Report shows smart grid operators must integrate security, compliance processes
SUBNET Solutions Inc | Friday, January 06, 2012
A recent report highlighted the need for critical infrastructure operators, such as smart grid management teams, to take an integrated approach to improving monitoring, management and protection of the new smart grid, eWeek reports.
According to the news source, a smart grid sans standards and the increasing threat of aggressive cyber attackers pose major challenges for electric utilities. As more critical infrastructure goes the way of automated systems and grids that are highly complex, IT teams will need to find a more efficient way to ensure protection of the infrastructure. To do so, many are relying on new technologies and tools that were designed to integrate security, compliance and change-management processes.
The report, issued by Pike Research on January 4, found that the bulk of utilities endeavoring to develop a smart grid system did so without long-term foresight or a cohesive master plan. With smart grids defined as infrastructure, they are inclined to contain heterogeneous systems that often have trouble communicating with one another and can be difficult to manage. The issue becomes even more challenging as development of intelligent devices continues to grow at an exponential rate.
"It is rare that the entire automation system was developed based on a single architecture or framework that identifies the applicable policies to protect, monitor and manage the system," the analysts wrote.
While the first management challenge associated with the smart grid comes as a result of convoluted lists of components that have been deployed and must be monitored due to their incompatibility, cyber security also looms as a serious issue, the media outlet stated.
The analysts warned that with so many new access points, cyber attackers have the opportunity to probe the control network to find a vulnerability. Although worms such as Stuxnet and Night Dragon were dangerous, they had specific targets. More serious attention should be paid to the sweeping cyber attacks that exploit a fault that could exist in several installations, the report said.
Now, utilities are realizing that overlaps in the processes, data and technology being employed by security, compliance and operations managers can be combined to untangle the environment and improve efficiency.
New tools that enable administrators to gain real-time visibility into their industrial control systems are beneficial, but also lack security, the report said. Such products introduce new "operating systems, applications and hardware that have vulnerabilities" into the environment, and can be the target of an attack that would not have previously existed.
For the best security, administrators need to manage and secure their control systems in the same manner other IT systems are run.
"Control system security requires an understanding of the data being transported through the infrastructure," the report stated.
Experts also noted that security is not synonymous with compliance, although compliance functions are usually a form of a security function with additional reporting capabilities.
SUBNET has developed several solutions that directly face the challenges presented in Pike's report. The solution provider's Unified Grid Intelligence interoperability philosophy addresses the problem of the hodgepodge of new devices that have appeared by creating a network in which all intelligent electronic devices (IEDs) have communication capabilities. The solution drives the company's holistic approach to real-time integration of smart grid systems.
In addition to improving efficiency, SUBNET products and solutions can also help utilities comply with NERC CIP standards. But where many vendors require utilities to replace or upgrade hardware and software, SUBNET leverages a company's existing assets and uses their established IT policies to help meet regulations - a method the report noted is the most efficient and secure way to integrate smart grid devices.
Substation Cyber Security
Substation Automation & Remote Access