Plugging cyber security holes isn't as easy as everyone wants to think.
Jennifer Alvey is associate editor at Public Utilities Fortnightly.
It's the elephant in the room in this post-Sept. 11 era. When asked, many in the know claim the energy industry's cyber security is fine, mostly, and the industry is working diligently to fix the few problems that remain. But some who say that the energy industry can no longer practice security by obscurity also caution against revealing even the most basic outlines of problems that confront the industry.
Research scientists at EPRI, Gas Technology Institute and Schweitzer Engineering Laboratories were willing to talk extensively to Fortnightly about the state of cyber security and energy infrastructure. The fact is, they say, there are significant vulnerabilities to the cyber infrastructure in the energy industry that, if left unaddressed, will continue to expose the grid to attacks. Some of the vulnerabilities cannot be fixed with any currently available technology-hardly a comforting thought. The good news is that much of what can currently be done to defend against attacks-in cyberspeak, to "harden" systems and networks-is either in place, or available at a fairly modest cost. And the technology that can plug the remaining gaps in energy industry cyber security may be on the market within a year or two.