Smart Grid Today Publishes Groundbreaking Report on 'the Weakest Link' in US Grid Cybersecurity

Smart Grid Today published "The 2013 Fix," an exclusive report that includes “a nine-point action plan to begin understanding and controlling digitized distribution assets, ‘the weakest link’ in US grid cybersecurity.”
 
ROCKVILLE, Md. - Aug. 22, 2013 - PRLog -- Smart Grid Today published "The 2013 Fix," an exclusive report that includes “a nine-point action plan to begin understanding and controlling digitized distribution assets, ‘the weakest link’ in US grid cybersecurity.”

Utilities, state regulators and the US government can act now to curb looming cyber threats to the distribution side of the power grid, experts said in the report.

One expert consulted for the report described digitized power distribution assets as a "very far-flung network" filled with "a variety of sensors and tools… that are relatively easy to climb up onto a pole to access."

Progress toward the appropriate level of collaboration between federal and state regulators on cybersecurity for the distribution side of the power grid in the US is fragmented and does not match up with the seriousness of the threat, the report said.

An estimated 80-90% of the North American power grid lies beyond the scope of federal cybersecurity regulations.  Compounding matters is distribution assets' slow but seemingly impending transition to an IP-based network.  A smarter grid is a more vulnerable grid if cybersecurity is not handled at the outset of digitization, the report said.

Sources for "The 2013 Fix" included General Michael Hayden, former director of the Central Intelligence Agency (CIA) and the National Security Agency (NSA); Indiana Utility Regulatory Commissioner Carolene Mays; Curt Hébert, a former FERC chairman and former state regulator in Mississippi; Gib Sorebo, chief cybersecurity technologist at Science Applications International Corp (SAIC); Marzia Zafar, director of the Policy & Planning Division at the California PUC; Christopher Villarreal, a senior regulatory analyst at the California PUC, and Andy Ozment, senior director for cybersecurity on the National Security Staff at the White House.

What the experts saidin the $499 report http://www.smartgridtoday.com/products/category/54/product/584-the-2013-fix can be jarring.

QUOTABLE: As these are opportunities for people to profit from manipulating the grid and as we get the smart grid technology out there more, we know that there will be more motivation to manipulate markets to take advantage of the automation to do a variety of things either through sabotage, financial manipulation or strategic gain -- so those are all coming.  -- Gib Sorebo, chief cybersecurity technologist at SAIC, in "The 2013 Fix"

Experts quoted in the report recognize securing the distribution-side of the grid will be an iterative process.  So the report focuses, in part, on actions that state regulators, utilities, FERC and the US Dept of Agriculture (USDA) can and should take this year to get the ball rolling.  And it acknowledges privacy concerns and provides some suggestions for dealing with them, too.

Combating territorialism, vagueness

"It is clear that the utility industry needs to develop an effective and routinized framework for collaborating on cybersecurity," Smart Grid Today Editor Brett Brune said in prepared remarks.  "Our recent reporting on the situation for the distribution side in the US, along with our July webinar titled 'Distribution-Side Cybersecurity: Where does the buck stop?' found territorialism and vagueness where eager cooperation and specificity are called for.

"But if you dig deep enough, there are answers to how to begin to fix the situation," he added.  "After moderating our revealing July webinar, Sean Lyngaas, our Washington reporter, conducted extensive interviews with the speakers and other high-level cybersecurity experts to put forth concrete proposals that would vastly improve the landscape. 

"Among them are adopting a 'business-case' approach instead of a 'compliance-based' approach to cybersecurity and applying lessons from President Barack Obama's executive order to the distribution side of the grid," Brune said.

Concrete steps explained

"We have heard repeatedly that distribution-side assets are the weakest link when it comes to cybersecurity on the US grid," he added.  "Today, we are providing an immediate action plan to help strengthen this weak link."

The cyber-threat experts Smart Grid Today assembled for "The 2013 Fix"weresounding an alarm, Brune said.  "It is time to elevate and quicken dialogue and action on distribution-side cybersecurity -- a matter that the smart grid industry need not wait for a catastrophe to address."

We asked the experts in the report to describe what they hoped would happen next in the US to start taking action to address the problems reported in the report and the webinar.

Information sharing blocked

"The sharing of timely and actionable information between industry and government in both directions is essential to mitigating potential threats," Hébert, who is now a visiting scholar at the Bipartisan Policy Center, said during the webinar.  "For industry, the location of the Electricity Sector Information Sharing & Analysis Center (ES-ISAC) at the North American Electric Reliability Corp (NERC) creates challenges with respect to sharing information with the government. 

"Because NERC is a compliance entity, utilities may be hesitant to share information for fear of triggering an audit or an investigation," he added.  "The potential liability concerns associated withsharing customer data with the government could also discourage utilities from sharing information.

Problem goes both ways

"Information sharing from government to industry also faces challenges," the former FERC chief noted.  "First, delays in releasing information to industry limit the value of that information.  For that reason, many utilities have begun to do their own intelligence and threat analysis. 

"With respect to information from intelligence agencies, few in the power sector have the high-level security clearances necessaryto get receipt of classified information, which limits utilities' access to potentially important information about threats."

The executive order on cybersecurity that Obama signed in February told the US Dept of Homeland Security (DHS) to “expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators.”

ABOUT SMART GRID TODAY:  

Smart Grid Today's mission is to deliver daily, unbiased, comprehensive and original reporting on emerging trends, applications and policies driving the modern utility industry -- in a signature format our founders have developed over decades in the trade news business, featuring highly concise and easy-to-understand news copy based on trusted reporting, exclusive interviews, informed analysis and strategic insights that our subscribers rely on to succeed every business day.  Smart Grid Today is published by Modern Markets Intelligence, Inc.

CONTACTS

Brett Brune
VP of Editorial
Modern Markets Intelligence, Inc.
888-907-1113
brett@mminews.com

Season Crawford 
VP of Marketing
Modern Markets Intelligence, Inc.
888-678-4480 
season@mminews.com
End
Source: » Follow
Email:***@mminews.com Email Verified
Tags:Cybersecurity, Grid, Utilities, Energy, Utility
Industry:Energy, Technology
Location:Rockville - Maryland - United States
Subject:Products
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse
Page Updated Last on: Aug 23, 2013
Smart Grid Today PRs
Trending News
Most Viewed
Top Daily News



Like PRLog?
9K2K1K
Click to Share