Utilities are taking actions to mitigate and
manage cybersecurity threats, according to David
Batz, director, Cyber & Infrastructure Security with
the Edison Electric Institute (EEI).
Utilities recognize this is “a new world,” Batz said
during TransmissionHub’s TransForum East in
Arlington, Va., on Dec. 6. “This is not your
parents’ utility anymore. There are new threats
[and] new threat actors. Security is a marathon,
except unlike a 26-mile marathon, I do not see an
end in sight. It’s a marathon and we have to do
[things] today to respond to today’s risks.”
Part of this is a need for a corporate culture
change inside utilities, which should recognize that
while they used to be successful “by being able to
smash coal into dust…put it on wires and send to our
load centers,” they now have to also be successful
on cybersecurity and risk management issues.
In today’s world, cyber attacks and cyber hacking
have become monetized and different ventures are
using cyber attacks as a ways to generate income,
Batz said, adding, “This poses a problem for
law-abiding citizenry and creates a problem for the
electric sector.”
Disgruntled insiders also pose a concern, he said.
“We’ve seen that [in] the government, through the
release of thousands and thousands of diplomatic
cables,” he said. “We can see when one person
decides to do something outside of the parameters of
what is expected, some of the damage that can happen
and so, not only is that true in government, but
frankly, it’s true in the electric companies.”
On the industry’s response to the issue, Batz noted
that EEI has launched the “EEI Threat Scenario
Project,” which identified nine major threats as
well as major mitigation elements that companies can
employ to reduce the impact of such threats. Those
elements were put into four categories, namely,
preparedness, prevention, response and recovery.
“The whole point of this was to continue an
engagement between the CEO, the CFO, the chief
security officer [and] the chief information officer
to say where are we doing well, where are we doing
less well [and] what makes sense in terms of
resource allocation,” he said.
Speaking with TransmissionHub after his
presentation, Batz said the cybersecurity threat is
real. The threat landscape is dynamic and utilities
are taking actions to mitigate and manage the
threat, he said.
“It’s important to remember that nobody, not the
U.S. government, not any nation-state, can, with
respect to cyber, reduce the threat to zero – nobody
can do it,” he said. “So, today, utilities are
actively engaged in implementing tools, processes,
people, technologies [and] all of these things to
manage the threat to an acceptable level.”
The introduction of smart grid technology brings
benefits and challenges, he said.
There are opportunities to enhance the visibility by
the utility into the operational state, particularly
for the distribution network, to be able to say,
there is an outage at this location and very quickly
respond to the outage, Batz said.
“We saw reports of that out of Hurricane Sandy where
certain utilities using information provided by
their smart grid deployment were able to respond
very quickly to local outages and reduce the time
required to recover for the customer,” he said.
He also noted that while corporate culture changes
are pretty challenging, it is important that they
continue to happen with respect to cybersecurity.
“Some of the things that we’re doing is to help
expand people’s imaginations to different threat
actors,” he said. “Threat actors may be more than
floods, wildfires [and] squirrels – there could be a
cybersecurity element of an adversary.”
Corina Rivera-Linares, senior analyst for
TransmissionHub, a unit of Energy Central
Copyright © 1996-2012 by
CyberTech,
Inc.
All rights reserved.
To subscribe or visit go to:
http://www.energycentral.com
To subscribe or visit go to:
http://www.energybiz.com