U.S. smart grid projects lack critical cyber security
SUBNET Solutions Inc | Wednesday, February 01, 2012
A new report from the U.S. Department of Energy's inspector general shows that about one-third of U.S. smart grid projects developed with funding from the DoE failed to meet the necessary security requirements, Renew Grid Magazine reports.
As a part of its smart grid investment grant (SGIG) plan, the DoE has doled out 99 grants ranging between $400,000 and $200 million. However, the report indicates 36 percent of projects started with these funds were missing at least one required cyber security element.
The report stated one application only dealt with cyber security in general terms.
"The plan stated that the recipient used monitoring, logging, and alerting technologies to detect incidents and exploits, but did not detail how these systems worked in its specific environment," it said.
Yet another project was missing a formal risk assessment for new technology being used, creating fears that vulnerabilities and threats to the new system would go unnoticed, according to the news source.
"The approved cyber security plans did not adequately address security risks or planned cyber security controls," the report said in summary.
Another study noted in the report, conducted by the DoE's Office of Audits and Inspections (OAI), analyzed a large number of projects started by private companies, utilities, manufacturers and cities to install smart meters, substation automation and in-home displays. The installation began after the funds from the DoE spurred activity, however the OAI claims a rush to get those funds may have led to the current cyber security problems.
"The issues we found were due, in part, to the accelerated planning, development, and deployment approach adopted by the [DOE] for the SGIG program," the report states. "In particular, the [DOE] had not always ensured that certain elements of the SGIG program were adequately monitored."
The OAI report recognized that recipients of the funds were given three years to implement cyber security controls. It acknowledged that security plans will continue to evolve as more systems are developed, but that such a time frame may lead to problems in existing gaps that could result in a system to be compromised before security measures are implemented.
SUBNET Solutions Inc. works with utilities that hope to maintain strong cyber security standards across all of their enterprise and substations. SUBNET offers solutions that enable generation, transmission and distribution companies to meet NERC CIP standards by leveraging existing assets and corporate IT policies.
Substation Cyber Security
Substation Automation & Remote Access