Skip to main content
close search
site logo
Deep Dive

5 ways utilities can get a better handle on cybersecurity

Published June 12, 2013
By
Content Director
Getty

Last month, Utility Dive sat in on the Deloitte Energy Conference's panel, “Energy Cyber Security—Protecting Critical Infrastructure in an Age of Increasing Threats," and brought you some highlights from a very important discussion about where utilities' cybersecurity risks are headed.

Our write-up about the panel sparked another lively round of feedback on Utility Dive's Energy & Utilities LinkedIn group, where we asked, "What do utilities need to get a handle on cyber security?"

The question prompted responses from a handful of industry experts, who brought up a few key issues that utilities will need to confront to protect themselves, as well as their customers. Take a look at what they had to say below:

1. BUILD INTERDEPARTMENTAL TRUST
"Utilities have done a reasonably good job of separating control networks from the administrative network, and placed additional defenses surrounding control networks.

"However, utility company cultures are slow to change and there are significant trust barriers between the electrical engineers on the grid-side and IT departments, which makes technology governance and standardization of operating practices difficult. Throw in Field Workers into the mix and you then have a solveable technical challenge mutate into a truly 'wicked problem' where it becomes harder and harder to figure out what the core objectives are, or who is even calling the shots. Much of this inherent wickedness needs to be tamed through strong leadership and accountability in order to address the technical, process, people, practices, tools and cultural aspects of the problem."
Situ Ramaswamy, General Manager of Technical. Services, Southern California Edison (SCE)

2. DESIGN FOR SECURITY EARLY ON, AND KEEP EVOLVING
"If you design and build security into the system from the very start (and keep testing it as things evolve and change) then you improve your ability to resist attack. It becomes progressively harder and more expensive to try and make apps secure once they are deployed. However there is also a lot of legacy stuff out there that was created before cyber attacks were out of short trousers so minimising the vulnerabilities of the older, weaker links is also essential. Numerous good tools on the market to help at both ends. And whatever the cost of the "security" effort, it is inevitably a whole lot less than the cost of rectification after the event. For one well known US retailer the cost of clean up after a breach and loss of customer data is over $1 billion and rising...the cost of prevention was probably a few hundred $k."
Ian Meharg, Client Representative, Rational Software Brand, IBM

3. DEVELOP RESPONSE PLANS
"Among the critical things utilities must do are: plan an effective defense, including policy and infrastructure; keep up to date on regulatory requirements and technological developments; create computer use policies and incident response plans; develop subject matter experts and implement best practices."
Steve PersuttiVice President, Operations Development, TRC Engineering (Read more from TRC here.)

4. GET THE RIGHT PEOPLE ON THE JOB
"As with many problems, this boils down to people. Utilities need the right people, and are competing against financial, high tech, etc. industries to acquire security experts - and generally at lower wage scales. So, utilities may not have as much of the right talent as needed to address cyber security challenges. We need to recognize this is truly a war, and that we need to share resources across companies, industries, and between private and public entities."
Rudiger Wolf, Vice President & Chief Information Officer, Puget Sound Energy

5. FOCUS ON RELIABILITY AND WIDE-SCALE IMPLEMENTATION
"They need to recognize that it's an architecture and SDLC process issue...not a technology issue. It also needs to be seen as a 'reliability' effort vs. a 'security' effort...they can sell the former (a benefit), but cringe at the latter (a cost). The DOE has done a fair job of laying the foundation for the process (CSET, ES-C2M2), but it needs to be adopted and implemented on a wide scale (pervasive) to minimize the weak links. Hopefully it doesn't require a mandate for the effort, though if history is any indicator..."
Les Cardwell, Enterprise Architect, Central Lincoln PUD (Read more from Cardwell here.)

 

Would you like to see more utility and energy news like this in your inbox on a daily basis? Subscribe to our Utility Dive email newsletter! You may also want to read Utility Dive's look at three upgrades California's grid needs after the San Onofre shutdown.

Editors' picks

Company Announcements

View all | Post a press release
General Atlantic’s BeyondNetZero Fund and TA Partner to Drive Continued Growth of Technosylva
From Technosylva
November 21, 2024
Utility Broadband Alliance 2024 Summit & Plugfest Shatters Attendance Milestone
From Utility Broadband Alliance
November 21, 2024
Technosylva and KatRisk Join Forces to Expand Wildfire Management and Catastrophe Risk Modelin…
From Technosylva
November 18, 2024
Cooling Towers Go Green: Clear Comfort Unveils New AOP Water Treatment Systems
From Clear Comfort
November 12, 2024
Editors' picks
Latest in Generation
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell