Smart
meters are coming – the first wave of the "Internet of Things." Which
means that, quite suddenly, electric utilities must deal with a
fundamental and critical information security challenge.This is new, very new. To be sure, from its earliest days as ARPAnet, the Internet has been drawn its power almost entirely from the electric utility grid. Organizations might have generators that could kick in during a power outage, but day in and day out, PCs and servers get their power from the plug. Your laptop and mobile device may run on a battery, but sooner or later – usually sooner – you need to plug it in to recharge.
Until very recently, however, the relationship between electric utilities and the Internet ran only one way. The utilities provided the juice, but they themselves were not online, or barely so. They sent meter readers around each month to read customers' electric meters. A clerk typed the readings into the billing system. Only then did IT get involved.
For the utility industry, information security was almost entirely a matter of protecting customers' account information. This was an important job, but a fairly straighforward one. And it had nothing to do with securing the power grid itself.
That was then; this is now: As Jessica Kennedy notes at theenergycollective, the spread of "smart" electric meters is transforming the formerly passive Internet role of electric utilities. The grid is now monitoring its users and responding to them in real time – posing a critical security challenge.
On one level the challenge is a matter of user privacy. Your electric power usage pattern is all too revealing of your habits and lifestyle. Transmitted to unauthorized persons it could make burglary the latest in cybercrime. Or be misused in scores of other ways.
In the wrong hands, control of information from smart meters could also threaten the grid itself. At minimum, false data on electrical demand could trigger electric power stations to go off line, leading to cascading blackouts. Potentially such false could overload equipment, causing physical damage that cripples the grid for weeks or months.
Responding to these threats and risks, the Department of Energy (DOE) put out an official notice last year advising utility companies to make cybersecurity a top priority. Among the recommendations is that utility firms appoint a security officer who reports directly to top management. The recent National Defense Authorization ACT (NDAA) of 2013 further provides utility security funding to the DOE.
Smart meters are only the beginning of the Internet of Things. The good news is that government and industry are beginning to respond to the new security challenges that it will pose.
The security principles set forth in industry standard ISO/IEC 27002 provide a framework for effective security, built around the cycle of Plan, Do, Check, and Act (PDCA). Many good security products are on the market, but all are designed to meet specific threats – and will not block other threats. At GRT Corp. our security philosophy is built aroun
Nenhum comentário:
Postar um comentário