Delivering authoritative information and exclusive insight to the world's most discerning executives. More

Absolute Independence

We are beholden only to our customers and we fulfill on that promise every business day with trusted, timely, relevant and exclusive information through a growing number of premium news journals, special reports, virtual conferences and round tables. More

FOR IMMEDIATE RELEASE

Facebook LinkedIn Twitter Googleplus

Smart Grid Today Publishes Groundbreaking
Report on what experts call "the Weakest Link"
in US Grid Cybersecurity

ROCKVILLE, MD (August 22, 2013) -- Smart Grid Today published "The 2013 Fix," a free, exclusive report that includes “a nine-point action plan to begin understanding and controlling digitized distribution assets, ‘the weakest link’ in US grid cybersecurity.”

Utilities, state regulators and the US government can act now to curb looming cyber threats to the distribution side of the power grid, experts said in the report.

One expert consulted for the report described digitized power distribution assets as a "very far-flung network" filled with "a variety of sensors and tools… that are relatively easy to climb up onto a pole to access."

Progress toward the appropriate level of collaboration between federal and state regulators on cybersecurity for the distribution side of the power grid in the US is fragmented and does not match up with the seriousness of the threat, the report said.

An estimated 80-90% of the North American power grid lies beyond the scope of federal cybersecurity regulations.  Compounding matters is distribution assets' slow but seemingly impending transition to an IP-based network.  A smarter grid is a more vulnerable grid if cybersecurity is not handled at the outset of digitization, the report said.

Sources for "The 2013 Fix" included General Michael Hayden, former director of the Central Intelligence Agency (CIA) and the National Security Agency (NSA); Indiana Utility Regulatory Commissioner Carolene Mays; Curt Hébert, a former FERC chairman and former state regulator in Mississippi; Gib Sorebo, chief cybersecurity technologist at Science Applications International Corp (SAIC); Marzia Zafar, director of the Policy & Planning Division at the California PUC; Christopher Villarreal, a senior regulatory analyst at the California PUC, and Andy Ozment, senior director for cybersecurity on the National Security Staff at the White House.

What the experts said in the free report http://www.smartgridtoday.com/the2013fix can be jarring.

QUOTABLE: As there are opportunities for people to profit from manipulating the grid and as we get the smart grid technology out there more, we know that there will be more motivation to manipulate markets to take advantage of the automation to do a variety of things either through sabotage, financial manipulation or strategic gain -- so those are all coming.  -- Gib Sorebo, chief cybersecurity technologist at SAIC, in "The 2013 Fix"

Experts quoted in the report recognize securing the distribution-side of the grid will be an iterative process.  So the report focuses, in part, on actions that state regulators, utilities, FERC and the US Dept of Agriculture (USDA) can and should take this year to get the ball rolling.  And it acknowledges privacy concerns and provides some suggestions for dealing with them, too.

Combating territorialism, vagueness

"It is clear that the utility industry needs to develop an effective and routinized framework for collaborating on cybersecurity," Smart Grid Today Editor Brett Brune said in prepared remarks.  "Our recent reporting on the situation for the distribution side in the US, along with our July webinar titled 'Distribution-Side Cybersecurity: Where does the buck stop?' found territorialism and vagueness where eager cooperation and specificity are called for.

"But if you dig deep enough, there are answers to how to begin to fix the situation," he added.  "After moderating our revealing July webinar, Sean Lyngaas, our Washington reporter, conducted extensive interviews with the speakers and other high-level cybersecurity experts to put forth concrete proposals that would vastly improve the landscape. 

"Among them are adopting a 'business-case' approach instead of a 'compliance-based' approach to cybersecurity and applying lessons from President Barack Obama's executive order to the distribution side of the grid," Brune said.

Concrete steps explained

"We have heard repeatedly that distribution-side assets are the weakest link when it comes to cybersecurity on the US grid," he added.  "Today, we are providing an immediate action plan to help strengthen this weak link."

The cyber-threat experts Smart Grid Today assembled for "The 2013 Fix" were sounding an alarm, Brune said.  "It is time to elevate and quicken dialogue and action on distribution-side cybersecurity -- a matter that the smart grid industry need not wait for a catastrophe to address."

We asked the experts in the report to describe what they hoped would happen next in the US to start taking action to address the problems reported in the report and the webinar.

Smart Grid Today is including with "The 2013 Fix" a recording and transcript of "Distribution-Side Cybersecurity: Where does the buck stop?"  That webinar took a hard look at a challenging situation, setting a foundation for the report.

Information sharing blocked

"The sharing of timely and actionable information between industry and government in both directions is essential to mitigating potential threats," Hébert, who is now a visiting scholar at the Bipartisan Policy Center, said during the webinar.  "For industry, the location of the Electricity Sector Information Sharing & Analysis Center (ES-ISAC) at the North American Electric Reliability Corp (NERC) creates challenges with respect to sharing information with the government. 

"Because NERC is a compliance entity, utilities may be hesitant to share information for fear of triggering an audit or an investigation," he added.  "The potential liability concerns associated with sharing customer data with the government could also discourage utilities from sharing information.

Problem goes both ways

"Information sharing from government to industry also faces challenges," the former FERC chief noted.  "First, delays in releasing information to industry limit the value of that information.  For that reason, many utilities have begun to do their own intelligence and threat analysis. 

"With respect to information from intelligence agencies, few in the power sector have the high-level security clearances necessary to get receipt of classified information, which limits utilities' access to potentially important information about threats."

The executive order on cybersecurity that Obama signed in February told the US Dept of Homeland Security (DHS) to “expedite the processing of security clearances to appropriate personnel employed by critical infrastructure owners and operators.”

ABOUT SMART GRID TODAY: 

Smart Grid Today's mission is to deliver daily, unbiased, comprehensive and original reporting on emerging trends, applications and policies driving the modern utility industry -- in a signature format our founders have developed over decades in the trade news business, featuring highly concise and easy-to-understand news copy based on trusted reporting, exclusive interviews, informed analysis and strategic insights that our subscribers rely on to succeed every business day.  Smart Grid Today is published by Modern Markets Intelligence, Inc.

CONTACTS

Brett Brune
VP of Editorial
Modern Markets Intelligence, Inc.
888-907-1113
brett@mminews.com

Season Crawford
VP of Marketing
Modern Markets Intelligence, Inc.
888-678-4480
season@mminews.com

 

Code of Ethics

At MMI, we believe that our success and growth depends on maintaining the highest degree of ethical standards in all situations. Our industry is going through a period of rapid change, and with that comes new challenges, opportunities and ethical questions. Our Code of Ethics should serve as a guide for employees and managers dealing with ethical dilemmas. More

Core Values

To achieve our corporate mission, we have developed these governing principles: Integrity -- our role as a partner for success with each of our customers depends on honesty and ethical integrity in every word we write, every document we produce, every conference we produce and every decision we make along the way. More