The security vulnerabilities facing the electrical grid have been a major topic of discussion as utilities around the world forge ahead with their smart grid deployment initiatives, which utilise information and communication technologies to improve the operating efficiency of the grid.
However, despite all the discussion, a new white paper from Pike Research finds that utilities’ cyber security challenges are nowhere close to being resolved, and the industry will continue to face a number of serious hurdles in the coming years.
The paper, which includes commentary and predictions about the state of smart grid cyber security in 2012 and beyond, is available for free download on Pike Research’s website http://www.pikeresearch.com/research/utility-cyber-security
“Utility cyber security is in a state of near chaos,” says senior analyst Bob Lockhart. “After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended. That said, Pike Research has observed a dawning awareness by utilities during the past 18 months of the importance of securing smart grids with architecturally sound solutions. There is hope.”
Lockhart adds that cyber security solutions remain challenging to implement, especially as attackers gain awareness of the holes between point solutions. Analysis indicates that security vendors are focusing increasingly on industrial control system (ICS) security, not only on advanced metering infrastructure (AMI) security – although a few security vendors have focused on ICS from the outset. Lockhart states that the utility cyber security market will be characterized by a frantic race to gain the upper hand against the attackers, while at the same time strong competitors attempt to outdo each other.
Examined in the white paper are seven key trends in smart grid cyber security that will be major issues for the industry over the next few years:
• One size doesn’t fit all: cyber security investments will be shaped by regional deployments
• Industrial control systems, not smart meters, will be the primary cyber security focus
• Assume nothing: “security by obscurity” will no longer be acceptable
• Chaos ahead?: the lack of security standards will hinder action
• Aging infrastructure: older devices will continue to pose challenges
• System implementation will be more important than component security
• The top five most promising smart grid cyber security technologies