mentality that seems to permeate broad sections of the electric industry," Clarke said.

The U.S. electric grid is an "obvious target" for enemies of the nation, and a major outage would affect all aspects of everyday life, Clarke said during a Tuesday hearing. "We simply cannot afford to lose broad sections of our grid for days, weeks or months," she said.

Despite years of warnings from lawmakers, electric utilities' efforts to secure themselves against cyber or electromagnetic pulse, or EMP, attacks seem to be lagging, Clarke added. During a three-year subcommittee review of electrical grid security, committee members and staff talked to hundreds of experts and read thousands of pages of studies, she said.

"They all reached one conclusion: The electric industry has failed to appropriately protect against the threats we face in the 21st century," Clarke said.

While the hearing mostly focused on cybersecurity, lawmakers also talked about the threat of an EMP attack on the U.S. An EMP is a burst of electromagnetic radiation, usually from a nuclear explosion. While such an attack may be unlikely, an EMP attack could shut down the electricity grid over a wide area and bring the U.S. to a standstill, some lawmakers said.

Representatives of the electric industry said they've worked hard to improve cybersecurity, and they share the lawmaker concerns about EMP attacks. The electric industry needs better information about how to protect against EMP attacks, said Steven Naumann, vice president of wholesale market development at Exelon, an electric utility.

Part of the problem with cyberattacks is that the U.S. government doesn't share enough up-to-date information, Naumann added. "In general, the North American gird is well-protected against cyberattacks - at least those attacks that we know about," he said. "It's hard to protect against something you don't know."

Many electric utilities have taken significant steps in recent years to improve their cybersecurity, added Mark Fabro, president and chief security scientist at Lofty Perch, a control systems security vendor. The electricity grid will continue to converge with the Internet and that will introduce vulnerabilities, he added, but many utilities are working hard to improve security.

"We continue to witness excellent examples of effective cybersecurity activities from many entities, and observe progress that does not align with the popular opinion that the bulk power system is rife for total system compromise," Fabro said.

But several lawmakers said they're concerned that the electrical grid will become more vulnerable as its controls move onto Internet Protocol networks. "There is a massive computer espionage campaign being launched against the United States by our adversaries," said Representative Bennie Thompson, a Mississippi Democrat and chairman of the full Homeland Security Committee. "Intelligence suggests that countries seek or have developed weapons capable of destroying our grid."

Opera CEO defends Unite against security concerns

Opera Software's CEO defended the Unite feature of the forthcoming Opera 10 browser against charges that it will increase the risk that hackers can break into people's PCs.

In an interview in New York recently, Opera CEO Jon von Tetzchner said that the decentralized nature of Unite, a feature that turns each person's PC into a Web server by putting that capability in the browser, makes it more difficult for hackers to break into computer systems, not easier.

"When you're hacking a single system, if you have everything that belongs to everyone in one location, you only need to break in once," he said. "If you have it in different computers it's a little more complicated. If you get into one Web server and everyone's data is in there, that's easier than getting into a million computers."

Moreover, Tetzchner said some of the fear that hackers will have a field day with Unite has to do with the fact that it's a new and yet unproven technology about which security risks are an unknown, rather than a real danger with the technology.

"I think a lot of people are concerned because this is a new piece of technology," Tetzchner said. "I don't see this as making this more of a target that you have been before."

Opera Unite, introduced last month, is new software planned for Opera 10 that includes a Web server in the browser that connects it to an Opera proxy server, which then allows the browser to serve content to the rest of the Internet. It is currently available in alpha release.

The idea is to simplify things for people who want to host their own Web pages and share files with others via the Internet - with Opera's architecture, they don't have to configure firewalls or worry about their Internet service providers blocking Web server traffic.

However, security researchers have expressed concern that putting a Web server on every PC will make it easier for hackers to break into PCs. Web servers are the primary way hackers to break into computer systems and spread malicious code via the Internet.

While security experts may beg to differ about Tetzchner's assessment of the new service, Opera's CEO said that the company is spending a "fair amount of time" ensuring the new feature will be secure as possible.

However, he stopped short of saying how Opera might specifically address any threats that may crop up due to the new feature other than to stay on top of security risks to the Opera browser as vigilantly as the company does today.

IBM: Riding strong service component

Company: IBMEntry: IBM/Brocade/JuniperMorning Line: 3 to 1Tip sheet: Will try to ride strong service component to the winner's circle

Ask IBM about the next-generation data center and company officials will begin talking about the dynamic infrastructure, and describing how that is forever expanding outward as enterprises embrace mobility and increase the numbers and types of devices in use.

