GAO remarks on the challenges of keeping the smart grid secure
SUBNET Solutions Inc | Wednesday, February 29, 2012
The electric industry is increasingly incorporating more intelligent components into the nationwide grid in an effort to improve reliability and efficiency and promote the use of alternative energy sources, such as wind and solar power.
While the use of these implements can result in huge benefits for utilities and electricity consumers alike - such as less frequent and shorter outages and lower rates - more reliance on such a network also exposes the grid to cyber security vulnerabilities. These weak points could potentially be exploited by attackers, prompting the Government Accountability Office (GAO) to identify the protection of systems that make up America's critical infrastructure.
GAO has issued a statement describing the cyber threats that are challenging cyber-reliant critical infrastructure and the major challenges that will be faced when securing smart grid systems and networks.
"Threats to systems supporting critical infrastructure which includes the electricity industry and its transmission and distribution systems are evolving and growing," the statement read. "In February 2011, the Director of National Intelligence testified that, in the past year, there had been a dramatic increase in malicious cyber activity targeting U.S. computers and networks, including a more than tripling of the volume of malicious software since 2009."
The monitoring or recording of substation data, such as passwords transmitted in clear text, while they are being sent over a communications link was said to be a highly dangerous threat that would be amplified by deployment of the smart grid. To prevent this form of breach, utilities will need to greatly increase cyber security.
SUBNET's Unified IED Access Control Security mitigates the risks associated with the smart grid, allowing utility professionals to manage data from their intelligent electronic devices remotely and securely. The solution also enables the secure management of thousands of IED passwords across a broad range of substations.
The electric industry will also need more regulation, GAO says. Along these lines, state and federal authorities have been developed, such as the North American Electric Reliability Corporation (NERC), which has the responsibility of conducting reliability tests and enforcing mandatory standards to ensure reliability of the bulk power system.
SUBNET helps utilities comply with standards established by NERC not by forcing the replacement or upgrade of hardware or software, as many vendors do, but by leveraging the existing assets of a utility and using established IT policies to meet regulations.
Substation Cyber Security