Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, is advising utility companies of significant security and privacy risks as they transition to smart grid technologies. With advanced meters and smart grid technologies being deployed, Internet attacks, malware, and privacy breaches have become a bigger risk if the appropriate defenses are not engineered into the system from inception. Far-reaching scenarios involving power to homes being shut down were once remote but have now become feasible.
“It will be difficult to put the genie back in the bottle when smart grid technologies are deployed,” said John Dickson, principal of Denim Group. “Advanced meters are Internet-based network computing devices, with many of the inherent security challenges of traditional network security. There are significant security and privacy implications that we hope are being taken into consideration - protecting these systems shouldn’t be an afterthought. While the cost of prevention is low, the cost of remediation can be extraordinary. The principles we’ve learned from designing and building secure systems and software apply to these smart grid technologies as well and should be rigorously followed.”
“Public utility commissions have the unique opportunity to determine the security and integrity of the security metering system,” added Ravi Sandhu, executive director of The University of Texas at San Antonio’s Institute for Cyber Security. “Historically, the stand-alone, proprietary nature of the mechanical metering system provided a level of security but limited options for expanded utility and flexibility. Networking these systems requires all parties to re-think the security impact on closed networks and their ecosystems. The integrity of the system network must be maintained and the privacy of the consumers’ data must remain confidential.”
Dickson advises utility companies to consider the following key strategies when deploying smart grid technologies. Dickson has also testified at the Texas Public Utilities Commission on public grid policies.
Denim Group is currently working with several public and private initiatives to help certain utility companies address, and mitigate vulnerability issues associated with smart grid and other technologies and have performed assessments of numerous public utilities. Service providers are encouraged to implement the recommendations as earlier in the design process as possible to have a great affect on the security of the smart grid.