Cyber security should be core requirement of utilities, report suggests
SUBNET Solutions Inc | Wednesday, June 05, 2013
Although advanced smart grid technologies are giving utilities never-before-seen ways to collect and leverage grid data, the introduction of wireless technologies - crucial for such data gathering - has also significantly increased the chances of a cyber security breach among North America's power transmission and distribution companies.
What were once isolated structures are now a part of a massive grid that has scores of new access points. Unfortunately, one report has found, many utilities have pressed forward in designing systems based on these smart grid technologies without taking into account the many threats that lay in wait. According to ABI Research, now that many smart grid systems have already been installed, cyber security spending will increase to $2.9 billion by the end of this year.
The trouble will come as utilities install new technology with outdated industrial control systems, which have lackluster authentication measures, poor encryption and struggle to identify when and where an attack occurs. All this together, coupled with a drive to operate at the lowest costs, has increased utilities' susceptibility to attacks.
"Cyber-attacks that can cause serious damage to electrical grids are a reality," said Michela Menting, a senior analyst for cyber security at ABI Research. "Operators need to view cyber security as a core, integrated requirement of their offering and not as a secondary add-on. "Efforts by governments and standardization bodies to tackle vulnerabilities within power control systems are raising the level of awareness."
Menting added that these increased efforts are resulting in "dedicated market" that is focusing on cyber security in some of the nation's most critical assets, including industrial control systems, substations and sensors.
Take the time to build strong
According to Intelligent Utility, power companies are quickly learning how much is at stake if they don't focus more attention on cyber security. However, many still say they don't know where to start, considering there are dozens of different ways to protect a system.
What has generally been considered to be the best, most effective way to protect a utility system is to use a unique cyber security approach. The best of these will be tailored to an individual organization, but still meet the strict standards, guidelines and rules developed by the North American Electric Reliability Corporation (NERC). NERC establishes industry standards that must be implemented alongside other rules drafted by the National Institute for Standards and Technology and the National Electric Sector Cybersecurity Organization Resource (NESCOR).
One the largest trends, the media outlet pointed out, is to combine a strong, tailored cyber security system with a smart grid overhaul. This has led to even more standards and extremely advanced smart grid technologies. In order for companies to best use these developments, they will also need to invest in training programs and strong staff that know how to leverage the systems to help drive operational efficiency.
According to the news source, this has been one of the largest problems for utilities. One single person shouldn't be assigned to managing cyber security, but rather a team of trained professionals. Many organizations say their cyber security is lacking because of a drop in funding.
"I have heard it stated that information technology should be 15-20 percent of your overall organization's budget and cyber security should be 15-20 percent of that amount," wrote Slade Griffin, director of energy systems security at EnerNex. "This would mean for every one million dollars of budget, $200,000 would be allocated to information technology and $40,000 would be allocated to cyber security."
SUBNET has helped utilities comply with stringent NERC CIP standards by leveraging existing utility assets and using established IT equipment, as opposed to making the utility replace or upgrade all software and hardware.
Substation Cyber Security