The electricity system in the United States received renewed attention after the August 2003 blackout that affected more than 50 million customers across the Northeast United States and caused...
and stopping it dead in its tracks."
Adapting New Software to Operational Realities
The threat of cyber-security attacks has sent utilities to different vendors in search of solutions. When Peoples Energy wanted to upgrade its protection against attacks, the company looked to a familiar name in online security: Symantec.
Gary Sevounts, director of industry solutions for electric power at Symantec, downplays fears of terrorist attacks on utility systems. Instead, he says the recent spate of Internet "worms," which slow systems to a crawl or paralyze them altogether, represent the primary vulnerability for utilities that rely on real-time data to respond to system disturbances.
Sevounts says that vulnerability boils down to one main culprit at most utilities: SCADA systems. "SCADA security is probably the biggest issue that there is today from a cyber-security standpoint," Sevounts says. "The SCADA environment uses different protocols and different applications to work from those that IT networks use. Taking an IT security product and putting it into a SCADA environment without testing and validating it could disrupt operations. For example, if an antivirus adds a 5-second delay, in a SCADA environment that means that communication is not real-time anymore. A 5-second delay responding to something shutting down may be the difference between uninterrupted operations and a blackout, or a disruption in operations. That's really the difference with a tested, validated, configured solution makes.
"With Sept. 11 and the blackout, even though none of them have direct connection with cyber-security attacks, those events bring a stronger focus on the cyber-security and what effect a major incident may have on major utilities."
Symantec teamed up with Areva T&D Corp. and Pacific Northwest National Lab (PNNL) to test Symantec's cyber-security products earlier this year. "After we set up the lab, we invited PNNL to independently test the results," Sevounts recounts. "Areva and Symantec worked on setting up the lab, coming up with configurations, etc. PNNL watched what we were doing and did their own tests, making sure that what we did made sense."-C.A.H.
Articles found on this page are available to subscribers only. For more information about obtaining a username and password, please call our Customer Service Department at 1-800-368-5001.