Government Technology

    Digital Communities
    Industry Members

  • Click sponsor logos for whitepapers, case studies, and best practices.
  • McAfee

Smart Grid Security: No Hype Allowed



August 17, 2010 By

This article -- courtesy of Muniwireless -- is an edited conversation with Mike Ahmadi, cyber security consultant and conference chairman of the two-day Cyber Security Conference and Expo that took place last week in San Jose, Calif. Ahmadi offered his insight and reflected on panelists' presentations regarding where we are and where we need to be in smart-grid security.

Security Costs vs. Economic Impact

Ahmadi:  Security is a very dynamic environment, and keeping current with what is going on in the world of security is no small task. First of all, despite what anyone may tell you, security is about economics. Ultimately the biggest driver for any organization to secure anything is to prevent getting hit in the pocketbook.

Karisny:  Scott Borg, director and chief economist, U.S. Cyber Consequences Unit addressed calculating the value of smart-grid security compared to the expense of a power-grid security breach. What points did you find most important?

The most striking point? The economic models he and his associates created showed that 3-4 days without power is essentially inconsequential from an economic standpoint.  Any organization can recover from this relatively short plunge into the "Dark Ages." As you approach the fifth day, however, things change quickly. There is a precipitous drop in economic activity, and by the seventh day the economy is at 30 percent capacity. This was quite startling to many in the crowd, and emphasized the importance of not underestimating the consequences of a prolonged failure in the grid. 

I would strongly suggest those who are interested in a comprehensive look at how the Smart Grid will shape the security market to purchase Pike Research's excellent report. According to their research, there will be opportunities for security component manufacturers, security software vendors, identity and authentication management solutions, and consulting services (just to name a few).

Media Scare Stories

The media has bombarded the public with articles warning of cyber-security threats.  How would you assess hype from reality, and what points did your best practices panel make for threat scenarios we should really expect in the next few years?

The news media is indeed driven by sensationalist and entertaining stories, and this can, at times, lead to those who a story targets being a bit upset, which can create a cascading effect.  Elinor Mills of CNET stated that when she hears information about AMI security flaws, she tries to get information from the vendors, but they either do not respond at all or deliver somewhat canned responses.  Robert Former of Itron stated that his employers have instructed him to not share information without prior approval from his organization in order to avoid bad press.  What was suggested (and well received) was for vendors and other stakeholders to build a relationship with members of the media in order for them to better understand each other, and that this would perhaps lead to less sensationalism.  Hopefully this will pan out, but only time will tell.

Matt Carpenter of Inguardians asserted that the biggest threat will probably come from organized crime syndicates who will use the threat of exploits as a means of extortion. While the panelists acknowledged that random hackers may cause some trouble, they will probably not be as troublesome as some have postulated.

I find it interesting that the conference ended focusing on the concern of potential of bad press or worse press sensationalism.  With the importance of moving forward in addressing real smart grid cyber security issues, we need to get beyond government and business political properness and start addressing the real task at hand: 


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Digital Cities & Counties Survey: Best Practices Quick Reference Guide
This Best Practices Quick Reference Guide is a compilation of examples from the 2013 Digital Cities and Counties Surveys showcasing the innovative ways local governments are using technological tools to respond to the needs of their communities. It is our hope that by calling attention to just a few examples from cities and counties of all sizes, we will encourage further collaboration and spark additional creativity in local government service delivery.
Wireless Reporting Takes Pain (& Wait) out of Voting
In Michigan and Minnesota counties, wireless voting via the AT&T network has brought speed, efficiency and accuracy to elections - another illustration of how mobility and machine-to-machine (M2M) technology help governments to bring superior services and communication to constituents.
Why Would a City Proclaim Their Data “Open by Default?”
The City of Palo Alto, California, a 2013 Center for Digital Government Digital City Survey winner, has officially proclaimed “open” to be the default setting for all city data. Are they courageous or crazy?
View All