A year after the discovery of Stuxnet worm, industry is still playing catch-up to the threats facing power grids, says security expert
Utilities’ initiatives to secure their infrastructure will drive increasing investment in cyber security systems, to total $14bn by 2018, according to a new report from Pike Research.
The market intelligence firm said that a year’s worth of analysis still has not unlocked the secrets of the Stuxnet worm, but it has had a profound influence upon the smart grid cyber security market.
Utilities have realised that their grids are no longer isolated or protected from attackers, said Pike Research in its report, "Smart Grid Cyber Security."
"Smart grids need intelligence or they are not smart," said senior analyst Bob Lockhart, "Adding that intelligence to grids will increase their attack surface and utilities know this.
Lockhart continued, "But the industry is still playing catch-up to the threats facing power grids: the greatest needs lie in securing control system segments including transmission upgrades, substation automation, and distribution automation. However, despite this, many cyber security vendors are still focusing on IT security functions such as smart meter security, revealing a critical gap between current security offerings and the needs of the market."
Lockhart said that several key market drivers have appeared or gained importance during the past year. European smart metering deployments that were in their early stages a year ago are into the deployment phase (even if completion dates may stretch beyond 2020), while the North American Electric Reliability Corporation (NERC) has begun issuing fines for non-compliance with its Critical Infrastructure Protection (CIP) reliability standards.
Pike Research said that utilities believe they will see greater benefits from distribution automation than from advanced metering infrastructure (AMI) and Pike Research’s forecasts indicate greater spending in that area.
However, Lockhart warns that attackers are smarter than the security systmes at place.
"Much has changed for the positive in the smart grid security market," said Lockhart.
"Unfortunately, one thing has not changed. Cyber security is still way behind the attackers. Even where strong countermeasures exist, they are not consistently deployed, and most sophisticated attackers look at smart grids from a systemic perspective while often the defenses have been installed in piecemeal fashion, without an architecture. This hands an enormous advantage to the attackers, one that the utility industry will grapple with neutralizing for years to come."