recommended reading

Billions in stimulus funding hasn’t made power grids safer, survey says

PhotoXpress

A majority of energy security practitioners do not believe economic stimulus-funded smart grid projects sufficiently protect the nation against cyberattacks, according to findings reported on Monday by an Energy Department-funded public-private partnership.

The 2009 American Recovery and Reinvestment Act has paid out $2.5 billion to modernize the U.S. electric system by digitizing the way power is distributed to consumers, according to Energy financial submissions. Program plans from June 2009 stated that one goal of the initiative, which will disburse $4.5 billion, was to “enhance security and reliability of the energy infrastructure.”

When asked if smart grid projects adequately addressed security, 67 percent of participants surveyed by the public-private group, EnergySec, said, no. The March 2012 survey questioned 104 energy security professionals.

EnergySec chief executive officer Patrick Miller speculated that security specialists and businesses may have different perceptions about the lasting effect of today’s security controls. “It’s not as if the vendor is approaching this irresponsibly,” he said. “What may have been implemented, though it could be considered good security, will it stand the test of time?”

Hackers are innovating as fast as smart grid suppliers. “There was a flood of government money that came in,” Miller said. “And innovation is a good thing. But it’s very hard to keep pace with security when you are innovating this fast.”

Energy officials said all recipients of smart grid investment grants were required to develop cybersecurity plans explaining how they would identify risks, resolve them and ensure a stable cybersecurity posture.

“The Energy Department takes very seriously the responsibility of managing and overseeing its smart grid grants to protect taxpayer funds and ensure that projects are moving forward effectively to modernize our nation’s electric grid,” Energy spokeswoman Keri Fulton said in a statement.

Officials added that the Obama administration has proposed cybersecurity legislation that would establish a rulebook for enhanced cooperation between the government and energy operators nationwide. “This will clarify ways in which government and industry can share information about cybersecurity threats more effectively and strengthen the criminal penalties for those who take action to disrupt the grid,” Fulton said.

The survey also found that most professionals -- 60 percent -- did not think the federal government should regulate the smart grid industry. Miller wrote in the report that in digital power delivery, which spans local, state and federal regulatory lines, “a federal one-size-fits-all approach may significantly slow down progress.” But he acknowledged “potential inconsistencies in regulatory approaches may introduce complexity and risk smart grid landscape. Either model, whether state or federally regulated, comes with pros and cons. I see the regulatory oversight of the smart grid as one of our biggest challenges with the least obvious solution."

Privacy invasions, energy theft and terrorist-induced power outages are a few of the concerns surrounding the new technology. Miller said, “I don’t think any of those are cataclysmic or catastrophic kinds of risks.” Manipulating widespread outages through the smart grid infrastructure would be enormously difficult to do, he added.

Most security experts surveyed, 53 percent, said the hype about invasions of privacy associated with smart meter consumer data is overblown. “I expect to the smart grid industry to struggle with several challenges around who ultimately owns customer data,” Miller wrote in the report. “There are several gray areas that impact how smart grid customer data will be used as the industry attempts to maximize revenue potential. Even seemingly innocuous customer data has significant value -- just ask Facebook or Google."

Cybersecurity compliance firm nCircle partnered with EnergySec on the survey.

Threatwatch Alert

Spear-phishing / Stolen credentials / User accounts compromised

Gmail Scam Tricks Users With Convincing Login Page

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

    Download
  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

    Download
  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

    Download
  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

    Download
  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.

    Download

When you download a report, your information may be shared with the underwriters of that document.