WAPA’s Cyber Security Manager Shares Memories of Y2K, EPTC, Early Cyber Security
Former Cyber Security Manager Laurent Webber came to WAPA as an electrical engineering contractor for the Maintenance and Operations Technical Support contract in 1986. Initially working in the Communications branch, he soon began teaching students how an electric power system operates using classroom instruction and hands-on experience on simulators at the Electric Power Training Center. During that time, he worked on developing, upgrading, and programming the computerized simulators. In 1991, he was hired into a Federal position. After Transformation in 1995, Webber moved into the IT field and was selected as WAPA ’s Cyber Security Program manager, overseeing the protection of Western’s mission-critical computer systems and networks.
Y2K
“Y2K was not as exciting as everyone might imagine. It was a rather long project where we were listing equipment, tracking dates and patches to ensure that everything was ready to go and getting verification from vendors to find out if their product was Y2K-compliant and planning for that fateful night when nothing happened.
“For our IT systems, we had shut down everything that was not essential (because) we didn’t want the systems running unattended as the year rolled over and have them go haywire.
“Later on when they brought the systems back up, we watched them to make sure there were no problems. There was a concern that there would be attempts at breeches of our system, but we didn’t have any issues like that. There may have been very minor glitches, but I don’t recall anything serious happening with Y2K. There may have been problems if we hadn’t prepared so well. And across the Western hemisphere, I had the opportunity to observe the turn of the century occurring around the world before it happened here, Greenwich time. A lot of computers are still set to Greenwich Time (UTC) so that rollover occurs six hours before everything else. Nothing significant was happening anywhere else, so I thought we’d probably be OK.”
Development of Cyber Security
“When I first started with the job, it as pretty much me. I was cyber security. I managed the logs—it started out pretty much just watching traffic on the Internet, making sure there was no malicious activity going on. When DOE first started to review our systems, they found a few vulnerabilities and I began to work to eliminate those vulnerabilities. Some of the vulnerabilities were related to systems that were available on the Internet. DOE (contacts) and myself in cyber security thought they shouldn’t be available on the Internet. It was sort of policing the systems, telling people they shouldn’t do things they believed they could. Gradually, people have come around to understand that it is important to maintain good security and protect ourselves from the Internet.
“In the beginning, cyber security was primarily strengthening (the network) to keep external hackers out with a high degree of trust of our internal users. (We developed) a strong perimeter. That served us well for a number of years, but now things are changing. Even if you have full trust of your own internal users, there are enough tricks and techniques that hackers can use to sneak malicious code into the organization that even when you can trust your people, you just can’t trust the PCs that you have. You can’t trust your computer. Unfortunately, some people get the idea that we don’t trust them. It’s not them, it’s their PCs we don’t trust. It has the appearance that we don’t trust our own users because there are so many things we disallow, and we filter and monitor.”
Virus/Worms/Hackers
“We’ve had a couple incidences with viruses and worms here. Before we began filtering attachments in our e-mail, it was a race between the virus companies and the hackers. If the hacker could get a virus to spread fast enough, it would reach (the system) before the virus signatures. There were two of them that hit us pretty good before we were able to convince people it was a good idea to filter the attachments in e-mail. One was Blaster—one of them infected about 130 machines. The other one we were able to hold it down to about 28 machines. They were the only two viruses that got in and spread and presented a challenge.
“It was challenging to be monitoring the intrusion detection and the firewall looking for any activity on systems that they might be infected, having to get in touch with people in the regions, identifying where the machine is, get(ting) in touch with someone who was physically close enough to shut the machine off and prevent further spread of the virus, and getting information to employees that this is a dangerous e-mail that might be in your in box. We’ve had a few near misses where we notified people to be careful of malicious code could be in your in box.
“Hackers are getting more and more sophisticated. It’s been a process of gradual increases in sophistication, both in the hackers and our defenses. We have to keep building more sophisticated defenses because the hackers keep getting more sophisticated. Fortunately, Western is on the leading edge of preventing the hacking target. We’ve been able to stay one step ahead by paying attention to what happens to other people, other areas. We see where the threats come from, what the new hacking techniques are and being able to modify our defenses and build our defenses to keep them out.”
Importance of Cyber Security
“It’s helped us do business by keeping us in business. The IT systems are extremely important part of WAPA’s mission. Without cyber security, those systems wouldn’t run very long. You can’t be without cyber security. We have to have virus protection, we have to have firewalls, we have to have restrictions on services—all those things are so necessary. If we didn’t have them, we wouldn’t be doing any computer operations. We would all be owned by hackers, doing nothing but sending spam. I can’t imagine not having cyber security tools. It’s impossible.”
WAPA’s Best Defenses
“We have antivirus programs, Web proxy, e-mail attachment filtering, and firewalls with ingress and egress filtering and penetration testing. We also have certification and accreditation, cyber security awareness training and rules of behavior.”
Teaching Students at the EPTC
“The best memories are of the dispatcher intern programs. WAPA had a program to develop power system dispatchers through the EPTC and on-the-job training. The students would rotate through the EPTC periodically, so I would get to know them pretty well. I could teach them about the physics and math of electric power, but they taught me a lot about the day-to-day operation of the system.”
“The EPTC miniature power system was designed and built around 1968. The most interesting part was the governor (speed control) simulator. That was basically an analog computer system, which required constant tuning, adjustment, and frequent repair. Often, when a component failed it was a challenge to determine the specifications and find a modern replacement to do the job. The old Dispatcher Training Simulator was a Control Data computer. Finding and replacing parts in that was a real challenge. When replacement circuit boards couldn’t be found, I had to troubleshoot down to the chip level and replace those.”
“WAPA had to create their own program and standards for dispatchers back then. Today there are certification programs developed by the reliability organizations.”
Transformation
“Transformation prompted me to substantially change my career and my involvement with WAPA’s primary mission. With the move to IT, I became more aware of the underlying support functions that help Western meet its primary mission of supplying safe, reliable electric power. Cyber Security work has helped me to develop many important skills and without transformation I may never have gone in this direction.”
The Future of Cyber Security
“One of the biggest challenges is differentiating between normal activity and malicious activity. Many security products today try to identify the malicious behavior or keep track of the bad web sites and block them. The number of variations on malicious behavior is growing to the point that someday it will be easier to list the allowable protocols than to list the disallowed. The bad Web sites move around so much that it is becoming impossible to track them all. Today the philosophy is to allow everything except what is known to be bad. I think the future will be to allow nothing unless it is known to be good.
“Another aspect is that many protocols like e-mail and Web pages are based on standards developed before security was an issue. One of the biggest challenges will be to replace these legacy protocols with more secure protocols. There is such a huge dependence on old protocols like e-mail that it will be difficult to get anyone to change.”
Last modified on September 10th, 2024