Bringing Security to the Grid in an Unsecure World

It’s long been on the short-list of things that keep utility planners and security experts awake at night:  hackers find a way to enter the control system of critical infrastructure and command it against the interests of users.

Well, it appears to have finally happened:  in early November, a small water utility in downstate Illinois reportedly experienced a cyberattack from a source in Russia, in which a pump was repeatedly turned on and off until it failed.  The event is under investigation by the Department of Homeland Security and the FBI.

In some ways, it’s surprising that this first incident took so long to occur.  Hackers and terrorists are determined and many have access to the latest in technologies, while the information systems and governing architecture of the U.S. utility grid is essentially decades old.  The SCADA systems typically in use to manage utility assets are generally antiquated, with proprietary code, and who-knows-how-many bugs and loopholes and vulnerabilities since they were programmed by people who are now mostly either retired or dead.

There’s a lot of hype about “smart-grid” technologies to manage the grid and its assets for better efficiencies.  Not much of the smart-grid discourse centers on security issues.  But, it would be pretty stupid for a newly refurbished smart-grid to remain so vulnerable. 

I’ve heard from reliable sources that blowing up just a few of the most critical substations in the U.S. would cause prolonged and wide-reaching blackouts until new equipment such as large transformers could be fabricated, as quantities of these things don’t just sit on the shelf. 

Let’s hope that the relative silence about grid security in the smart-grid space is more a function of desired stealthiness than of inattention or neglect.