If a cyberattack extinguished the power to the electrical grid in Wisconsin, leading to a prolonged blackout, Maj. Gen. Donald Dunbar would have a lot of work to do. He’d have to turn the wheels of the state’s cybersecurity response strategy. He’d have to mobilize the National Guard he commands to help utility companies quickly get the power back on and emergency teams get to people who need immediate assistance.
Before he could do any of that in the hypothetical future, though, he needs to ensure that there’s communication and cooperation among public and private sectors in the state.
“Because I don’t pretend for a second that the state of Wisconsin or the National Guard is going to come riding in on a white horse in a cyber-event and save the day,” said Dunbar, who is the senior adviser to the Wisconsin government on cybersecurity matters. He spoke to an audience of business and IT executives at the recent Fusion 2016 CEO-CIO Symposium in the state’s capital, Madison. “We all have personal responsibility; we have corporate responsibility when it comes to cyber.”
The U.S. runs on private industry, Dunbar said, and to get it running again after a power grid failure, corporations need to work with the state government on disaster recovery preparations.
Public and private sectors, activate
The first thing companies need to do is tell the government whether they would need help in case of a power-crippling cyberattack, Dunbar said. The banking industry, for instance, invests heavily in cybersecurity and wouldn’t need much assistance from the National Guard. “It’s not on my radar screen.”
But many other businesses, communities and infrastructures are in the state’s line of sight — but the people in charge of them need to speak up so Dunbar knows what resources should go where. He said the state is now in talks with grocery store chains about their power-generation or backup capabilities. The National Guard may be able to ensure delivery of generators in populated areas to “get the power on and keep people fed in the community while the broader recovery happens.”
It’s a challenge to figure out the right chemistry of government and private sector involvement, Dunbar said. And there’s no finish line. He contrasted his present mission of ensuring readiness in the face of constant cybersecurity threats with flying in his early days in the military.
“You put the airplane in the hangar, you’re done. Well, there’s no getting done here,” he said. “It’s 2016. Long after we have departed this earth, this will be a problem for the people on the planet.”
Patrick Schiffman agreed that businesses and government need to team up and develop ways to respond to a widespread failure of the power grid. He’s IT manager at Nord Gear Corp., which produces motors and industrial components used in everything from conveyor belts to Ferris wheels. Together, he speculated, the public and private sectors could come up with creative strategies. Perhaps the government could give companies subsidies to build solar facilities; that way, they could operate without special assistance during a power outage. Or maybe the transportation industry could help the government get supplies to needed locations.
“It’s good that the discussion is happening versus, ‘Oh, we’ll be OK. We’ll figure it out when it happens.’ That’s not the answer,” Schiffman said.
Meantime, Nord Gear is making its own preparations for unforeseen events. The company is working to implement a cloud-based disaster recovery system, Schiffman said, “that will take our infrastructure, resources, our processes and be able to relocate them so we have business continuity of people, places and things,” he said. The company has six locations in North and South America.
“We’re assuming not all of them are affected at the same time because if they are, I’m not caring about the company anymore, right? There’s a bigger disaster that’s out there.”