Utilities search for ways to combat viruses and spam.
If you had to pick a couple of technologies that modern utilities can't function without, e-mail would have to top the list. Yet it usually doesn't grab the attention of executives these days nearly so much as outage management or SCADA systems.
The coming year may change that, as problems from spam and viruses reach near-epidemic proportions.
E-mail, and viruses, and spam-oh my!
More Than a Mere Nuisance
Until the past year or so, when utilities worried about e-mail security, they focused on viruses and "worms," but not "spam." Like many other business sectors, utilities took quite a hit a few years ago from virulent viruses like I LUV U, Melissa, and Nimda. At Ameren, for example, 800 hours of technical staff time was devoted to the recovery from I LUV U alone, says Mike Knott, Ameren's supervisor of network operations.
Since then, Ameren has become more sophisticated in dealing with virus threats, and in the past year installed a gateway-based software package to combat the problem. That software, from Trend Mirco, an anti-virus and content protection software company, has "virtually eliminated e-mail borne viruses," Knott says.
While Ameren has solved, at least for the moment, problems with e-mail borne viruses and worms, Knott says "the real issue on our e-mail system now tends to be spam." Currently, he is trying to assess just how big a problem spam is for Ameren, and in particular whether it's underreported within the company.
Spam-those wonderful e-mails that promise instant riches, thinness, bedroom prowess, and a supply of just about any narcotic you'd care to consume-used to be regarded as just a nuisance. The most common advice for dealing with the problem was for users to set up a few filters on their desktop e-mail program, or client, and to be liberal in their use of the delete key. Utilities would also install spam filters on their e-mail servers, which sometimes helped keep the company spam load at a manageable level but also filtered out some legitimate e-mails (aka false positives).
In the last year or so, however, the spammers have struck back. For every improvement in filter technology, there's a countermove. And the sheer volume of spam is overwhelming the available bandwidth at many businesses. In a joint study conducted in August and September by Tech Republic, an online CNET publication, and Trend Micro, over half of the respondents said their spam load had jumped 25 to 100 percent in the three months prior to the survey. That increased spam load means somewhere between 40 and 80 percent of an average utility's bandwidth is taken up by spam traffic, depending on which expert you ask.
As every chief information officer knows, bandwidth is not cheap. And all those unwanted e-mails also take space on servers, which translates into increased storage costs, if not the need to buy entirely new servers just to handle the load.
Yet the cost of extra bandwidth and storage isn't the only cost of spam to a utility. The largest component is productivity loss-the amount of time it takes employees to delete or otherwise deal with spam. Experts estimate the average user takes about five seconds to deal with each piece of spam in their in-boxes. Some, of course, who are less educated about spam take even longer to deal with each unwanted e-mail.
The bottom line is that spam costs utilities hundreds of thousands of dollars annually. Making a few conservative assumptions, Fortnightly calculates that for a 3,000-employee utility, the average annual cost of spam is a mind-boggling $1,758,200 (for details of the calculation, see sidebar.)
The Morphing of Spam and Viruses
While the financial costs of spam are nothing to sneeze at, in the last few months of 2003, it became clear that the threat from spam quickly is becoming more than financial. It is also becoming a security issue as well.
According to Nathan Turajski, global product manager at Trend Micro, spam and viruses have started to converge. "We're seeing a lot more hybrid behaviors out there that indicate in the long term, this is going to be a malicious code problem and not a pure spam problem." For example, some of the payloads from 2003's Sobig virus would install themselves as a software that acted as a server to continue sending itself, or another payload, sent out via an unsuspecting company's mail server. This is a different kind of behavior from earlier viruses like Melissa and I LUV U, which made use only of individual address books in the Outlook e-mail client.
As Turajski points out, he is "seeing a lot of malicious code writers adopting spamming as a way to modify their activities, and we're seeing spammers learning from the malicious code writers about how to best propagate their spam over wide-area networks."
Congress has considered bills to minimize or outlaw spam for six years, but they got very little traction until this year. Then, a confluence of events pushed the Can Spam Act through both houses of Congress, and at press time, to an expected signature by the president.
First were the increasingly vociferous complaints about spam by constituents to their congressional representatives. Then, legislators saw the wild popularity of the Federal Trade Commission's Do Not Call list. But what really seemed to propel the bill was a study by Brightmail, a San Francisco anti-spam firm. According to that September 2003 study, spam had leapt to 54 percent of e-mail in the average in-box, compared to a mere 8 percent only two years before.
