The fragile state of energy grid cybersecurity has been detailed in a variety of public and private sector discussions over the past year, but consensus on how to eradicate current and future vulnerabilities has been slow to develop. According to the latest survey sponsored by nCircle and EnergySec, this lack of standardization and forethought continues to fuel concern among network managers.
With political will and economic realities driving increased interest in smart grid technologies, demand for swift-moving deployments may be inhibiting security efforts. In the rush to embrace innovation, utility providers do not always have ample time to conduct their due diligence in testing for and modeling potential vulnerabilities.
"The enormous range of technology in the smart grid presents many points of potential vulnerability, and we are moving at the speed of light to insert even more technology 'shims' into the existing network structures of the smart grid," explained Patrick Miller, chief executive officer of public-private security intelligence coalition EnergySec. "This ever-increasing rate of complexity and hyper-embedded technology will be very difficult to secure."
Utility operators hoping for a clear set of best practices to come to their assistance continue to wait. In the survey of more than 100 industry professionals, 72 percent felt smart grid cybersecurity standards are not evolving fast enough to be effective. But while some have gone so far as to suggest government regulation is inherently too slow to address such fast-moving technology, 90 percent of survey respondents believe that standardization is the answer.
"Defining and implementing meaningful security standards is always a challenge, but without standards, adoption of critical security controls across the smart grid industry is likely to be uneven at best," noted nCircle executive Elizabeth Ireland.
One source of insight moving the conversation forward is the research team in Missouri University of Science and Technology's computer science lab. According to the school's website, the department is one of the few in the nation specifically focused on applying cybersecurity principles to the physical protection of energy infrastructure. The unique objective has forced researchers to fundamentally rethink traditional assumptions and approach problems from new angles.
"Most people think of cybersecurity as something that happens in a computer network. We're looking at what an attacker could do to the physical side of the system to compromise security," graduate student Tom Roth explained. "We're asking, 'Can an attacker figure out, from the information released on the grid, what part of the network might be most stressed and most vulnerable to attack?'"
Much of the laboratory's focus concerns an emerging concept known as distributed grid intelligence (DGI), according to the school website. Just as a PC is able to recognize a printer attached through a USB port, researchers are hoping to instill capabilities within a smart grid network that would allow it to detect suspicious activity coming through so-called "plug-and-play" devices like solar panels.
This intelligent monitoring is also expected to be a key component of the technology's energy-efficient potential. According to the school website, DGI will keep track of resource utilization rates in real time and eventually optimize distribution. For example, a home dishwasher connected to the smart grid could be programmed to begin its operating cycle once neighboring activity on the network drops below a certain energy consumption threshold.
As academia charts the road ahead, the Department of Energy is hoping its advice will help utility providers bring their operations up to par with the implementation of baseline security mechanisms. Established in 2011, the Energy Sector Control Systems Working Group has taken the lead on incorporating insights from all arenas and delivering sound advice in the continued challenge to prevent and detect energy grid security breaches.
Security News from SimplySecurity.com by Trend Micro