US Power Grid Hacked: Is The Smart Grid Safe?

Foreign spies placed malware on the US electricity grid. Where does this leave government security, and the Green Grid?

“A single government providing the perfect regulatory environment alone … will not help solve this problem,” he said, adding that very few networks exist only in one country. “Governments must be willing to address these weaknesses with some degree of unity, but this is exceedingly rare as national infrastructure protection is seen as a matter of national defense. TSCP … is one of, if not the only, example of a multigovernment and industry consortium working to define a common approach to securing critical resources.”

Three areas to improve

To Dunlap, energy companies need to look at three key areas to improve their overall security. The first involves more sharing of ideas between plant operations and IT or information security. Another is tighter integration between physical security, information security, IT, plant operations and other groups as more technology is pushed down to the meter level. Finally, he said, companies need to do more than merely meet the minimum regulatory requirements that do exist.

“Too often I have heard from people, who have the best intentions, mind you, that they want to know what the minimum amount of effort that can be applied to regulatory mandate is so they can check a box on their list,” Dunlap said. “When you are talking about the largest piece of machinery in the world [the electric grid], you should have an equally big picture view of how you are going to protect and manage it. This means taking into consideration the various pieces of the grid that may be beyond your direct sphere of control, but well within your sphere of influence.

“Reach out to your peers in other companies, share ideas. Push your vendors to incorporate security into their control systems; band together for a stronger voice if you can. I have sat in on a lot of conference calls with various utilities and there seems to be a certain air of defensiveness among many of the members. They seem reluctant to share beyond a certain point. We need more collaboration.”