Security must be organizational – simply complying will leave you vulnerable.
The regulator’s role in promoting cybersecurity for the smart grid.
State commissions can select from a toolkit of regulatory approaches to promote desired utility cybersecurity behavior. One approach is to allow the industry to selfregulate, and another approach is to leave the job to the federal government. But sofar, neither the industry nor the federal government have developed and implemented adequate standards for securing the smart grid. States can play a constructive role—albeit perhaps not in the form of traditional regulation.
The year 2011 may have forever changed the way we think about the security of networks and systems. Following a year many are calling the “year of the hack,” security professionals have fundamentally changed their outlook when it comes to the threat of a network breach. Whereas previously, many considered a breach unlikely and more of an “if” scenario, many have shifted to a mindset of “when.”
When disaster strikes, land-based radios become critical infrastructure.
Amid focused attention on cybersecurity for T&D networks and power plants, one critical system is often overlooked: land-based radios. During an emergency, field crews rely on their ability to communicate with radios, making these systems highly vulnerable targets for malicious attackers. Securing them requires robust technologies and tools, as well as training and practices to ensure their availability when the grid goes down.
Protecting the smart grid requires a broader strategy.
NERC’s critical infrastructure protection (CIP) standards set a minimum level of security performance—and only for high-voltage transmission systems, not the distribution grid. A compliance-checklist approach to security might lack the adaptability needed to combat evolving threats like the Stuxnet worm. A multi-layered, risk-based approach will provide better protection for the emerging smart grid.
Protecting critical assets in a hazardous world.
In the wake of recent global-scale cyber intrusions, security concerns have expanded from being compliance and operational issues to fundamental risk management considerations. An integrated, enterprise-wide approach holds the greatest promise for securing critical utility infrastructure against increasing dangers in cyberspace.