Senators support 'red team' hacking of power companies to identify vulnerabilities

摘要

Federal agencies and regional grid operators generally lack the authority to subject private electric utilities and power generators to simulated hacks and testing of their systems for cybersecurity vulnerabilities, a security gap that key senators said Aug. 5 they would work to rectify.By viewing the system through the eyes of a bad actor, penetration testing and red teaming operations seek to assess where and how a hacker might target an energy asset, how the company's defenses would fare under attack, and the potential magnitude of a breach. These hacker-for-hire type security measures are employed to ferret out potential problem areas and resolve weaknesses before nefarious entities can exploit them.