Utilities today are faced with the daunting task of securing their electronic and computer systems from potential cyber threats of increasing sophistication. Indeed, there is growing recognition among government officials and policymakers about the importance of cybersecurity measures for the grid, as media outlets ranging from GigaOm to NPR have reported.
There are a number of challenges in this realm, however, including difficulties around standardization of technologies and systems interoperability in a heterogeneous environment of devices and solutions from a diverse set of suppliers. This large and complicated landscape of legacy technology, reflecting a historical emphasis on electric reliability, needs to be secured.
Systems interoperability is an important dimension for utilities to consider in protecting against cyber threats. Today, cybersecurity solutions need to be customized to address a unique operating infrastructure that varies from utility to utility. Greater interoperability and standardization will streamline the task of securing grid infrastructure. On a positive note, our industry is putting an increasing emphasis on adoption of system interoperability standards, and developing or enhancing standards where gaps exist. In the realm of security applied to technology, the industry approach is to leverage existing standards to the greatest extent possible, and to incorporate security standards from the IETF, NIST and IEC/ISO to name but a few.
Commentators on security often emphasize challenges in the area of technology interoperability as a potential impediment to the adoption of secure solutions. It is true that getting the many and diverse utility electronic and computer systems to work together is no small task. However, it should be noted that the operation and management of cybersecurity programs also pose significant challenges for utilities as they seek to secure their systems from external threats. The challenges associated with operating cybersecurity measures can be just as difficult—if not more so—than the technology-related obstacles associated with achieving interoperability. Cybersecurity programs require utilities to evolve to a culture that emphasizes security as a top priority, and develop organizational and process maturity to effectively govern and operate infrastructures of daunting complexity. By simplifying the work involved in establishing and maintaining a robust cybersecurity program, systems interoperability and standardization will help utilities achieve their goal of securing their electronic and computer systems.
What are the biggest concerns you have about protecting against cyber threats at your utility? Please use the comment form to share your thoughts.