Tuesday December 6, 2011 2:00 pm
How do we protect the power grid from a cyber attack?
Protecting the nation's electric grid from cyber attacks is imperative, but a lack of standards and a designated federal agency to handle the issue could hamper progress, according to a new study.
"With rapidly expanding connectivity and rapidly evolving threats, making the grid invulnerable to cyber events is impossible, [but] improving resilience to attacks and reducing the impact of attacks are important," according to the Massachusetts Institute of Technology (MIT).
The 268-page report focuses on the future of the electric grid, with a chapter on cybersecurity efforts.
"Much as cybersecurity was not a key factor in the design of the Internet, cybersecurity has not been a high priority—until recently—in designing grid components," researchers concluded.
It's not cheap to secure the grid, however. A 2011 report from the Electric Power Research Institute (EPRI) estimated that it would take at least $3.7 billion to secure grid cybersecurity. Trouble is, "the probability of a serious event is still very low," so it's difficult to get businesses to invest in grid cyber efforts.
That could change as more and more devices come on to the grid, and consumers turn to generating their own electricity via fuel cells, wind turbines, solar roofs, and the like.
"The new grid technologies discussed in this study will generate large amounts of data very rapidly, which will necessitate data communications networks with increased capacity, reduced latency (delay in transmitting and receiving), and higher reliability than is required today," researchers said.
In all likelihood, however, these technologies will not all be built using the same standards, and will require some cooperation from device makers.
"The successful integration of advanced data communications into electric grid control and operations will depend on utilities incorporating these new technologies and the extent of interoperability among different data communications technologies," the report said. "Standardization around a set of communications protocols is critical to achieving interoperability."
But just as there is fragmentation among devices, there is also fragmented oversight. "There is currently no national authority for overall grid cybersecurity preparedness," the report said.
The Federal Energy Regulatory Commission (FERC) and North American Electric Reliability Corporation (NERC) handle cybersecurity standards development and compliance for the bulk power system, but no one agency handles cybersecurity issues. The White House wants Homeland Security to manage it, but Congress has suggested that FERC and the Energy Department handle it.
Earlier this month, there were reports that an Illinois water utility had been hacked, resulting in the destruction of a water pump. But DHS and the FBI said there was no evidence of a cyber attack and it was later revealed that the controversy was a big misunderstanding.
This article, written by Chloe Albanesius, originally appeared on PCMag.com and is republished on Gear Live with the permission of Ziff Davis, Inc.
- Related Tags:
- cyber attack, electric power research institute, epri, federal energy regulatory commission, ferc, massachusetts institute of technology, mit, power grid