The connectivity and bi-directional communications that are hallmarks of a modern grid at the same time create new concerns about data privacy, confidentiality and integrity. David Scott of Accenture’s cyber security team explains why enabling technologies will expand potential attack vectors – and what utilities must do differently. ">
Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

Warning: The New Security Demands That Utilities Can't Afford to Ignore
By Guest Editorial
Jun 2, 2010 - 10:52:47 AM

By Anthony David Scott, PE, CISSP

 

The connectivity, bi-directional communications, ability to alter state and intelligence embedded in Smart Grids create new concerns about data privacy, confidentiality and integrity. As enabling technologies push actionable logic to the edges of transmission and distribution end points, network security vulnerabilities expand potential attack vectors as well.

Data management basics ...                               

Start with a Fully Baked Smart Grid Roadmap

Build a Future-Friendly Data Management Framework

7 Tips from the Trenches

Data Management Q&A Series: Experts Answer Your Questions

A Repeatable Framework for Smart Grid Data Management

Vendors See Huge Opportunities in All That Data

Achieving High Performance in Smart Grid Data Management

MDM Trends and Technologies

Smart Grid Strategies

 

These threats demand a different approach toward security from utilities. To secure the Smart Grid, network security needs to be embedded in the fabric of the advanced metering and Smart Grid communication infrastructure architecture, not just the back-office enterprise architecture.

 

Therefore security architecture must be designed early in the process and aligned with other key business, information and communication architectures.  To ensure a compliant architecture, security needs to be based on existing and evolving industry standards, such as NIST 800-53, ISO 27001/2, AMI-SEC and NERC CIP 002-009, FIPS 140-2, FIPS 197, ANSI C12.22, NIST SP 800-57, Smart Energy (SE) 1.0/1.x and OpenSG AMI-SEC, to name a few.  In fact, utilities should strongly consider becoming actively involved with industry security working groups to address the evolving industry standards and new and emerging threat scenarios.

 

All components on the grid need to be tested regularly and thoroughly in order to identify and remedy security deficiencies and patch outdated firmware. As Smart Grids are inherently dynamic, with new IP-enabled assets being introduced, they are susceptible to new and emerging threats as they evolve. As threats evolve so should the security protections in place – with a consistent, well-considered long-term approach and methodology.

 

As data is generated, moved and stored throughout the grid and within the enterprise, it must be protected with levels of security consistent with the criticality and classification of that data.  Consumers, media and regulators alike have zeroed in the on the security and data privacy implications of Smart Grid. Addressing concerns and providing them with reassurance will be a key step to realizing the benefits available from driving adoption of Smart Grid and related technologies.

 

David Scott is a manager and the lead for Accenture’s Intelligent Network Data Enterprise (INDE) smart grid cyber security framework.

 

Additional SGN resources …

Smart Grid Security news and technologies

A Controlling Interest in Securing Utility Control Systems

Cisco Smart Grid: Company Unveils First of its "Connected Grid" Solutions

SmartSynch and AuthenTec Partner to Fortify Smart Grid Infrastructure (press release/pdf)

DOE Wants YOUR Help on National Broadband Plan, Including Meter Data and Privacy Issues

That Smart Grid Data Surge We Mentioned Earlier? You Can’t Ignore It

Video and Slides from the 'High Performance in Data Management' Webinar

Smart Grid Privacy: Think Smaller to Make Protection Bigger

Smart Grid Security Class Now in Session: Getting Started (and Getting Smarter)

Putting a Price on Smart Grid Cyber Security: How About $21 Billion in Five Years?

NIST Smart Grid Cyber Security Strategy and Requirements Draft (pdf)

The Google Attach and What It Means for U.S. Utilities

Insecurity, the Grid and Getting Smarter About It All

 

Elsewhere on the Web …

DOE: Roadmap to Secure Control Systems in the Energy Sector

Scientific American: Securing the Smart Grid

Journal of Energy Security: Canvassing the Cyber Security Landscape: Why Energy Companies Need to Pay Attention

Toronto Star: Smart Grid Data Must Be Protected – Privacy Czar

Fierce CIO: Austin Energy CIO - Security is a Business Enabler, Not Just a Cost

ComputerWorld: What If the Smart Grid has Stupid Security?

CNet: Joe Weiss, crusader for critical infrastructure security (Q&A)

Forrester blog: Security For Industrial Control Systems — Is It A Missing Link To Critical Infrastructure Security?

Earth2tech: Smart Grid Data: Too Much For Privacy, Not Enough For Innovation?

Accenture: Accenture Launches Smart Grid Data Management Solution to Reduce Risks and Costs of Smart Grid Deployments

Electric Light & Power: 5 Issues to Keep in Mind When Purchasing Communications for the Smart Grid

Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2009 SmartGridNews.com