Grid security as a service?
- By Mark Pomerleau
- Jul 10, 2015
The technical issues that interrupted service for the Wall Street Journal, the New York Stock Exchange and United Airlines on July 8 illustrate how dependent the economy is on technology. As IT staff worked to fix the problems, at least their computers and phones worked, and the lights and AC were on. A failure of the electrical grid, on the other hand, would make the problems at the NYSE look like, well, just glitches.
For some time, experts have been warning about security of the electrical grid and smart grid vulnerabilities, as utilities are increasingly connecting to the Internet for smart metering and collecting data on equipment condition and power use through embedded sensors. But most utilities are in the business of delivering reliable electricity to customers, not ensuring their electric networks are protected from cyber attacks.
In 2013 the National Institute of Standards and Technology released Guidelines for Smart Grid Cybersecurity, which examined cybersecurity risks on the electric grid as a national security concern and offered assistance in assessing risk and identifying and implementing security requirements.
Even so, “electric utilities have a huge gap in their operational understanding of their own systems and in their cybersecurity,” said Steve Omick, president of Vencore Labs, a consulting firm that works with government, military and commercial customers.
The trouble for utilities, Omick explained, is that third-party contractors manage the electric meters outside houses. Those "smart meters" usually include a wireless network card and communicates data to other surrounding meters -- but thatdata, Omick said, “is often times not well protected, and for a lot of utilities it’s not even well understood how that connectivity happens.”
Vencore Labs’ SecureSMART Managed Security Service helps utilities validate security controls and detect early signs of attacks on wireless using advanced metering infrastructure and distribution automation.
“What we’ve done is to bring together a lot of our disciplines in cybersecurity networking and [radio frequency] communications to develop a passive probe that we put out into our customers’ electric utility networks that basically collects the wireless information – decodes it, detects it – and backhauls it to our operations center,” Omick told GCN. Collecting and consolidating that information gives utilities operational visibility cybersecurity situational awareness, he said.
Because many utility networks were not developed with cybersecurity in mind, SecureSMART aggregates various network formats to provide an independent look of the entire system.
“The utilities want to provide electricity to their customers – that’s their main job. And they want to know that the networks that they use to monitor and operate that utility system is safe and secure,” Omick said. "It’s really important for the nation’s infrastructure and for the utilities that operate it."
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.