IBM is pulling together the server, storage and networking resources needed to support this expanding infrastructure, then topping that off with software for managing the environment. Virtualization across the entire infrastructure, meaning all classes of servers, storage, networking and applications, is a critically important enabling technology, and energy management an underpinning as well, describes Pete McCaffrey, director in IBM System and Technology Group.

If that doesn't sound so different from what Cisco and HP have planned that's because it isn't. But IBM does talk up its services capabilities more than the others. For example, McCaffrey touts the recently introduced IBM Service Management Industry Solutions, which pull together various service management services and software from IBM and its partners, to help organizations centrally manage their expanding infrastructures. He also pitches a new networking service aimed at helping enterprises with consolidation and virtualization.

"Our clients aren't only looking for technologies. They're also coming to us and saying, 'How do I move forward?'" McCaffrey says.

Some of IBM's more intriguing moves are networking-related, industry watchers say.

Although IBM officially says it is not backing away from Cisco as a strategic partner, the company has decided to put its label on and resell Ethernet gear from Brocade, and it is collaborating with Juniper Networks on hybrid public-private cloud capabilities.

That IBM is rebranding the Brocade switches and routers is telling about how frayed the Cisco relationship may be, says Zeus Kerravala, a senior vice president at Yankee Group. "That kind of move is more common in IT, not networking, he says.

On the compute side, IBM needs to do more work than either Cisco or HP in terms of creating the fabric over which the myriad resources are assembled, says George Weiss, a vice president and distinguished analyst with Gartner.

"It can do storage, and the server components in blades, and outboard the networking part, so it does deliver a fairly integrated type of architecture. But it's not as componentized and virtualized as what Cisco or HP are doing," he says.

If IBM can't compete on an architectural plane in the same ways the competition appears to be delivering benefits and ROI, then it could lose opportunities and market share, Weiss says.

Kerravala gives the nod to HP as having a bit of an advantage over IBM. "HP seems to have been thinking about this longer than IBM," he says. "IBM seems to be in a bit of reactionary mode."

But IBM stands by its looser architectural approach. "A one-size systems approach isn't going to work in this world," McCaffrey says. "We will continue to invest in different systems and platforms that are optimized to perform certain types of work, and we'll do this in a way that allows us to deliver a level of choice with special-purpose processing but still be manageable in a common, integrated fashion."

Tiny .biz domain names to be auctioned off to highest bidders

How much is x.biz or .ge.biz worth?

Clock is ticking on .me domain names

That's the question NeuStar is asking the Internet e-commerce community as it adds one- and two-character names to the .biz domain and makes them available to the highest bidders.

NeuStar on June 1 announced plans to sell one-character domain names - using the letters A through Z as well as the numbers 0 through 9 - with the .biz extension. For example, the domain names www.i.biz and www.7.biz will be for sale via auction.

Bids for the 36 possible one-character names are due to NeuStar on July 30. These names are expected to be operational in August.

Also in August, NeuStar will begin selling two-character domain names that can be used to represent company names, stock symbols, state or city names such as www.ms.biz or www.az.biz.

NeuStar said proceeds from the auction of the one- and two-character domains will be used to market the .biz brand to the benefit of all .biz registrants.

A handful of one-character domain names already exist on the Internet, dating back to the early 1990s when the late Jon Postel managed all domain name registrations. These names are: q.com, x.com, z.com, i.net, q.net and x.org. 

The .biz domain is the first top-level domain to get approval from the Internet Corporation for Assigned Names and Numbers to sell one-character domain names, NeuStar said.

"We think one-character domain names will have strong branding appeal," says Tim Switzer, NeuStar's vice president for Registry Services. "They'll make for a very memorable kind of domain name."

NeuStar also sees potential in two-character names, which will be available using a combination of letters and numbers such as www.aa.biz or www.a1.biz. Two-character .biz names will be operational in October.

Two-character domain names are likely to raise more intellectual property issues than one-character domain names because of their connection to company names, Switzer admitted.

"I can see two-character names being used with company names, stock symbols or the respective chambers of commerce for the states," Switzer says.

Two-character domain names are already available in the .net and .com domains.

The .biz domain has more than 2 million domain names registered, focused primarily on small and midsized businesses.

The phenomenon of short domain names may be spreading across the Internet. Switzer says the .pro and .travel domains have already requested permission from ICANN to sell one- and two-character domain names, too.