Modernizing the nation's power grid has been a top priority among both the U.S. government and utility companies charged with overseeing the delivery of energy resources.
However, a rush by the U.S. Department of Energy to leverage stimulus money to complete projects quickly may have left the entire system vulnerable to cyberattacks, according to audits conducted by the department's Office of Inspector General.
In 2007, the Energy Independence and Security Act created the Smart Grid Investment Grant (SGIG) program, and two years later, the American Recovery and Reinvestment Act of 2009 allocated $3.5 billion for energy upgrades. However, according to the Department of Energy inspector general Gregory Friedman, many of the organizations that have received federal funding have not prioritized data security.
Friedman's office found that 36 of 99 recipients, "who were each given between $400,000 to $200 million as part of the stimulus package, did not take all the required security steps to ward off a cyberattack," according to the Washington Post.
What's worse, the Department of Energy was aware of these Internet security weaknesses, but awarded grant money regardless of the issues, the newspaper stated. And many of the utilities continued to ignore the threat of cyberattacks even after being instructed by the department to make improvements.
“The initial weaknesses had not always been fully addressed, and did not include a number of security practices commonly recommended for federal government and industry systems," auditors said, according to the Post.
It appears that much of the funding utilities and other energy companies have received from the government have gone toward updating transmission and distribution systems. The newspaper stated that modern technology in this area provides consumers with real-time information about fluctuation in electricity prices. Overall, the goal is to save consumers money, while also reducing the number of outages.
However, many have argued that enhancing data security should be mentioned in the same breath as other important benchmarks, especially considering smart grid technology relies heavily on the Internet.
In November, Pike Research released its assessment of the smart grid security market in the United States. While there is progress in the area, numerous challenges will continue to arise throughout 2012 because "utility cybersecurity is in a state of near chaos," analyst Bob Lockhart said.
“After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended," he added.
Several trends will become apparent moving forward, Pike found. Security deployments will differ by region, industrial control systems – not smart meters – will be the primary cybersecurity focus and older power grid devices will continue to pose problems.
Making improvements to smart grid security has to be a focus for utilities, as many executives at these organizations say investments will only increase this year. Zpryme Research and Consulting recently polled 312 industry executives and found that 63 percent expect spending to rise during the next two to three years.
The federal government will play a key role in this, as more than 90 percent of respondents said its involvement through grants, loans or subsidies is "very important."
“Utility investments will increase because smart grid technology is the only rational long-term strategy to manage the complex requirements of renewables integration, government regulation, emissions requirements and increased stakeholder demands," Schneider Electric Demand Response Resource Center senior manager Phil Davis told Zpryme.
Security News from Trend Micro