As if federal IT managers didn't have enough cybersecurity concerns, the coming of intelligent electrical supply systems will bring a new challenge: smart grid system security.
A lot of money has been spent on the smart grid, which is controlled by SCADA, but there have been too many instances where [hackers] have found ways of getting into it through the backdoors.
Senior AttorneyFederal Communications Commission's Public Safety and Homeland Security Bureau
"I'm worried about Supervisory Control and Data Acquisition [SCADA] systems," said David Ward, a senior attorney in the Federal Communications Commission's Public Safety and Homeland Security Bureau. "I'm worried about their vulnerability. A lot of money has been spent on the smart grid, which is controlled by SCADA, but there have been too many instances where [hackers] have found ways of getting into it through the backdoors of the power company networks themselves. That keeps me up at night."
SCADA systems and other energy-control systems are the brains that operate and monitor the nation's electrical-supply infrastructure. Early SCADA system designs didn't anticipate the security threats posed by the reliance today on common software and operating systems , public telecommunications networks and the Internet, according to the National Institute of Standards and Technology. As a result, the energy sector is faced with an unprecedented challenge to provide SCADA security as technologies such as smart meters come online, NIST officials said.
"Hackers can penetrate a network and gain access to control systems," Annabelle Lee, senior cybersecurity strategist at NIST, told a panel on smart grid security at the Symantec Government Symposium in Washington on June 22. "But it's not necessarily cybercriminals. You also need to worry about the insider."
Encryption a key cybersecurity technology
The federal government is playing a major role in establishing cybersecurity standards and specifications for smart grid control systems. NIST and the Energy Department's Office of Electricity Delivery and Energy Reliability (OEDER) are working with private sector energy providers, state and local agencies and key federal agencies, such as the Defense Department, the Homeland Security Department and Defense intelligences agencies, to put together a comprehensive set of guidelines for smart grid cybersecurity. NIST expects to publish the second draft of the document this month, Lee said.
The document will contain new standards for smart grid cryptography and key management, Lee said. "Key management is going to be a critical area for the smart grid," she said. "You really need to have good cryptography."
Jose Iglesias, vice president for global solutions at Symantec Corp., noted that each node in a smart grid has an IP address, making those nodes vulnerable to cyberattacks. "Think of each node basically as a computer, like a laptop, that is running Windows or Red Hat Linux or some other operating system all the way down to the meter," he said. "Each node has memory, storage and other capabilities."
As heavy users of energy, federal agencies will face a range of smart grid security issues. Managers of government data centers, for example, will have to be proactive, said Bill Hunteman, senior advisor for cybersecurity for Energy's Office of Electricity Delivery and Energy Reliability, who termed the smart grid a vital national security issue. "Closer interaction with the grid and the utilities suppliers is going to be very important for them," he said.
Next: What are the security vulnerabilities for agencies through the smart grid and SCADA systems and how can they prepare to meet them?
About the author:
Richard W. Walker is a freelance writer based in the Washington, D.C., area who has been covering issues and trends in government technology for more than 10 years.
This was first published in July 2010