Making the case for security in the grid
Reports of stranded passengers on trains, traffic lights no longer working, and electric crematoriums shutting down were only a small subset of the implications following recent power outages experienced at the end of July 2012 for almost 700 million Indian citizens. I am referring to one of the world's worst power blackouts that affected 20 of the 28 Indian states. Almost three weeks after the failure of three of country's five electricity grids, the government provided a report to investigate the cause of the failure.
Included in the report was a section that focused on cyber Security which stated that 'Grid disturbance could not have been caused by a cyber attack. It does acknowledge that the Grid could be impacted by cyber attacks in the future. The recognition of such an impact being caused by a cyber attack was also discussed in the United States, where at the same time the U.S. Cybersecurity Act was being debated;
"All one needs to do is look at what is going on in India today. There are no cyber problems there that I am aware of, but one-half of the country of India is without electricity today," Senator Harry Reid, the Senate Majority Leader, said.
All of which leads us to the evolution to the modern grid, a world in which devices that are owned by end customers, grid operators, and a multitude of other third parties, will be interconnected. Such devices will process a wealth of personal data, and whilst the focus thus far has been on security risks, we must also consider the privacy risks.
Before the smart grid becomes ubiquitous, we have an opportunity to address these concerns by building controls into the design of such implementations. Unlike the world of cloud computing that is inundated with a plethora of standards resulting in confusion amongst customers and providers, operators have the opportunity to come out of recent disasters and provide confidence to their customers in their ability to provide a safe and secure service.
EMEA CTO McAfee