The illusion of smart grid security
Every day, every hour, and every minute, the battle for cyber security is raging. Both governments and companies are engaged in this cyber war, wherein government secrets are revealed, personal schedules are publicized, and critical infrastructure is attacked. Reports of this activity continue to multiply: Chinese attacks on U.S. infrastructure, U.S. attacks on China, Israeli attacks on Iran, WikiLeaks, Anonymous, and the list continues.
Utility and energy leaders must face a simple, undeniable truth: Company security and key infrastructure have a very strong chance of being hacked. Attackers are very likely to breach customer data, and the number of attacks is increasing.
So, what do you do about cyber security?
The answer hinges on a few factors:
- > The system architecture design
- > The price a company is willing to pay for cyber security solutions
- > How well an enterprise can accurately and precisely weigh the costs and benefits
Chasing a technological solution that is future-proof is costly, risky, and, likely unsuccessful.
An emerging consensus is that the best approach is to design the most decentralized and distributed system architecture possible. It is becoming clear that a heavily centralized system architecture will cause great exposure to critical information. In contrast, a well-designed decentralized system can implement multiple levels and trips for security, isolate events, and limit the set of impacts.
The ability of a system to adapt and evolve is equally important to the need for a decentralized architecture. The first level of cyber security will not likely be the answer. Neither will be the second level, nor the tenth; however, subsequent and continuous levels of security built into the system may be the key ingredient that helps to provide a platform for cyber security for the next 20 years or more.
What is the leading edge for cyber security technologies today?
Detection technologies such as deep packet inspections, pattern recognition, and machine learning are key technologies in the marketplace today. Additionally, an emerging consideration is how to authenticate ever-smaller embedded devices that will contain ever-larger amounts of information. The issue becomes how to design a system that has the ability to detect a security breach and fight through an event, while simultaneously maintaining a graceful degradation of system performance rather than an abrupt system-wide shutdown.
As we move deeper into the digital age, the need for an electric grid that can withstand cyber attacks is crucial. For now, the electric energy industry has a guide to implement a cyber defense. That guide is the North American Electric Reliability Corporation’s Critical Infrastructure Protection Standards, as discussed in the blog article “Cyber security — reality or myth?”
It will be interesting to see how the future unfolds.