Energy Biz - July/August 2009 - (Page 22)
Security now mentalize network entry points. If a hacker compromises a meter, the network should lock him out of a utility’s SCADA systems. However, development of these next-generation devices is still in a nascent stage, and suppliers are trying to balance sometimes conflicting goals. ZigBee was not built to work with computers but instead with simple home devices, some so elementary that they consist of a network connection, an unsophisticated CPU, and a few AAA batteries. As a result, vendors have been trying to incorporate security functions into unsophisticated products, and the process has hit a bump or two. In 2008, Itron went back to the drawing board with OpenWay Collection Engine smart meters. The product was overhauled so it could support more sophisticated security functions. The vendor changed its meters’ processor chip by adding more processing power, memory and intelligence. Energy companies have been working to secure other network elements. A testing lab for SCADA products has been established at the Idaho National Laboratory. “Once energy companies know what the main vulnerabilities with SCADA systems are, they can incorporate that information into requirements on their procurement documents,” noted Alan Paller, director of research, of the SANS Institute. Smart grids offer energy providers many potential benefits, however, they are also fraught with possible danger, so what should energy companies do? “Moving to a smart grid will increase security risks, but the benefits are so great that it would be a modern day Luddite mentality for a company not to go forward,” concluded Garry A. Brown, commissioner of the New York State Public Service Commission. “The industry has done a lot of work to decrease those potential risks. If we keep eyes open and continue to have smart people working to mitigate the risk, then we will be able to move to a smart and secure grid.” Technical controls often used include, but are not limited to: providing cyber security Industry Steps Up bY DaViD baTz tOdAy’s nAturAl gAs trAnsMissiOn And distributiOn Ô firewalls to separate control systems from general corporate networks and the internet network intrusion-detection systems to alert operators of potential security events event-logging systems to capture and maintain information regarding the operational status of control networks Ô Ô Administrative controls often used include, but are not limited to: Ô Ô Ô systems depend on computer technology and supervisory control and data acquisition (SCADA) systems to operate safely and efficiently. In the United States alone, there are nearly 300,000 miles of transmission pipe and 1.2 million miles of distribution mains, 814,000 miles of service lines and about 65 million services. The need to provide effective cyber security is similar to challenges faced by bulk electric system and local power distribution providers, except that natural gas systems transport molecules, not electrons, and are equipped with safety devices, which are, in most cases, manually operable as federally required. But all of these groups depend on communications infrastructures, computer technologies, and people to safely and efficiently transport the energy product to the end user. Many utilities have employed a series of measures to protect the critical computer systems and networks that control the flow of energy over geographically dispersed facilities. These measures include the use of technical and administrative controls. 22 E n E rgyB i z Overall cyber-security policy and procedures change-management and change-control practices disaster-recovery and business-continuity planning and exercises One of the major challenges associated with providing cyber-security protection for energy system SCADA and process-control components is addressing legacy equipment. Corporate computer equipment, such as desktop computers, is generally replaced every three to five years. In contrast, natural gas SCADA components are often designed and priced to operate for a decade or more. Legacy systems may not be able to be patched or be able to effectively communicate with systems that use current encryption techniques. Another challenge with protecting energy systems is that, to enhance operational efficiencies, many of the energy SCADA and process-control systems have become connected to corporate business systems. Some of these connections have created a pathway for malicious computer programs or July/August 2009
For optimal viewing of this digital publication, please enable JavaScript and then refresh the page. If you would like to try to load the digital publication without using Flash Player detection, please click here.