But while consumers may feel that Congress has addressed the spam problem, the tech cognoscenti disagrees.
"The majority of our customers don't see legislation as being the answer [to spam]," says Turajski. First, spammers, like virus propagators, are expert at hiding their origins. Moreover, the European Union outlawed spam last year, he notes, but it didn't solve the problem. Instead, spammers merely moved their servers offshore. "There's not a lot of faith in the legislative aspect," Turajski maintains. Most customers want a "technology answer" to spam, he says.
Postal Inspectors Go Digital
The technology answers, Turajski says, fall into two categories. One is to re-architect the Internet to make spamming more difficult by, for example, providing authenticated e-mails. But Turajski and other experts dismiss that notion fairly quickly as being too difficult to implement.
The more realistic avenue, he says, is to provide intelligent ways to inspect e-mails. One way to do that is to focus on the linguistics aspect of e-mails, as many start-up companies are doing. Such spam filters operate by sets of rules and keywords that filter mail at the mail server, before it goes to individual users. But linguistics-based systems are constantly playing catch-up to the latest spammer strategy to bypass such filters. For example, notice how many different ways spammers have found to spell Viagra? Or is that V*i_a*G!r*a?
Ameren is looking at two possible solutions, according to Knott. One is a client-based tool to help those individuals who are inundated right now. (Knott says that some of his users receive almost no spam, while others are overloaded.) The other type of fix would be a perimeter-based tool that catches spam before it even gets into Ameren's network.
With the increase in hybrid spam/virus incidents, Turajski advocates a holistic approach to combating the problem. Rather than parking a linguistics filter at the e-mail server, Trend Micro and several other anti-virus and security vendors are now placing their software at the client's gateway-the point at which all electronic traffic, including e-mail and Web traffic, enters the company.
Turajski says that a gateway approach is the most economic way to combat spam, stopping unwanted e-mails before they get to users and consume time and productivity resources.
Trend Micro historically has used spam databases to combat the problem at the gateway. Those database tools would look at different e-mail signatures, the sender, keyword, or phone number, and compare them to known spam sources in the database. The database approach was useful with spam that used the same text, such as the one soliciting funds to aid a deposed or wronged former African official. Now, Turajski says he is seeing a lot of "new" spam, or one-off spam. Spammers use serialization-numbers or letters at the end of a subject line-or reformatting within the messages, randomizing paragraphs, and adding HTML tables within messages. All of these techniques create inconsistencies that make it harder to combat spam through database rules and linguistics alone. Consequently, many anti-spam companies, including Trend Micro, have put their efforts into building heuristic tools to fight the rising tide.
Heuristics use contextual analysis of various parts of the message. Turajski maintains that heuristics are more effective over time in combating spam, because a company can fine-tune definitions of what spam is. One person's spam is another's legitimate industry ad, he points out.
For example, most spam filters, linguistic or heuristically based, might easily contain a default rule that would label an e-mail as spam if the subject line included "increase" and "energy." And at utilities, filtering a message encouraging you to "increase your energy and vitality" wouldn't be a problem. But what if a business partner or employee wanted to send a message with the subject line "Ways to Increase ROI on Energy Management Systems"? It's hardly the type of e-mail that should be declared spam and deleted before the recipient has seen it. It's the classic false positive dilemma.
The struggle is to balance the catch rate against the spam entry rate. Many industry experts recommend a catch rate of around 90 percent. Much higher and the false positive rate is unacceptable; much lower and the spam load is too high for comfort and cost. One tool that many vendors use to combat the false positive problem is quarantining, but not deleting, some suspicious e-mails. The quarantine system can be implemented in numerous ways. Users can be sent a digest of addresses and subject lines, and given instructions on how to access the quarantined mail. Another option is to have network administrators approve or disapprove suspected spams.
If the type of messages that various workgroups receive are different enough to cause false positive problems, another approach is to set up different spam policies for different workgroups. For example, those working in finance likely won't be on the receiving end of legitimate e-mails with strong four-letter language, but customer service is quite likely to receive such missives-and in fact, it could be disastrous if the utility didn't receive such customer complaints.
While e-mail has been a boon for utility productivity, 2003 demonstrates that utility technology gurus cannot relax their guard when it comes to one of the most basic business communications tools. But if they play their cards right, they may just become a hero by helping management improve productivity and cut costs in a still topsy-turvy industry.
Articles found on this page are available to subscribers only. For more information about obtaining a username and password, please call our Customer Service Department at 1-800-368-5001.