Experts stress the vulnerability of the electric grid to cyber security attacks
SUBNET Solutions Inc | Friday, June 17, 2011
Over the past few months, there have been a spate of cyber security attacks against a number of high-profile businesses and government agencies, worrying experts and fueling the government to speed up its smart grid security measures, according to a published report.
Though hackers have long caused headaches for information technology (IT) workers at companies throughout the world, their attacks have become increasingly brazen and are occurring at such a torrid pace that many companies in the U.S. - especially utilities - are vulnerable to the nameless, faceless computer geniuses.
According to a report from the Boston Herald, the computer security firm Veracode, which is based in Burlington, Massachusetts, recently found that cyber security attacks have surged by more than 25 percent over the past few months, with the origin of the hacking attempts emanating from all corners of the globe.
Moreover, Annabelle Lee, a technical executive for cyber security at the Electric Power Research Institute (EPRI), and a senior cyber security strategist at the National Institute of Standards and Technology (NIST), affirmed that utilities should ensure that they follow the critical infrastructure protection (CIP) regulations set forth by the North American Electric Reliability Corporation (NERC).
Lee also contends that utilities should do more to establish a set of best practices to protect their transmission and distribution channels.
Still, many industry experts - Lee included - assert that there is not a consensus around standards identified by NIST to protect the efficacy of the nation's power supply network. Many analysts believe more must be done to enforce smart grid security measures, and regulators are having a difficult time drafting new legislation that is all-encompassing in scope.
"This is another area where the IT, telecom and electric sector communities need to come together to figure out how to use these standards in the electric sector," Lee said. "To correctly address cyber security, one needs to look at it end-to-end. It requires examining the technical, physical and administrative procedures. Even if FERC had adopted a specific family of standards, that would not have been the entire solution."
Ultimately, utilities should designate an expert within the company who can overhaul cyber security policies and effectively communicate that approach, Lee said.
"Part of the problem in approaching cyber security is that many organizations don't have people who understand this," she affirmed, noting that by appointing one employee as a point person, utilities can help to ensure their networks are more secure.
Substation Cyber Security