New threats and security risks are emerging as utilities deploy Internet of Things (IoT) and cloud technologies. Mitigating these risks requires a combination of cybersecurity and physical security, putting a burden on both IT and operational technology (OT) staff.
The question for utilities is how they can simplify compliance for IoT-connected grids so they can focus on larger goals like improving reliability and safety, and turning grid data into business value. A recent Forbes Insights ebook, Securing the Smart Grid, sponsored by Intel and Cisco, delves into the modern security landscape for utilities investing in IoT, and explores ways to simplify compliance, mitigate risk and boost reliability.
Given the critical importance of the grid, security is a pressing concern. With controllers and sensors across a utility’s territory connecting to the Internet, the risks to grid resilience and reliability are sharply increasing. In simple terms, IoT connectivity creates many new entry points for both external and internal attackers. Dealing with these new challenges will require unprecedented collaboration between IT and OT staff.
All of these concerns are coupled with a need to meet strict regulatory standards. Utilities are among the most heavily regulated businesses in the U.S. due to their economic significance and their attractiveness as a target. But compliance with regulations does not necessarily equate to the highest standards of grid security.
As the industry adopts IoT and cloud technologies, utilities must enhance security while simplifying compliance. Doing so will allow administrators to focus efforts on improving public and personnel safety and transforming data from the grid into insightful business intelligence.
Development of the smart grid adds another dimension to the industry’s security challenges. “Certain smart meters can be successfully attacked, possibly resulting in disruption to the electricity grid,” according to the Government Accounting Office. It adds that control systems used in industrial settings, such as electricity generation, “have vulnerabilities that could result in serious damages and disruption if exploited.”
In short, the importance of grid-wide security is difficult to overstate. To thwart attacks, utilities must deploy comprehensive security that spans field devices, the communications network and the cloud. In other words, utilities need an end-to-end approach that integrates both IT and operations technology (OT).
In considering IoT, a simple model consists of data-generating devices connected to servers in the cloud, with the bulk of the application processing contained within the cloud servers. This scenario would buckle in the utility industry, however, since energy and grid management applications require much more distributed intelligence to cope with large amounts of data and rapid control response. As the IoT introduces millions of devices and latency-sensitive transactions, the traditional cloud approach will become even more strained.
The challenges of data overload and low latency response are addressed by fog computing. Fog computing allows applications to execute within the IoT network, providing the intelligence to analyze data locally and generate actions like closing a switch. By giving the routers and switches on the outskirts of networks the ability to handle computational tasks, organizations reduce the amount of data that needs to be sent to the cloud for processing, analysis and storage.
In the same fashion, utilities need to distribute security across the smart grid by smartening up the edge devices to be more security aware, and using the network as a sensor and enforcer of security policy. This way, if a hacker gains access to an endpoint, the hacker gets no further, as the intrusion is detected, network connectivity is restricted, and the endpoint is no longer trusted.
This article was written by Hugo Moreno from Forbes and was legally licensed through the NewsCred publisher network.