Cybersecurity vulnerabilities result from system integrity

subscribe

Cybersecurity is a major threat to utilities' operations, said John Shaw, a senior vice president with Industrial Defender, at the Utilities Telecom Council's annual conference.

As a result, it is essential to protect the nation's electrical grid as rogue forces could use it as a weapon of mass destruction. However, Shaw doesn't believe that most security threats against the electrical grid stems from outside the nation. Instead, security breaches happen at a more practical level.

"It's about basic system integrity, malware coming in over the internet and getting on to a PC that's connected to a [utility's] control system," he said. "There's also just basic mistakes and human error."

In fact, Shaw said cybersecurity strategies should focus on deploying best practices and putting in efficient change control procedures to improve reliability, including adhering to the mandated NERC Standards CIP-002 through CIP-009 that provides a cybersecurity framework for the identification and protection of critical cyber assets.

"That's what security is about," he said. "Every time someone opens a connection they need to close it. It's also about keeping software and operating systems up to date. So we get into issues of data integrity when talking about cybersecurity."

In addition, wireless does not, in itself, make utilities more vulnerable to issues of cybersecurity, Shaw said. Although wireless does create some extent of openness, intrusion detection software protects networks. He said such defense-of-depth strategies are crucial and the use of layered security defenses in an application can reduce the chance of a successful attack. In addition, incorporating redundant security mechanisms requires an attacker to circumvent each mechanism to gain access to a digital asset. For example, a software system with authentication checks may prevent an attacker that has subverted a firewall.

Shaw said defending an application with multiple layers can prevent a single point of failure that compromises the security of the application.

"I don't think wireless by itself or decreases the threat but it does show the critical importance of having multiple layers of security," Shaw said. "In fact, just because [cyber attackers] can get through the physical access layer of wireless, and maybe get through that first encryption layer to a connection point, that should not give them very much power by itself."

Related News

coal plant

First US coal plant in years opens where no options exist

WASHINGTON - One way to boost coal in the US: Find a spot near a mine with no access to oil or natural gas pipelines, where it’s not particularly windy and it’s dark much of the year.

That’s how the first coal-fired plant to open in the U.S. since 2015 bucked the trend in an industry that’s seen scores of facilities close in recent years. A 17-megawatt generator, built for $245 million, is set to open in April at the University of Alaska Fairbanks, just 100 miles from the state’s only coal mine.

“Geography really drove what options are available to us,”…

READ MORE
electricity in restaurant

Extensive Disaster Planning at Electric & Gas Utilities Means Lights Will Stay On

READ MORE

china power lines

There's a Russia-Sized Mystery in China's Electricity Sector

READ MORE

doe logo

U.S. Launches $250 Million Program To Strengthen Energy Security For Rural Communities

READ MORE

lake erie connector

The CIB and private sector partners to invest $1.7 billion in Lake Erie Connector

READ MORE