Click to Print This Page

Back to Article


SmartGridNews.com
The insider's guide to the modernization and automation of electric power

Smart Grid Security and Compliance Pressures Putting the Squeeze on Utilities
By Andy Bochman
Aug 3, 2010 - 2:21:56 PM

.

If you're not the head honcho for security at a medium-to-large utility company in the USA these days, you should consider yourself fortunate that, regardless of your profession, your life is much less complicated than theirs. If you are in such a position, you have my sympathy, and depending on how you're managing, my respect.

Read more on         Smart Grid security ...
Report: Smart Meters One of the Grid's ‘Weakest Links’

For Utilities, Stuxnet Worm Poses Real Threat

Warning: The New Security Demands That Utilities Can't Ignore

Seems to me you are in a damned if you do, damned if you don't situation. On one hand, you must do everything you can to keep the processes in place that have kept the customers' lights on 24/7/365 over the past decades of your career. Moving too far, too fast with new technology or methods puts that number one metric at risk. On the other hand, in order to put your organization in position to pass its NERC CIP compliance audits and avoid fines and other negative fallout, you must substantially upgrade and update the security controls on some of your most important systems.

Like the oft-referenced complex challenge of repairing an airplane in flight, you face the dilemma above in a time of unprecedented change in an industry ill-equipped organizationally to make fast changes. For example:

  • In a sector largely insulated from competition, deregulation (in some regions) now adds that factor to the mix. And some of the competitors are from another planet, culturally speaking (see: Google, Microsoft, etc.)
  • AMI and Smart Grid initiatives are encouraging you to connect systems that were once protected, in part, through isolation
  • Business models look like they're in a position to turn inside out and dis-intermediation is a real possibility
  • The FERC/NERC CIP cyber-security regulatory regime is moving fast; you're given a scant two years to turn your ship in the right direction (impossible for some), and rumors of more stringent and burdensome standards coming abound
  • And last but not least, what about the GRID Act? Its passage looks like a near certainty. You only thought you had compliance problems before !!!

Just writing this list makes me gets me all worked up. Time to turn to the timeless wisdom of the Ramones "I wanna be sedated." OK, better now.

So, in this climate, should you err on the side of doing too much? Moving your org rapidly towards better security and compliance but adding an unknown amount of reliability risk even as you seek to reduce it? Or lean towards preserving the steady state status quo and do too little, and risk getting slammed by fines ... or worse (Stuxnet anyone)?

 

Often there's a middle path you can construct that gives you a nice balance of risk and reward, but I'm not sure that's the case here. But whatever you choose, the rest of us on this blog appreciate the tight spot you're in and will do as much as we can to make your world a little simpler.

 

Andy Bochman and Jack Danahy are authors of the Smart Grid Security Blog.
.

Stay connected with SGN …

Smart Grid Discussions: Get LinkedIn with Jesse

Smart Grid on Facebook

Follow Us on Twitter

Try our RSS feed

Get our email digest

 

 

Subscribe to our FREE eMail News Alert!
Smart Grid Newsletter (SGN) is the insider's guide to the Smart Grid revolution. It consists of a FREE bi-monthly email summary, along with a companion Web site that contains the full stories and other helpful materials.

Benefits of subscribing: SGN is the only central source for all of the news, trends, research and marketplace information relevant to grid automation. In it, you will read about cutting edge technologies; successful pioneers and how they got ahead; regulatory changes that could unleash new markets; the latest research; and new opportunities for sales of grid-related products and services.


© Copyright 2009 SmartGridNews.com