January 04, 2012, 2:24 PM — Near chaos. That's the current state of security for smart grids, according to Pike Research. A recent report by the research firm finds that a lack of security standards, a hodgepodge of products and increasingly aggressive malicious hackers will make 2012 a challenging year for securing smart grids. (A smart grid uses IT and smart meters in an effort to make electric utilities more efficient, reliable and sustainable.)
"After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand. Many attacks simply cannot be defended," says Bob Lockhart, an analyst at Pike Research.
But he adds: "There is hope." Lockhart says there's a "dawning awareness by utilities during the past 18 months of the importance of securing smart grids with architecturally sound solutions."
Smart-grid pioneer Andres Carvallo, a former CIO at Austin Energy and co-author of The Advanced Smart Grid: Edge Power Driving Sustainability (Artech House, 2011), says security is a complex situation. He notes that a fully secure smart grid requires secure edge devices, secure networks, secure data centers and secure applications.
Looking at the current state of affairs, Carvallo says "security from the application data center to the utility sub-station is pretty good." However, he says "security from edge devices back to the sub-station and/or data center needs a lot of work."
The hackers aren't waiting. "Development of cybersecurity solutions and standards has somewhat stalled, while the attackers are steaming ahead at full speed," Lockhart says. "While we do have lots of good point solutions available," he says, "they are just that: point solutions." The problem is that hackers find the gaps between those products.
Lockhart says that, outside of defense agencies, it's rare to find a utility with a well-planned smart grid security program that integrates those products into a working whole.