Smart grid security threats worse than ever, experts say
SUBNET Solutions Inc | Monday, August 20, 2012
By now, authorities and regulators have made clear the potential detriments that could come from a cyber attack on the nation's critical infrastructure. But an increasing number of expert analyses show despite the awareness and forewarnings, the North American electric grid is at more risk than ever.
According to Fierce Smart Grid, the sheer scope of projected smart grid adoptions will be enough to cause concern. The Edison Foundation forecasts some 65 million smart meters will be in use around the U.S. by 2015, while the number of utility-installed intelligent electronic devices (IEDs) that connect directly to the grid will also skyrocket.
Without appropriate action, the combination of remote access and these new devices could create such a high number of vulnerabilities that utilities could struggle to keep up with potential attackers.
"There are all kinds of things that are reachable by external bad guys and internal bad actors," said Andy Bochman, Energy Security Lead at IBM.
These threats from bad guys and actors could come from an attacker with a nefarious agenda, a disgruntled worker with a company or even accidental misuse of new smart grid technologies. And, given the highly complex nature of these products and solutions, the latter could occur more than many think if workers are not trained properly.
According to the media outlet, although many threats have been identified, many more could be hiding in the shadows.
"One of the biggest challenges is to determine if there is anything that is lying in wait out there to get us," said IEEE senior member Sam Sciacca.
Christopher Behme, an energy and utilities partner for SunGard Global Services, stated that if the U.S. hopes to create a more secure smart grid, it will take the cooperation of several organizations, including utilities, regulators, vendors and others in the industry. However, he said, it will likely all begin with utilities, who he encouraged to take a holistic approach to cyber security.
"Take that step back and think about and then plan for the future," he said. "You may not know 100 percent, but you can still go back and build some of that infrastructure."
In addition to utilities looking internally at their cyber security and developing appropriate ways to mitigate the risk of a cyber attack, utilities will also be forced to comply with strict standards established by the North American Electric Reliability Corporation (NERC). According to the news provider, NERC CIP standards, which were designed to protect America's critical infrastructure, regulate cyber security practices to ensure grid reliability. Such forms of compliance include sabotage reporting, identifying critical assets, establishing training programs and using appropriate software to control security systems.
SUBNET helps utilities with such compliance measures, ensuring utilities maintain strong cyber security standards across their entire enterprise and all of their substations.
With SUBNET's solutions, generation, transmission and distribution companies can meet NERC CIP standards without replacing or upgrading both hardware and software, but rather by leveraging existing utility assets, and using IT policies that are already in place.
NERC, however, is not the only body working to promote cyber security. IEEE has drafted several benchmarks concerning the matter, including one initiative that defines security features for IEDs, and another that identifies utility best practices for designing security systems.
"It is the hopes of those groups in developing this standard that NERC and others will look at [an IEE standard]," Sciacca concluded, "and say that it represents the best thinking of what really could be and should be done in the field of cyber security."
Substation Automation & Remote Access