So for our Friday wrap-up, I poked around online to see what's been reported elsewhere in the past 30 days, as a snapshot that might underscore utility urgency in this matter.
Though I've referred to the pursuit of cyber security as "urgent," it's worth noting that due diligence has an extra layer to penetrate in this arena, as the security firms that stand to profit from providing protection are also the firms most likely to understand and publicize the vulnerabilities. I'm not casting aspersions, simply making it clear that separating fact from hype is particularly important when it comes to cyber security.
A press release on a report just issued by GlobalData, released yesterday (conveniently not on 9/11 but only days later), trumpeted the projection that "China's Cyber-Attack Fears to Spark Massive Defense Spending."
The group projected a 25-fold increase in China's cyber security spending over the coming decade, from $1.8 billion last year to about $50 billion in 2020, a compound annual growth rate of nearly 45 percent, dwarfing projections for Europe and the United States. (My guess is that the Chinese were mighty impressed with Stuxnet and Duqu, which have been attributed to, but not acknowledged by, the U.S. and Israel.)
"The Asian giant has a strained relationship with a number of nations in relation to cyber security, with the U.S. in particular often accusing Chinese hackers of attempting to breach their power systems, although this has never been confirmed by Chinese government," the release said. "Such accusations may have fostered an environment of mistrust in which the Chinese authorities expect retaliatory cyber-attacks on their own power infrastructure."
It's in this environment that the 8th annual Energy Security Summit will be held in Portland on Sept. 25. The event includes a town hall meeting by NESCO, the National Electric Sector Cybersecurity Organization, which will focus on cyber security-related legislation.
Joe Weiss' ICS-Cybersecurity Conference 2012 will be held Oct. 22-25 in Norfolk, Virginia. Weiss has been featured in several Intelligent Utility Daily articles on industrial control systems (ICS).
The end of August saw reports from India that, in the wake of the blackouts affecting 700 million people on July 30-31, cyber security for the power sector would be a priority, according to the government. "Govt Wakes Up to Cyber Threat in Power Sector" stated:
"The issue of cyber attacks has ... featured in the report of the panel set up to probe the grid collapse of July 30-31. The panel has raised concerns that cyber attacks could be perpetrated by either outsiders or insiders with far-reaching effects on power systems controls. [The report] says that such a scenario may lead to the destabilisation of the supply capabilities, which may have a cascading effect on the national security and the economy."
Finally, also in late August, in "Smart Grid Security: DHS Reports Vulnerability," Jeff St. John, writing for GreenTechGrid, reported on an ICS-CERT alert that a flaw could allow decryption of Siemens' subsidiary RuggedCom's data traffic. St. John captured the flavor of today's environment with his lead: "Another day, another cybersecurity flaw revealed in the IT systems that run the world's critical infrastructure ..." (ICS-CERT = Industrial Control System - Cyber Emergency Response Team.) St. John predicted "a flood of investment in smart grid cyber security."
Intelligent Utility Daily