The Smart Grid Gets Smarter

Utility providers are set to invest billions as cybersecurity of the nation’s power grid takes center stage.

A fully integrated and networked computer system to help distribute electricity locally and nationally is a dream that is quickly becoming reality for utility providers around the country, but the innovation carries significant information assurance risks that could have very tangible consequences.

The so-called “Smart Grid” can help manage increasingly limited natural power-generating resources in the face of exponentially growing demand for energy, but the computer-driven techniques also create the opportunity for cyber attacks or mismanagement of data that could directly affect millions of homes and businesses with loss of power and other services.

In a sign that utility providers are beginning to take information assurance very seriously, a new report by Pike Research shows more than $4.1 billion is scheduled to be invested by utilities in cybersecurity equipment, training and manpower during the next several years. The money is expected to be spread out between 2011 and 2018 with investment growth built in every year. For example, Pike predicts $309 million will be spent on cybersecurity in 2011 with that figure ballooning to $692 million by 2018.

While the bulk of the money is earmarked for industrial control systems, those studying information assurance can be confident that many of the dollars will end up in the paychecks of new cybersecurity workers hired to operate and manage all the new equipment.

On the equipment side, new human-machine interface systems, monitoring sensors and data collectors are high on the shopping lists of many utility companies, according to the Pike report. The goal is to increase automation of power delivery, both at the point of distribution and at the substation level. Transmission upgrades are also part of the investment package, as infrastructure must be updated to integrate the new Smart Grid systems.

The cost savings and efficiencies realized with an integrated power grid are very real, but so are the risks. The fear is that a cyber attacker could cut power to millions of homes and businesses or disable critical defense systems with a few maliciously placed keystrokes. Internal threats are also magnified when each local utility is tied to a larger regional or national power network. Simple human error or data loss could suddenly have far-reaching consequences, making effective information assurance critically important to address all contingencies.

On Oct 14, 2011 Symantec reported through its alert system that it has obtained a malware variant of the Stuxnet worm. Named ‘Duqu’ by its discoverers, it demonstrated information gathering capabilities directed at industrial control systems as a possible precursor to future attacks.

Source: Utility Investment in Cyber Security for Industrial Control Systems to Total $4.1 Billion by 2018, Forecasts by Pike Research