Report finds smart grid growing increasingly vulnerable to cyber attacks
SUBNET Solutions Inc | Wednesday, December 07, 2011
America's electric grid has long been regarded as a heavily targeted cyber attack point, but with the advent of the interactive smart grid - which features wireless remote access of substations - the old, insecure system is becoming increasingly more vulnerable, a new report suggests.
The Massachusetts Institute of Technology's "Future of Electric Grid" study found that although new cybersecurity standards have been developed for the smart grid, electric utilities are creating more vulnerable access points than they can patch, essentially allowing hackers an easy way in.
"Millions of new communicating electronic devices ... will introduce attack vectors – paths that attackers can use to gain access to computer systems or other communicating equipment," the report states. "That increase[s] the risk of intentional and accidental communications disruptions," including "loss of control over grid devices, loss of communications between grid entities or control centers, or blackouts."
All of the new sensors installed on substation equipment will soon be connected to communications modules, which will create millions of new components from hundreds of manufacturers and software from a number of developers. With so many interfaced components, the system's complexity will increase significantly, as will the number of cyber vulnerabilities, the media outlet stated.
The estimated costs to ramp up smart grid security to acceptable levels is about $3.7 billion, but to make the case for further investment could prove to be difficult, the report found, as the probability of a serious attack is so low. Much of the time, what starts out as promising regulations dwindle to mere suggestions for utilities as threats continue to evolve, hindering cybersecurity improvements.
However, many organizations are approaching cybersecurity with the utmost sincerity. The Federal Energy Regulatory Commission (FERC) and the North American Electric Reliability Corp. (NERC) currently are working together to oversee the development of cybersecurity standards for companies with operations in the bulk power system.
Now, it is becoming more important than ever for utilities to follow NERC's guidelines for critical infrastructure protection, which were created to protect the nation's most vital assets.
SUBNET Solutions Inc., which offers utilities expertise in substation automation and remote access, works with companies looking to maintain strong cybersecurity standards across their enterprise and substations.
The company has developed solutions that help generation, transmission and distribution companies meet the stringent standards set by NERC. Where many vendors require utilities to replace or upgrade their hardware and software, SUBNET leverages the company's existing assets and current IT policies to meet the agency's regulations.
Such measures to ensure utilities follow cybersecurity guidelines are finding their way into Congress, with one Senate bill proposing that oversight authority of cybersecurity lie with FERC and the Department of Energy. Action from the bill is expected as early as the first month of 2012.
According to Information Week, the report suggests that central leadership would be the nation's best option for protecting its electric infrastructure.
"To cope more effectively with increasing cybersecurity threats, a single federal agency should be given responsibility for cybersecurity preparedness, response, and recovery across the entire electric power sector, including both bulk power and distribution systems," the report says. "Ongoing jurisdictional confusion raises security concerns, underscoring the need for action."
The news source states the threat from hackers looking to disrupt the grid is in fact very real, with reports of Chinese and Russian government hackers looking for access points as far back as 2009.
As the smart grid continues to develop, there will be a need for a cyber security system as advanced as the components being installed nationwide.
Substation Cyber Security
Substation Automation & Remote Access