Utility Cyber Security is in a State of Near Chaos
Market analysis and consulting provider Pike Research has released a report examining the current state of utility cyber security, and the prognosis is far from comforting.
The report, titled Utility Cyber Security - Seven Key Smart Grid Security Trends to Watch in 2012 and Beyond, concludes that although a great deal of attention has shifted to protecting systems that govern infrastructure over the past eighteen months, utilities have a long way to go in protecting critical networks.
The report quotes:
"Utility cyber security is in a state of near chaos. After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended,"One of the main challenges in protecting these networks is the fact that these systems were not necessarily designed with cybersecurity in mind. Rather, the security solutions have been layered on in a piecemeal fashion after the networks were operational, leaving ample room for attackers to compromise their functionality.
"Cyber security solutions remain challenging to implement, especially as attackers gain awareness of the holes between point solutions," the report maintains.The market for industrial control systems security solutions is fairly wide open, and the Pike report contends that there will be an influx of competition in the field over the next few years.
"Security vendors have finally found time to focus on industrial control system (ICS) security, not only on advanced metering infrastructure (AMI) security – although a few security vendors have focused on ICS from the outset. The utility cyber security market will be characterized by a frantic race to gain the upper hand against the attackers, while at the same time strong competitors attempt to outdo each other," the report warns.The Pike report focuses on the following issues:
- What factors could drive smart grid cyber security investment?
- How important could industrial control system (ICS) security be?
- What has changed since Stuxnet was discovered?
- What is the effect of the lack of smart grid cyber security standards?
- What are the most promising smart grid cyber security technologies?
The NIST Framework and Roadmap for Smart Grid Interoperability Standards, Release 2.0 outlines the game plan to "integrate information and communication technologies with a power-delivery infrastructure, enabling two-way flows of energy and communications," according to the NIST.
"Making such dramatic changes to the power grid requires an overarching vision of how to accomplish the task, and this updated Framework advances that vision," said NIST's National Coordinator for Smart Grid Interoperability George Arnold.
"Utilities, manufacturers, equipment testers and regulators will find essential information in the Framework that was not previously available," Arnold continued.
The updates include the addition of twenty-two standards to the previously released seventy-five issued in the standard's first edition in 2010.