To view this page ensure that Adobe Flash Player version 11.1.0 or greater is installed.

CYBER SECURITY THE LOWDOWN ON CYBER SECURITY STANDARDS AND WHY THESE ARE IMPORTANT By Claire Volkwyn, editor, Metering & Smart Energy International Background on cyber security Attacks are increasingly prevalent across all industries, but one industry in particular is seeing a rise in attempted breaches and hacks. The utility sector has, until recently, been relatively isolated from such attempts, but as more devices are connected to the internet, utilities are increasingly vulnerable to cyber-based attacks. The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) – a US government service for Industrial Control systems, which monitors threats and provides teams of experts to react to ICS incidents – shows in the pie chart below the percentage of attacks made against critical infrastructure in the fiscal year 2013, which spans October 2012 to September 2013. ‘I’ve only been in the utility space for just over two years. There are a lot of people in the utility space like me, because there aren’t too many people who have “grown up” in the utility sector who are cyber security experts’, Nadya Bartol, Utilities Telecom Council (UTC) VP of Industry Affairs and cyber security Strategist tells Metering and Smart Energy International. ‘The reality is that there are just not enough people with cybersecurity experience working in the utility sector.’ Utility systems are increasingly internet facing, yet many of their legacy systems weren’t built to be IT connected or secure. However, the reality is that companies Security incidents by victim and organisation. Source: Verizon Reporting cyber incidents is voluntary and therefore the figures may not reflect the true extent of the issue that are reliant on OT, are now having to rethink the way they operate in the IT space in order to make their operational systems more secure because that was the state of practice when the systems were implemented. In the Verizon Breach Report on data breaches in 2014, the company reports more than 1 367 confirmed breaches and 63 437 security incidents across 95 countries around the world. Attacks on critical infrastructure 2012/13 METERING INTERNATIONAL ISSUE – 6 | 2014 While utilities currently make up a small amount of the total breaches, the number of reported threats have also increased year on year, up from 140 in 2011, to 257 in 2013. The Internet of Things is a reality, and this means that more and more devices are being connected to the internet, and more and more communication points need to be secured, with the result that utilities need to know how to protect themselves from the ever increasing vulnerability their control systems face. As Figure 2 highlights, the NIST smart grid conceptual model recognises that secure communications are critical for the future of the smart grid. In the figure, the flow of electricity is depicted by dotted yellow lines while the required secure communications by solid blue lines. There are more blue lines in the figure which means that all of those communications need to be in place and secured to fully enable smart grid vision. 41