 | ||||||||||||||||||||||||||||||||||||||||||||
|
By Anthony David Scott, PE, CISSP
Data management basics ...
These threats demand a different approach toward security from utilities. To secure the Smart Grid, network security needs to be embedded in the fabric of the advanced metering and Smart Grid communication infrastructure architecture, not just the back-office enterprise architecture.
Therefore security architecture must be designed early in the process and aligned with other key business, information and communication architectures. To ensure a compliant architecture, security needs to be based on existing and evolving industry standards, such as NIST 800-53, ISO 27001/2, AMI-SEC and NERC CIP 002-009, FIPS 140-2, FIPS 197, ANSI C12.22, NIST SP 800-57, Smart Energy (SE) 1.0/1.x and OpenSG AMI-SEC, to name a few. In fact, utilities should strongly consider becoming actively involved with industry security working groups to address the evolving industry standards and new and emerging threat scenarios.
All components on the grid need to be tested regularly and thoroughly in order to identify and remedy security deficiencies and patch outdated firmware. As Smart Grids are inherently dynamic, with new IP-enabled assets being introduced, they are susceptible to new and emerging threats as they evolve. As threats evolve so should the security protections in place – with a consistent, well-considered long-term approach and methodology.
As data is generated, moved and stored throughout the grid and within the enterprise, it must be protected with levels of security consistent with the criticality and classification of that data. Consumers, media and regulators alike have zeroed in the on the security and data privacy implications of Smart Grid. Addressing concerns and providing them with reassurance will be a key step to realizing the benefits available from driving adoption of Smart Grid and related technologies.
David Scott is a manager and the lead for Accenture’s Intelligent Network Data Enterprise (INDE) smart grid cyber security framework.
Additional SGN resources …
Smart Grid Security news and technologies A Controlling Interest in Securing Utility Control Systems
Cisco Smart Grid: Company Unveils First of its "Connected Grid" Solutions
SmartSynch and AuthenTec Partner to Fortify Smart Grid Infrastructure (press release/pdf)
DOE Wants YOUR Help on National Broadband Plan, Including Meter Data and Privacy Issues
That Smart Grid Data Surge We Mentioned Earlier? You Can’t Ignore It
Video and Slides from the 'High Performance in Data Management' Webinar
Smart Grid Privacy: Think Smaller to Make Protection Bigger
Smart Grid Security Class Now in Session: Getting Started (and Getting Smarter)
Putting a Price on Smart Grid Cyber Security: How About $21 Billion in Five Years?
NIST Smart Grid Cyber Security Strategy and Requirements Draft (pdf)
The Google Attach and What It Means for U.S. Utilities
Insecurity, the Grid and Getting Smarter About It All
Elsewhere on the Web …
DOE: Roadmap to Secure Control Systems in the Energy Sector
Scientific American: Securing the Smart Grid Journal of Energy Security: Canvassing the Cyber Security Landscape: Why Energy Companies Need to Pay Attention
Toronto Star: Smart Grid Data Must Be Protected – Privacy Czar
Fierce CIO: Austin Energy CIO - Security is a Business Enabler, Not Just a Cost
ComputerWorld: What If the Smart Grid has Stupid Security?
CNet: Joe Weiss, crusader for critical infrastructure security (Q&A)
Forrester blog: Security For Industrial Control Systems — Is It A Missing Link To Critical Infrastructure Security?
Earth2tech: Smart Grid Data: Too Much For Privacy, Not Enough For Innovation?
Accenture: Accenture Launches Smart Grid Data Management Solution to Reduce Risks and Costs of Smart Grid Deployments
Electric Light & Power: 5 Issues to Keep in Mind When Purchasing Communications for the Smart Grid
Got something to say about this article? Be the first to leave a comment!
|
|
© 2012 SmartGridNews - Privacy Policy |
|
||||||||||||||||||||||||||||||||||||||||
Twitter
Facebook
Linkedin
RSS
