Grid security as a service?
The technical issues that interrupted service for the Wall Street Journal, the New York Stock Exchange and United Airlines on July 8 illustrate how dependent the economy is on technology. As IT staff worked to fix the problems, at least their computers and phones worked, and the lights and AC were on. A failure of the electrical grid, on the other hand, would make the problems at the NYSE look like, well, just glitches.
For some time, experts have been warning about security of the electrical grid and smart grid vulnerabilities, as utilities are increasingly connecting to the Internet for smart metering and collecting data on equipment condition and power use through embedded sensors. But most utilities are in the business of delivering reliable electricity to customers, not ensuring their electric networks are protected from cyber attacks.
In 2013 the National Institute of Standards and Technology released Guidelines for Smart Grid Cybersecurity, which examined cybersecurity risks on the electric grid as a national security concern and offered assistance in assessing risk and identifying and implementing security requirements.
Even so, “electric utilities have a huge gap in their operational understanding of their own systems and in their cybersecurity,” said Steve Omick, president of Vencore Labs, a consulting firm that works with government, military and commercial customers.
The trouble for utilities, Omick explained, is that third-party contractors manage the electric meters outside houses. Those “smart meters” usually include a wireless network card and communicates data to other surrounding meters — but thatdata, Omick said, “is often times not well protected, and for a lot of utilities it’s not even well understood how that connectivity happens.”