Securing the new IT infrastructure of the power grid against cyber-attack is going to be big business, but that’s not because it makes money for the utilities that are buying it. Instead, today’s smart grid cybersecurity investments are mostly about meeting regulations, satisfying shareholders, and trying to justify the costs …
…one of the key tenets of cybersecurity is that you don’t talk about cybersecurity — at least, not the specifics of how you’re discovering, isolating, eliminating and building new protections against new intrusions and attacks that change from day to day.
Those threats can range in intent from simple intrusion and data theft, to full-scale attempts to take over control systems, and can vary in sophistication from cheesy password-stealing scams to sophisticated “advanced persistent threats” coming from shadowy government-backed, quasi-criminal “hacktivist” and mercenary groups.
In North America, much of that spending is being driven by the North American Electric Reliability Corporation (NERC)’s Critical Infrastructure Protection (CIP) requirements. Covering the U.S. and Canada, these rules come with stiff fines of up to $1 million per day for utilities that can’t prove they’re meeting security guidelines, and newer versions add a lot more serial-connected smart grid assets to their purview. The Department of Energy’s $4.5 billion in stimulus grants also came with cybersecurity strings attached, as outlined by the ongoing government-industry work being coordinated by the U.S. National Institute of Standards and Technology, or NIST.
See on www.greentechmedia.com