Industry working to address smart grid security threats


Miami, FL, U.S.A. — (METERING.COM) — March 26, 2009 – A recent news report from CNN, subsequently carried by other organizations, about security threats to the smart grid have raised the spectre that the industry is not properly addressing this issue, but this is far from the case.

“America’s electric utilities, their vendors and advisors have been aware that smart grid systems carry the risk of outside malicious abuse,” says Howard Scott, managing director of Cognyst Advisors. “Long before CNN reported on these risks, the industry was actively working to build levels of encryption into its systems that far exceed the techniques used by most other industries. In addition, the metering industry has been aggressively working to identify other ways that malicious behavior could harm the performance of the world’s electric utilities and to mitigate those risks before they become real.”

On March 20 CNN reported a finding by professional security services firm IOActive that an individual with a background in electronics and software engineering and $500 of equipment and materials could take command and control of advanced metering infrastructure (AMI), allowing for the en masse manipulation of service to homes and businesses.

Among recent actions by the industry earlier this month the first set of AMI System Security Requirements was released by the Advanced Metering Infrastructure Security (AMI-SEC) Task Force (see AMI system security requirements released). These requirements were developed from commonly accepted practices in both industry and government and involved input from eleven leading North American utilities.

Last week also the Federal Energy Regulatory Commission (FERC) put out a proposed policy statement and action plan focused on the development of key standards, including cyber security standards, for interoperability of smart grid devices and systems (see FERC proposes policy and action plan to accelerate smart grid development in U.S.).

“The security and reliability of the transmission system is of paramount concern to the Commission,” said FERC chairman Jon Wellinghoff in a statement on the proposed policy and action plan. “Therefore, it is appropriate that the first priority we articulate in this statement is for the development of standards to ensure the reliability and security, both physical and cyber, of the electric system.”

“The [CNN] report is incomplete and out of date,” said Scott in a statement read in the closing session of the 10th Metering, Billing/CIS America in Miami, FL.

“The industry is aware that that no one can ever fully prevent malicious individuals from inflicting harm and so its responsibility will never end,” continued Scott, adding: “One can only hope that news organizations like CNN similarly approach this topic with responsibility. It is the industry’s fondest hope that CNN will show benign neglect to this topic, to not hide what is true, but to also not educate those who want to undermine the infrastructure of modern societies.”