recommended reading

Billions in stimulus funding hasn’t made power grids safer, survey says

PhotoXpress

A majority of energy security practitioners do not believe economic stimulus-funded smart grid projects sufficiently protect the nation against cyberattacks, according to findings reported on Monday by an Energy Department-funded public-private partnership.

The 2009 American Recovery and Reinvestment Act has paid out $2.5 billion to modernize the U.S. electric system by digitizing the way power is distributed to consumers, according to Energy financial submissions. Program plans from June 2009 stated that one goal of the initiative, which will disburse $4.5 billion, was to “enhance security and reliability of the energy infrastructure.”

When asked if smart grid projects adequately addressed security, 67 percent of participants surveyed by the public-private group, EnergySec, said, no. The March 2012 survey questioned 104 energy security professionals.

EnergySec chief executive officer Patrick Miller speculated that security specialists and businesses may have different perceptions about the lasting effect of today’s security controls. “It’s not as if the vendor is approaching this irresponsibly,” he said. “What may have been implemented, though it could be considered good security, will it stand the test of time?”

Hackers are innovating as fast as smart grid suppliers. “There was a flood of government money that came in,” Miller said. “And innovation is a good thing. But it’s very hard to keep pace with security when you are innovating this fast.”

Energy officials said all recipients of smart grid investment grants were required to develop cybersecurity plans explaining how they would identify risks, resolve them and ensure a stable cybersecurity posture.

“The Energy Department takes very seriously the responsibility of managing and overseeing its smart grid grants to protect taxpayer funds and ensure that projects are moving forward effectively to modernize our nation’s electric grid,” Energy spokeswoman Keri Fulton said in a statement.

Officials added that the Obama administration has proposed cybersecurity legislation that would establish a rulebook for enhanced cooperation between the government and energy operators nationwide. “This will clarify ways in which government and industry can share information about cybersecurity threats more effectively and strengthen the criminal penalties for those who take action to disrupt the grid,” Fulton said.

The survey also found that most professionals -- 60 percent -- did not think the federal government should regulate the smart grid industry. Miller wrote in the report that in digital power delivery, which spans local, state and federal regulatory lines, “a federal one-size-fits-all approach may significantly slow down progress.” But he acknowledged “potential inconsistencies in regulatory approaches may introduce complexity and risk smart grid landscape. Either model, whether state or federally regulated, comes with pros and cons. I see the regulatory oversight of the smart grid as one of our biggest challenges with the least obvious solution."

Privacy invasions, energy theft and terrorist-induced power outages are a few of the concerns surrounding the new technology. Miller said, “I don’t think any of those are cataclysmic or catastrophic kinds of risks.” Manipulating widespread outages through the smart grid infrastructure would be enormously difficult to do, he added.

Most security experts surveyed, 53 percent, said the hype about invasions of privacy associated with smart meter consumer data is overblown. “I expect to the smart grid industry to struggle with several challenges around who ultimately owns customer data,” Miller wrote in the report. “There are several gray areas that impact how smart grid customer data will be used as the industry attempts to maximize revenue potential. Even seemingly innocuous customer data has significant value -- just ask Facebook or Google."

Cybersecurity compliance firm nCircle partnered with EnergySec on the survey.

Threatwatch Alert

Stolen laptop

Wireless Heart Monitor Maker to Pay $2.5M Settlement to HHS After Laptop Stolen

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.