Huge threats still targeting power grids

One year ago, the Stuxnet virus had just been discovered. A year’s worth of analysis still has not unlocked its secrets but it has had a profound influence upon the smart grid cyber security market. Utilities have – as many predicted – realized that their grids are no longer isolated or protected from attackers.

According to a new report from Pike Research, utilities’ initiatives to secure their infrastructure will drive increasing investment in cyber security systems, will total $14.0 billion during the period from 2011 through 2018.

“Smart grids need intelligence or they are not smart,” says senior analyst Bob Lockhart. “Adding that intelligence to grids will increase their attack surface and utilities know this. But the industry is still playing catch-up to the threats facing power grids: the greatest needs lie in securing control system segments including transmission upgrades, substation automation, and distribution automation. However, despite this, many cyber security vendors are still focusing on IT security functions such as smart meter security, revealing a critical gap between current security offerings and the needs of the market.”

Lockhart adds that several key market drivers have appeared or gained importance during the past year. European smart metering deployments that were in their early stages a year ago are into the deployment phase, even if completion dates may stretch beyond 2020.

The North American Electric Reliability Corporation (NERC) has begun issuing fines for non-compliance with its Critical Infrastructure Protection (CIP) reliability standards.

Utilities believe they will see greater benefits from distribution automation than from advanced metering infrastructure (AMI) and Pike Research’s forecasts indicate greater spending in that area.

“Much has changed for the positive in the smart grid security market,” says Lockhart.

“Unfortunately, one thing has not changed. Cyber security is still way behind the attackers. Even where strong countermeasures exist, they are not consistently deployed, and most sophisticated attackers look at smart grids from a systemic perspective while often the defenses have been installed in piecemeal fashion, without an architecture. This hands an enormous advantage to the attackers, one that the utility industry will grapple with neutralizing for years to come.”

Don't miss