Smart grid cybersecurity: Resources, evolving threats and leaders

Published: Tue 25 Mar 2014
A blog entry by Smart Grid Watch

Contributed by:

Smart Grid Watch
Smart Grid Blog
Siemens

Smart Grid Watch's Blog

Cybersecurity threats are a growing and ever-shifting challenge for utilities, consumers, and smart grid solution providers. Fortunately, new tools and resources are emerging to combat these threats, and leaders are emerging among solution providers.

In February, the U.S. Dept. of Energy updated its Electricity Subsector Cybersecurity Capability Maturity Model (ES-C2M2), originally introduced in 2012 as part of a White House-led initiative. This model helps electric utilities and grid operators assess their cybersecurity capabilities and prioritize actions and investments to address this issue.

According to U.S. DOE, this model "blends elements from existing cybersecurity efforts into a common tool that can be used consistently across the industry." In addition to the maturity model, it includes an evaluation tool, a facilitators guide for self-assessments, and a toolkit.

Also in February, the U.S. National Institute of Standards and Technology released the first version of its Framework for Improving Critical Infrastructure Cybersecurity, in response to a Presidential Order to address improvements to the U.S. critical infrastructure. This Framework attempts to outline a mechanism for cyber risk related communications, both internally and externally (with stakeholders).

In November, InfinitiResearch published a major report on the global smart grid cybersecurity market 2012-2016.

This report notes that the lack of disclosure mechanisms is a significant concern for smart grid cybersecurity. "Various electric utilities across the world are reluctant to disclose the occurrence of smart grid cyberattacks, due to the fear of more grid vulnerabilities being exposed. If more vulnerabilities are exposed, it would reduce customer loyalty."

Mayur Rao (Manager, Cyber Security & Enterprise Integration, Siemens Smart Grid North America), notes: "When it comes to sharing information about their cyber-related vulnerabilities, utilities are concerned about compliance rules and penalties set forth by organizations such as the North American Electric Reliability Corp. NERC is considering creating a information-sharing forum that would utilities to maintain privacy without penalizing them for sharing critical information about vulnerabilities."

InfinitiResearch noted several solution providers that have emerged as global leaders in smart grid cybersecurity. In addition to Siemens, these include BAE Systems, IBM, VeriSign, Lockheed Martin and others.

Read more at Smart Grid Watch!