Are local distribution grids lagging in cybersecurity?
amy gahran | greentech media | 28 april 2016
To read the full article in Greentech Media, click here.
PA's Justin Lowe and George Gamble, cybersecurity experts, are quoted in an article in Greentech Media. The article examines the ways in which utility companies are assessing and addressing the cybersecurity risks on local distribution grids.
Commenting on this, Justin stated: “The standard addresses the most critical assets of the BES, but a lot of utilities haven’t been looking as hard at the rest of their grids, leaving key areas of the grid unprotected.”
George added: "It will take careful analysis to distinguish whether part of an information technology (IT) and operational technology (OT) system sits within the NERC footprint."
Learn how to navigate the uncertain future of the electricity sector
read our insights
George continued: “Electronic access control and monitoring systems can be deeply connected, not only within utilities, but between business and operational systems. A smaller utility might share some equipment with a larger utility through the use of a jointly owned substation, and there might be physical and logical access to each other’s sites and systems."
George concluded by stating: “This influx of funding led to many immature products hitting the marketplace. Some of these products lacked important security functionality, such as robust encryption and access control, as the rush to deploy meant there wasn’t sufficient time to design in security.”
Justin offered some final thoughts on the topic, commenting: “State utility commissions are starting to look at what’s escaping NERC CIP. Utilities should be getting ahead of the curve on distribution grids and getting their strategic plan in place. Otherwise you’ll just be constantly playing catch-up and have difficulty keeping pace with the rising security threats."