Grid Security Must Improve: Report

Friday, July 20, 2012 @ 03:07 PM gHale

Legacy smart grids are vulnerable to attack and security needs a bigger push into these critical systems, a new report said.

The electrical power grid is the most critical part of the critical infrastructure and a bad guy could debilitate a major city or region with a single targeted attack on the energy grid and compromise anything from the lights and appliances in homes, to heart monitors in hospitals, to air defense systems, according to a new McAfee report entitled, “Getting Smarter About Smart Grid Cyberthreats.”

Compliance Program Growing Pains
Security a Weak Link for States
Security First; Not in Smart Grid
Smart Meters Getting Smarter

The most prevalent cyber threat reported by the global energy sector is extortion. Criminals gain access to a utility’s system, demonstrate they are capable of doing damage, and demand a ransom, according to the report. Additional threats include espionage and sabotage all with the goal of financial gain, data theft and shutting down facilities.

With an older grid developed before the new open environment, there is a conflict of cultures that makes the smart grid vulnerable.

There are quite a few reasons:
• Outdated systems — An estimated 70% of the existing energy grid is more than 30 years old. In the effort to update it and integrate it with more modern installations, connecting aging systems to the Internet without the benefit of encryption, security has largely been an afterthought.
• Automation — Moving systems from a manual process to one that is Internet connected gave energy grid operators real-time info and allowed administrators to telecommute and field workers to re-program systems from remote locations through their smartphones however this also opened all their systems to the outside world.
• Interconnection of embedded systems — The proliferation and increasing interconnection of embedded software and devices directing the flow of energy. While each of these built-in computers is typically single-function with a very specific task, more and more consist of off-the-shelf rather than proprietary software, making them increasingly generic – and therefore vulnerable. As such, they are the prime targets of intruders seeking to gain control of or disrupt the delivery of energy.

“Security needs to be built into grid components at the planning and design phase,” said Tom Moore, vice president of Embedded Security at McAfee. “Because the grid relies heavily on embedded systems it makes them ripe targets for intruders thus it is imperative to integrate security solutions natively in these devices. McAfee is working with its partners in industry and government to make great strides on the technical front to mitigate the threats to these critical systems we all rely on.”

Leave a Reply

You must be logged in to post a comment.