Utilities face complex cyber challenges: Report

Phasor Measurement Units in North America as of October 2013./ Image via 2014 Smart Grid System Report

Cybersecurity remains a critical challenge for utilities, but government and industry are actively developing the tools, guidance and resources necessary to develop robust cybersecurity practices, says the Department of Energy, in a report to Congress.

The “2014 Smart Grid System Report,” a biennial report required by the Energy Independence and Security Act of 2007, was made available last week. According to the report, the “smart grid” involves the application of advanced communications and control and practices “to improve reliability, efficiency and security which are the ongoing modernization of the electricity delivery infrastructure.”

The adoption of smart grid technologies varies, however, and depends on factors including state policies, regulatory incentives, load growth and technology experience levels within utilities, the report says.

Discussing cybersecurity, the report says the modern grid is becoming “much more complex” and will need to handle advanced communications and control technologies with built-in cybersecurity protections.

Utilities have several tools and resources they can use to enhance cybersecurity.

The report cites as among the resources available to utilities the U.S. Department of Commerce's National Institute of Standards and Technology's framework for improving cybersecurity, which was released in February.

In addition, it states that to date, 104 utilities, covering 69 million customers, have downloaded the Department of Energy's “Electricity Subsector Cybersecurity Capability Maturity Model," which provides a tool for implementation of the NIST framework.

In addition, the 99 recipients of the Smart Grid Investment Grants funding under the American Recovery and Reinvestment Act of 2009 are required to ensure “reasonable protections against broad-based, systemic failures from cyber breaches,” according to the report. It said the Department of Energy has followed up with extensive guidance on plan implementation, annual site visits to the recipients and two workshops to exchange best practices. “As a result, recipient utilities are instituting organizational changes and leveraging new tools to strengthen organization-wide cybersecurity capabilities,” the report says.

In addition, advanced technologies with built-in cybersecurity functions are now being developed and deployed across the grid, the report says. It says research funded by the DOE “has led to advancements in secure, interoperable network designs, which have been incorporated into several products.”