4 Lessons to be learned from the DOE’s DDoS attack

4 Lessons to be learned from the DOE’s DDoS attack

Analysts, researchers, industry professionals, and pundits alike have all posited the dangers of the next-generation “smart grid,” particularly when it comes to cybersecurity. They warn that without the right measures in place, unscrupulous parties could essentially wreak havoc on the bulk of society by causing severe outages or worse.

It is a real possibility, but up until now, it’s been something that’s largely hypothetical in nature. In March, an unidentified power company reported a “cyber event” to the Department of Energy (DOE) that caused major disruptions in their operations. While the event did not cause a blackout or power shortage, it was likened to the impact of a major interruption, including events like severe storms, physical attacks, and fuel shortages.

It’s easy to dismiss this as a one-off event, especially since there was no energy disruption to the public as a result. But, in fact, the exact opposite should be inferred from this. It’s merely the first toe over the line in a world where cyberattacks are consistently growing more dangerous, highlighting the need to understand and improve security moving forward.

What lessons can be learned from this attack, and what can hopefully be done to mitigate risk in the future?

1. Disruption comes in many forms

Almost immediately, the attack could be dismissed because it didn’t cause power outages or severe disruptions, but that’s the kind of ostrich-in-the-sand approach that leads to vulnerability in the future. Disruptions or delays can come in many forms, especially for utility providers.

When an attack is identified, the appropriate response teams must dedicate resources to dealing with the oncoming wave. That is essentially costing ..