Watchdogs sniff out 6 critical cybersecurity challenges facing the electrical grid

GAO says features, regulation, compliance issues dog smart grid cybersecurity

As the country's electricity grid undergoes a transformation and moves toward a more intelligently networked, automated system, it faces an increasing amount of cybersecurity issues.

Watchdogs at the Government Accountability Office today said while the increased use of smart grid systems may have a number of benefits, "including improved reliability from fewer and shorter outages, downward pressure on electricity rates due to the ability to shift peak demand, an improved ability to transmit power from alternative energy sources such as wind, and an improved ability to detect and respond to potential attacks on the grid," many challenges remain.

For more: U.S. backs 10 Smart Grid projects with $34M to bulk up cybersecurity

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

As the country's electricity grid undergoes a transformation and moves toward a more intelligently networked, automated system, it faces an increasing amount of cybersecurity issues.

Watchdogs at the Government Accountability Office today said while the increased use of smart grid systems may have a number of benefits, "including improved reliability from fewer and shorter outages, downward pressure on electricity rates due to the ability to shift peak demand, an improved ability to transmit power from alternative energy sources such as wind, and an improved ability to detect and respond to potential attacks on the grid," many challenges remain.

For more: U.S. backs 10 Smart Grid projects with $34M to bulk up cybersecurity

From its report, the GAO identified the following six challenges that are key to ensuring the cybersecurity of the nation's electricity grid.

• Lack of information: Consumers are not adequately informed about the benefits, costs, and risks associated with smart grid systems. Specifically, there is concern that consumers are not aware of the benefits, costs and risks associated with smart grid systems. This lack of awareness may limit the extent to which consumers are willing to pay for secure and reliable systems, which may cause regulators to be reluctant to approve rate increases associated with cybersecurity. As a result, until consumers are more informed about the benefits, costs and risks of smart grid systems, utilities may not invest in, or get approval for, comprehensive security for smart grid systems, which may increase the risk of attacks succeeding.

• Lack of focus: Utilities are focusing on regulatory compliance instead of comprehensive security. The existing federal and state regulatory environment creates a culture within the utility industry of focusing on compliance with cybersecurity requirements, instead of a culture focused on achieving comprehensive and effective cybersecurity. Specifically, experts told the GAO that utilities focus on achieving minimum regulatory requirements rather than designing a comprehensive approach to system security. In addition, one expert stated that security requirements are inherently incomplete, and having a culture that views the security problem as being solved once those requirements are met will leave an organization vulnerable to cyber attack. Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk.

• Lack of security features: There is a lack of security features being built into smart grid systems. Security features are not consistently built into smart grid devices. For example, our experts told us that certain currently available smart meters have not been designed with a strong security architecture and lack important security features, including event logging and forensics capabilities which are needed to detect and analyze attacks. In addition, the GAO stated that smart grid home area networks — used for managing the electricity usage of appliances and other devices in the home — do not have adequate security built in, thus increasing their vulnerability to attack. Without securely designed smart grid systems, utilities will be at risk of not having the capacity to detect and analyze attacks, which increases the risk that attacks will succeed and utilities will be unable to prevent them from recurring.