Top 6 hurdles to securing a smart grid

GAO has identified the most significant challenges to ensuring the cybersecurity of a power grid

In its recent assessment of electricity grid modernization, the Government Accountability Office hosted a panel of government, industry and academic experts on smart-grid security. The panel identified six critical challenges that need to be met to ensure the cybersecurity of systems and networks that support the nation’s electricity grid.

Jurisdictional cracks. The existing regulatory environment makes it difficult to ensure the cybersecurity of smart-grid systems.

Jurisdictional issues and the difficulties of responding to continually evolving threats are a major regulatory challenge. There is a lack of clarity in the division of responsibility between federal and state regulators because smart-grid technology can blur the traditional lines between transmission and distributions systems. And there are concerns about the ability of regulatory bodies to respond to rapidly evolving cybersecurity threats. Panel members also expressed concerns about future regulations that could be overly specific, including requiring the use of a particular product or technology.

Related coverage:

Smart electrical grid: Big benefits, big target

Smart grid tapped to inspire alternative energy sources

Lack of consumer education. Consumers are not adequately informed about the benefits, costs and risks associated with smart-grid systems. That lack of awareness might make consumers unwilling to pay for secure systems, and regulators could be reluctant to approve rate increases associated with cybersecurity. Until consumers know more about smart grids, utilities might not invest in or get approval for comprehensive security.

Least common denominator for compliance. Utilities are focusing on regulatory compliance instead of comprehensive security. The existing federal and state regulatory environment creates a culture of compliance. Experts said utilities focus on achieving minimum regulatory requirements rather than designing a comprehensive approach to system security. Because security requirements are inherently incomplete, that could leave organizations vulnerable to attack.

Insecure components. Smart-grid systems don't have adequate security features. For example, some currently available smart meters don't have a strong security architecture and lack features such as event logging and forensics capabilities, and many home networks — used for managing electricity usage in homes — do not have adequate security built in. That could leave utilities unable to detect and analyze attacks, which increases the risk that attacks will succeed.

Industry opaqueness. The electricity industry does not have an effective mechanism for sharing information on cybersecurity and other issues. Although the electricity industry has an information sharing center, it does not fully address information on vulnerabilities, incidents, threats and best practices. President Barack Obama’s cyberspace policy review also identified challenges related to cybersecurity information sharing in critical infrastructure sectors. Information regarding incidents, including unsuccessful and successful attacks, must be shared securely to allow industry to analyze practices and approaches.

No measure, no progress. The electricity industry does not have metrics for evaluating cybersecurity. That makes it difficult to measure improvements from investments in cybersecurity. Although the metrics are difficult to develop, they could help compare the effectiveness of competing solutions and determine what mix of solutions combine to form the most secure system. Metrics also could help utilities develop a business case for cybersecurity by demonstrating the return on investments.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected