Reality Check: How Vulnerable Is the Power Grid?Longtime CISO Bernie Cowens on Myths and Realities of Utility Cybersecurity
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, who until recently was CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think (see: Hackers Increasingly Probe North American Power Grid).
"It's important to understand that the sky is not necessarily falling with regard to the power grid," says Cowens, who recently left his role as vice president and CISO of Pacific Gas and Electric in California. "It's easy to get the impression that people who operate the grid and are responsible for it are asleep at the wheel somehow, and there could be nothing further from the truth."
The reality, he says in an interview with Information Security Media Group, is that power utilities are tightly focused on understanding, responding to and communicating about threats to the grid. "There's an incredible amount of awareness, a lot of work and a lot of dedicated people who are focused on that problem every day."
In the interview (see audio link below photo), Cowens discusses:
- Common myths about power grid vulnerabilities;
- How the U.S. has addressed issues with IT, OT and SCADA;
- Cybersecurity gaps that still need to be addressed.
Cowens is chief security officer with Utility Technology Solutions, a startup organization. Immediately prior, he was vice president and CISO for Pacific Gas and Electric Co. where he was responsible for leading companywide efforts to identify and manage cybersecurity risk to protect critical infrastructure and information assets. Earlier, Cowens was CISO for First American, where he oversaw all aspects of information security for the company and its global business units. He also has held senior security executive positions at PricewaterhouseCoopers, Experian and the Automobile Club of Southern California and served as the vice president and CISO for SafeNet, a global encryption technology manufacturing company.