How to modernize the electric industry
The U.S. electrical grid is old, essential, and under a lot of stress. Plenty of efforts are being made to modernize where we get our energy from, how we transmit it, and — in the event of cyberattacks — how we secure it. While securing the nation’s energy infrastructure is as important a goal as figuring out how to find new sources of clean energy, what’s intriguing to me is how utilities are a good example of how old-line industries are dealing with the increasing amount of technology and the risks associated with that technology.
On the security side, Fortress Information Security has announced a new framework designed to help U.S. utilities secure their connected infrastructure from attacks. Together with partner American Electric Power, the cybersecurity company has launched the Asset to Vendor Network (A2V Network) as a way to understand the risks facing all vendors selling products to electric utilities.
The framework is a response to both the rise in the number of security threats against the U.S. energy industry as well as a response to recent regulations that force utilities to lay out the risk they face of a cybersecurity attack.
The A2V Network is essentially a clearinghouse of completed questionnaires through which electrical industry vendors lay out their cybersecurity practices. That’s because, under new federal rules, vendors such as GE, ABB, and even smaller companies providing regional products and gear are required to fill out such questionnaires so that customers will understand how each of them approach cybersecurity.
The questions cover everything from lifecycle management to the use of trusted computing modules on hardware to over-the-air updates, how employees are screened, and more. A vendor has to answer these questions for each utility they want to work with. In the U.S., there are more than 150 utilities that will be governed by the new rules. That’s a lot of questionnaires!
Alex Santos, the CEO of Fortress, says his company created the framework because there were so many different parties involved in the electrical grid — each with a different level of sophistication around cybersecurity — that it made sense to offer one centralized place where vendors can to go to fill out a questionnaire and where utilities can go to find compliant vendors.
Santos compares the effort of securing the electrical grid to the effort that residents undertake as a community to secure their neighborhoods. While individual residents might lock their own doors, the entire community also has an interest in hiring a police force to monitor the streets. In his example, the A2V Network is the community effort aimed at improving safety overall, not just on an individual basis.