Steve Mitnick is President of Lines Up, Inc., Editor-in-Chief of Public Utilities Fortnightly, and author of “Lines Down: How We Pay, Use, Value Grid Electricity Amid the Storm.”
PUF: What is this demonstration about?
Kris Floyd: This is a cybersecurity demonstration. We call it advanced adversary simulation because we have a very elite team of ethical hackers, FusionX, based in Washington, D.C., who simulate well-funded hackers used by groups including hostile governments, organized crime, and corporate espionage vs. everyday garden-variety hackers. They've been operating on their own for over twenty years, and in 2015 Accenture acquired them, and integrated them into our cybersecurity practice.
The client hires FusionX to come in and do an evaluation. FusionX penetrates their security system. The team has a hundred percent success rate doing that. They've never failed.
It shows the very real vulnerabilities that all of the systems have. Hackers have thousands of ways they can gain access, and FusionX is differentiated because it has a human centric approach to getting access into these systems.
They know the techniques, tactics and procedures of malicious hackers. It's not a software solution. You have actual people sitting there, game planning. How can we gain access into this? Where are the weak points?
PUF: If the team found a way in, it probably means others could as well.
Kris Floyd: Absolutely. That's their expertise. They look around at the space and see, what are the attacks that we're experiencing in real time? What do they actually look like? Then they emulate those same attacks.
PUF: They do that to XYZ Power and Light, and they get a report card. Look, we took your utility down. What do you take away from that? What do you do with it?
Kris Floyd: Once they've gained access into your system and compromised it, they sit down with the client and explain, here's what we did, here's how we did it, and here are our recommendations.
The good news is, now that they are a part of Accenture's cybersecurity practice, FusionX can then hand the clients over to the rest of Accenture's cybersecurity practice, so that those guys can actually execute the architecture of whatever solution FusionX has recommended.
PUF: It's an ongoing threat. The hackers are there and are always coming up with new methods. It's not like you could repair these issues once and then you're set. How does that work?
Kris Floyd: Hackers being technologists, are innovators, so they're always looking for new ways to gain access into complex systems. You need something like FusionX. You need to have some people that think like these hackers, that are also innovators, that can repeatedly attack your system. You need to have ongoing evaluations and ongoing probing tests into a system to ensure that it is secure.
Half Moon Bay conversations: