Smart Grid Security a Top Priority

Tuesday, July 12, 2011 @ 01:07 PM gHale

Movement toward the smart grid continues to evolve with North American utilities, but security issues continue to keep executives up at night.

Senior management in utilities said the need for robust security from the year 2010 on has seen strong commitments toward security as well as an increase in budgets, according to a new report from IDC Energy Insights entitled, Business Strategy: Smart Grid Security – What’s Real and What’s Hype.

RELATED STORIES
Secure Smart Grid Moves Forward
White House Invests in Smart Grid, Security
CA Plan Protects Smart Meter Data

More than 75% of the respondents surveyed said security investments are of the highest importance. At the same time, 38% of the respondents said security is one of their top IT initiatives this year.

In 2011, utilities are spending their budgets updating security appliances and software, especially focusing on client security (antivirus, anti spam, anti-malware) and intrusion prevention, according to the results.

Although security initiatives in the smart grid continue to move ahead, these efforts may not be sufficient. While large investor-owned utilities (IOUs) and public cooperative utilities are spending money and setting up best practices to streamline security, they only embody 20% of the utilities in the United States. To enable industry-wide momentum, chief information officers (CIO) and chief information security officers (CISO) will need to carefully evaluate the architecture to ensure end-to-end infrastructure safety and protection, given all the unknowns in the smart grid arena.

Key findings in the report include:
• More than 60% of respondents plan investments in new security solutions or maintaining or upgrading their existing solutions. Planned investment in security software is particularly high: 58% of respondents stated that investment in security software will comprise 25-49% of their budget.
• A majority of utility CIOs recognize that data protection will be a key issue. Some utilities are already collecting large amounts of data via their pilot programs, and they are starting to realize that to win customers’ confidence, they have to employ protection schemes.
• Utility CIOs express concern about the lack of security standards for home area networks (HANs), which will push security vulnerabilities upstream, requiring the utility to perform ongoing vulnerability testing in multiple areas.

“There’s great momentum in the industry toward ensuring security is addressed in smart grid projects; however, these efforts are led by 50% of the large utility companies,” said Usman Sindhu, senior research analyst, IDC Energy Insights. “While investments are picking up, utility companies are still behind on developing a security-aware culture. CIOs and CISOs will play a key role; they should be ready to work with operations and engineering groups to ensure security and risk practices are implemented.”