Industry expert warns utilities must upgrade cyber security protections
SUBNET Solutions Inc | Wednesday, July 06, 2011
The increasing threat of smart grid cyber security attacks are prompting utilities to overhaul their cyber security practices. According to a published report, many companies that operate power supply networks are implementing certain measures aimed at protecting the efficacy of the grid.
Pike Research senior analyst Bob Lockhart, in an interview with Computing Magazine, affirms that smart grid operators both in the U.S. and abroad are scrambling to adopt cyber security protocols that will protect the power grid from hacking attempts. According to the industry expert, the most successful cyber attacks often are carried out by those with inside knowledge of a company's network.
Still, he asserts that a skilled hacker does not need an insider from a utility company to carry out a successful attack. Automated substations, for example, are often located in public areas where they are exceedingly vulnerable to physical and cyber security infiltrations, Lockhart affirmed.
Moreover, Lockhart said that power companies are vulnerable nearly everywhere to cyber security breaches.
"A vulnerability particular to information control systems (ICS) is that much of the equipment, networks and software are older, and adding security can be problematic," he said. "Although lot of ICS equipment, SCADA [supervisory control and data acquisition] devices and networks were designed to be isolated from the Internet and from corporate Enterprise IT networks, this has been difficult to accomplish."
Still, even some cyber security protocols meant to protect against hackers are failing, analysts assert. With the proliferation of physical attacks, hackers are finding ways to circumvent certain security procedures. The Stuxnet worm deployed against the computer system that runs Iran's nuclear power program is an example of such a coordinated attack.
Lockhart also recommends that utilities implement remote support connections. Such systems, he asserts, can help to "undermine quite a lot of expensive network perimeter security" measures. Encryption can also be an effective tool against hackers - when it is well-installed. Otherwise, they are not as efficacious.
Certain utilities have been loath to implement cyber security measures because they are concerned about the return on investment (ROI) of the systems, but that is a weak argument against them, Lockhart contends.
"There are some in the utilities industry who aren't sure that security will prevent an attack, but it will look better when the lawsuits are filed if there had been a level of due care protection of assets in place," he said.
Substation Cyber Security
Substation Automation & Remote Access