Protecting the smart grid requires a broader strategy.
Ernie Hayden (ernie.hayden@verizon.com) is managing principal, energy security in the energy and utility practice at Verizon.
When Heather Adkins, Google’s incident response manager, told her fellow security managers last February1 that “Compliance is the death of security,” she was reflecting the lessons learned by having one of the world’s largest bullseyes painted on her company’s back—and the burden of being accountable for maintaining the integrity of systems that handle several hundred million inquiries from more than 90 million different users every day.
This reality of today’s cyber-threat environment will become more apparent to utility security managers in coming months and years as the industry builds out a smart grid that will more closely resemble the larger, more complex Google network, or an advanced telecom system, than it does traditional in-house communications and control systems.
With the stakes of success measured in the reliable delivery of essential electric power rather than serving up an email message or music video, utility managers and regulators have good reason to feel both increased pressure to perform and heightened concern about their systems’ ability to provide reliable delivery and maintain cyber security.