Utility Cyber Security is in a State of Near Chaos

Wednesday, November 16, 2011

Headlines

69dafe8b58066478aea48f3d0f384820

Market analysis and consulting provider Pike Research has released a report examining the current state of utility cyber security, and the prognosis is far from comforting.

The report, titled Utility Cyber Security - Seven Key Smart Grid Security Trends to Watch in 2012 and Beyond, concludes that although a great deal of attention has shifted to protecting systems that govern infrastructure over the past eighteen months, utilities have a long way to go in protecting critical networks.

"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended," the report contends.

One of the main challenges in protecting these networks is the fact that these systems were not necessarily designed with cybersecurity in mind. Rather, the security solutions have been layered on in a piecemeal fashion after the networks were operational, leaving ample room for attackers to compromise their functionality.

"Cyber security solutions remain challenging to implement, especially as attackers gain awareness of the holes between point solutions," the report maintains.

The market for industrial control systems security solutions is fairly wide open, and the Pike report contends that there will be an influx of competition in the field over the next few years.

"Security vendors have finally found time to focus on industrial control system (ICS) security, not only on advanced metering infrastructure (AMI) security – although a few security vendors have focused on ICS from the outset. The utility cyber security market will be characterized by a frantic race to gain the upper hand against the attackers, while at the same time strong competitors attempt to outdo each other," the report warns.

The Pike report focuses on the following issues:

  • What factors could drive smart grid cyber security investment?
  • How important could industrial control system (ICS) security be?
  • What has changed since Stuxnet was discovered?
  • What is the effect of the lack of smart grid cyber security standards?
  • What are the most promising smart grid cyber security technologies?

Last week, the National Institute of Standards and Technology (NIST) released the  updated standards guidelines for converting the nation's outdated power grid structure to a modern smart grid operation.

The NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 outlines the game plan to "integrate information and communication technologies with a power-delivery infrastructure, enabling two-way flows of energy and communications," according to the NIST.

"Making such dramatic changes to the power grid requires an overarching vision of how to accomplish the task, and this updated Framework advances that vision," said NIST's National Coordinator for Smart Grid Interoperability George Arnold.

"Utilities, manufacturers, equipment testers and regulators will find essential information in the Framework that was not previously available," Arnold continued.

The updates include the addition of twenty-two standards to the previously released seventy-five issued in the standard's first edition in 2010.

Possibly Related Articles:
14390
Network->General
SCADA NIST Utilities Stuxnet Smart Grid Headlines Network Security Infrastructure Standards ICS Industrial Control Systems
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.