Canadian Utilities Nervous About U.S. Smart Grid Security Proposals

Canadian utilities are getting nervous about what they see as probable unilateral action by the U.S. to protect the electric grid in the event of cyber-attacks.

The Canadian Electricity Association (CEA), which includes utilities, power providers and others in its membership, says the four cyber-security bills now in Congress include inadequate or no requirements for the U.S. to consult and coordinate with Canada before responding to a cyber threat to the country's electric grid. To say it's making them nervous is an understatement.

"They've got to realize that the North American grid is international, it's interconnected, it's integrated. Consultations, cooperation between governmental authorities on both sides of the border is going to be imperative, otherwise you won't be able to ensure system reliability and you'll probably undermine system reliability," said the CEA's Francis Bradley, who was quoted on Canada.com. At least one Canadian critical infrastructure expert has agreed that a bilateral security agreement should be implemented between the two countries.

Bradley cautioned that a lack of coordination could result in power outages, even if a given action taken "is the right thing to do."

However, Canadian Public Safety Minister Peter Van Loan, also quoted in the article, bluntly refuted the CEA's concerns. "Frankly, if somebody launches an attack and you haven't made yourself technically resilient, it really doesn't matter whether or not the (the U.S.) is consulting with Canadians or not." While Canada has been working on its own grid security plans, Van Loan declined to comment on when they might be announced.

The CEA is correct about one thing, at least. The U.S. is taking grid security issues seriously. Security experts and others have been raising red flags regarding the adoption of Smart Grid technologies such as smart meters and other two-way communications systems, warning that the new high-tech electric grid will be extremely vulnerable to attack if adequate security isn't built into the system.

Also, President Barack Obama in May defined the country's digital infrastructure as a strategic national asset -- and the Department of Energy required that applications for Smart Grid investment grants (which were announced in late October) contain solid provisions for implementing security measures.

Former national intelligence director and retired admiral Mike McConnell underscored the issue earlier this month when he told 60 Minutes that he believes the U.S. electric grid could be hacked successfully. And, it has been widely reported that cyberspies have in the past gained access to the U.S. grid. While the hacking did no damage, the outcome could be very different in a time of crisis or conflict, experts warned.

   Quick Take:  We are inclined to agree with Canadian Public Safety Minister Van Loan,  who framed the issue succinctly:  If attacked, the grid will survive or fail in a hurry—and the most important concerns now should be preparation and prevention.

   Canada.com news article

   InformationWeek news article

   Smart Grid security resources on SGN