London, UK — Open any energy industry journal, trade mag or website and one phrase will leap off the page: smart grids have dominated the conversation for generators, operators and commentators alike for years. And for good reason. As global population growth continues to accelerate in the coming decades, especially in urban areas, smart information and communication technologies will be at the forefront of the effort to improve the efficiency and effectiveness of utility systems and services – everything from power to water to transport.
Indeed, a study from cleantech analyst firm Pike Research forecasts that investment in smart technology infrastructure will total $108 billion during the years from 2010 to 2020, by which annual sector spending will reach nearly $16 billion.
But for all the undoubted benefits a shift to smart infrastructures will bring, a major challenge is looming: that of securing such networks from malicious attacks, natural disasters and other potential security breaches.
“Smart grid cyber security is significantly more complex than traditional IT security,” says Pike Research senior analyst Bob Lockhart. “It is a common misperception that IT networks and industrial control systems (ICS) have the same cyber security issues and can be secured with the same countermeasures. They cannot. To successfully secure the electrical grid, utilities and their key suppliers must design solutions that effectively bridge the worlds of information and operations technology.”
One issue is that many industrial control systems have seemed secure simply by being isolated from IT networks. Another is that IT and operations groups at utilities often do not communicate effectively with each other, providing a cultural barrier to the success of smart grid deployment.
As such, Lockhart believes that industrial control systems are one of the most important areas in need of greater focus and investment. “ICS networks have traditionally been neglected from a cyber security standpoint because a majority of security practitioners have an IT background and do not understand ICS, and because many of the ICS networks are older or physically isolated from mainstream networks,” he says. “However, the recent Stuxnet attack against Windows-based SCADA control servers has raised awareness of the need for ICS protection, and also debunked the security-by-obscurity approach taken in many ICS circles.”
Addressing such complacency is vital to the viability of the smart grid concept, argues Lockhart. To date, the industry focus has been on getting smart grids up and running, often with little consideration for cyber security issues. But while implementation is a still a major focus for most utility providers, Lockhart believes that investment in securing the grid is slowly gaining momentum: according to his research, the smart grid cyber security sector will grow 62 percent between 2010 and 2011, and by 2015 annual worldwide market spending on cyber security hardware, software and professional services will reach $1.3 billion.
It represents a lucrative market for vendors. “Encrypted communications and malicious software suppression are two examples of steps that utilities will take in securing their smart grid infrastructure,” says Lockhart. “However, cyber security needs are actually much broader than these traditional segments, and the expanded requirements for grid security will drive a flurry of innovation and deployment activity within the industry.”
Beyond smart metering, areas such as intelligent transmission, automated distribution and substations also present cyber security concerns.
Smart grid cyber security is just one of the topics on the agenda for the Next Generation Utilities Summit US 2011 that takes place at the Fairmont Scottsdale Princess in Scottsdale, Arizona, from 7-9 November. This closed-door summit, hosted by GDS International, features some of the leading voices in the North American utilities sector, including Dennis Eccleston, CIO of the New York Power Authority; Johnny Magwood, Chief Customer Officer at Northeast Utilities; Stephen Woerner, Chief Information Officer of Constellation Energy; and Ted Reguly, Director of the Smart Meter Program Office at SDG&E.