GreyCastle Security Executive Cautions Against Heavy Reliance on Technology to Protect Nation’s Electric Power Grid

Share Article

Recent grid attacks renew focus on risk level and security weaknesses at Washington cybersecurity summit

News Image
Every cybersecurity risk, whether it’s writing code, misconfiguring a firewall or clicking a phishing link, comes down to a failure in a human being.

While earnestly seeking a solution to the cybersecurity threats that face the nation’s electric power grid, the United States government should include human behavior, not just technology, in its planning and preventing of cyber threats, said GreyCastle Security CEO Reg Harnish following a cybersecurity conference this week in Washington, D.C.

As a leading cybersecurity consulting firm focused on risk management, awareness and incident response with Fortune 500 and global clients, GreyCastle unceasingly counsels clients that “cybersecurity is a people problem.”

“Every cybersecurity risk, whether it’s writing code, misconfiguring a firewall or clicking a phishing link, comes down to a failure in a human being,” said Harnish.

The Bloomberg summit, “The Future of the Grid: Spotlight on Cybersecurity” follows last December’s coordinated cyberattack that cut power to more than 100 Ukrainian cities using commonly available tools. The attack was one of the first known to cause physical impacts to critical infrastructure resulting from cyber warfare and raised questions about the vulnerability of the United States’ own electric grid.

Leaders from the Department of Homeland Security, the Department of Energy, and power industry leaders from around the country and the former director of the CIA used the summit to address the nation’s risk level, current actions or proposals to ensure safety and to discuss proposed legislation.

Suzanne Spaulding, Under Secretary for the National Protection and Programs Directorate (NPPD) at the Department of Homeland Security praised the collaborative efforts taking place between industry and government. She also announced a $15 million innovation investment that the Obama administration wants to shore up both cybersecurity and physical security at the national grid. The money would especially benefit smaller utilities and cooperatives.

Harnish lauded the efforts to secure more funding for technology and innovation, but pointed out that the December Ukrainian attack was one that could have been easily avoided – a sentiment supported by a March 2016 North American Reliability Council (NERC) report.

“Ultimately, someone opened an email they shouldn’t have,” said Harnish.

Other discussions on effective collaboration centered on communication between the government to utilities when the government detects intelligence threats. Former CIA Director General Hayden noted that policy needs to keep pace with the nation’s top-notch cybersecurity professionals and infrastructure in order to make intelligence-sharing effective. Harnish agreed, noting that currently, most organizations can’t act on intelligence, regardless of how relevant it is.

“To combat this globally, we need to make it more expensive for our adversaries to conduct attacks, while making the payday less valuable,” said Harnish. “Think of exploding ink packs in stolen money bags.”

Ultimately, said Harnish, protecting our nation’s electric grid takes a combination of people, process and technology.

Members of the media interested in speaking with Harnish can contact Elizabeth Hilton at ehilton(at)crosswindpr(dot)com. For more information about GreyCastle Security, please visit


About GreyCastle Security:
GreyCastle Security is a cybersecurity consulting firm focused on risk management, awareness and operational security. Our company was established to counter rapidly evolving cybersecurity threats and manage risks in people, processes and technology. GreyCastle Security is comprised exclusively of highly certified professionals with prior security experience in healthcare, education, retail and gaming. Our team members are all former CISOs, ISOs, security specialists and operators. We bring a client perspective to everything we do. All we do is cybersecurity -- all day, every day. We provide assessments, training, testing and response capabilities to organizations of all sizes, types and industries. We bring passionate practicality to cybersecurity. Visit us at for more information, and let GreyCastle Security redefine cybersecurity for you.

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Elizabeth Hilton