Private sector must heed new warning of grid vulnerabilities

Frost and Sullivan recently released its cybersecurity report, and like other reports of late, the news is not good.

“Incidents of network breaches and cyber espionage as well as the ever-increasing possibility of an effective cyberattack against the national critical infrastructure reveal an urgent need for more private-sector companies and the general public to understand the role the federal government plays in protecting our networks and confronting the cyber threat,” said Robert Ayoub, Frost and Sullivan’s network security research director.

Those words seem to echo time and time again, and yet only modest movement has been detected to address the “urgent need.” Some in the private sector point to the cost of addressing security across the U.S. critical infrastructure, while other believe that modernization must take place before we can increase critical infrastructure security up to an appropriate level. Now we see articles, postings and reports that say many of the smart grid components appear to fall short when it comes to security.

About a year ago, the National Institute of Standards and Technology issued a set of guidelines that defines a smart grid security architecture. These guidelines define at a high level the security requirements that need to be integrated into the design of the nation’s power grid. It would be unthinkable to move forward with the design and implementation of our nation’s next-generation power grid without incorporating security and taking advantage of the work that NIST has already done.

There are many pieces of proposed regulations at various stages of the legislative process that were drafted before the NIST guidelines and should be updated. Odds are that some percentage of the next-generation power grid will not use those guidelines, and that is absurd.