The US Department of Energy said it would spend $8.5 million to set up a "National Energy Sector Cyber Organization" that would help protect the nation's bulk power electric grid and help integrate smart grid technology with the electric grid.
The idea is to set up an independent national energy sector cyber security organization that would hopefully speed research, development and deployment priorities, including policies and protocols, the DOE stated.
Layer 8 Extra: 12 mad science projects that could shake the world
Recently the DOE's acting assistant secretary, Patricia Hoffman stated: "The scope and nature of security threats and their potential impact on our national security require the ability to act quickly to protect the bulk power system and to protect sensitive information from public disclosure. At the same time, we must continue to build long-term programs that improve information sharing and awareness between the public and private energy sector.
"The electric system is not the Internet. It is a carefully tended and balanced system that is critical to the Nation and the people. We must continue to strive towards an electric system that can survive an intentional cyber assault with no loss of critical functions," she stated.
According to the DOE such an organization could help address a number of key challenges, including:
- Articulating the business case for addressing control system vulnerabilities, threats, technologies, and needs.
- Creating an environment to promote information sharing about real-world, cross-sector attacks.
- Developing and implementing wire encryption technology to protect communication links.
- Continuing funding and use of the National SCADA Test Bed.
- Developing security solutions for legacy systems.
- Identifying best practices for connecting legacy systems to business networks.
- Developing a security plan for incident response and recovery.
- Developing an automated system for managing security events.
- Agreeing on metrics/standards for measuring security.
- Identifying effective gateway security tools.
- Ease of sophisticated attack. Cyber attack tools are becoming more sophisticated, while the knowledge required to use them is decreasing.
- Reliance on commercial software. Many software programs used in control systems are produced outside the US and fail to address US security concerns.
- Evolution toward distributed networks. Interconnected, web-enabled systems provide multiple points of entry for cyber attacks.
- Competitive energy market. Competitive pressures can deter private industry from investing in more secure control systems.
- High performance requirements. The high performance and reliability required of control systems may deter private industry from trying improved software and tools.
- Uneven, fragmented funding and operation. Resources for defining and testing control system vulnerabilities have been limited and inconsistent.
It is paramount that smart grid devices and interoperability standards include protections against cyber intrusions and have systems that are designed from the start (not patches added on) that prevent unauthorized persons from gaining entry through the millions of new access points created by the deployment of smart grid technologies, Hoffman stated.
Layer 8 in a box
Check out these other hot stories: