Confronting Physical and Smart Grid Insecurities
How awareness can help secure the power grid
BY JEFFREY KATZ, IBM
A central issue in cyber risk management for electric utilities is how to be aware of threat vectors. To increase awareness, utilities must first look at the origin of threats and develop risk-based thinking to mitigate them. Once threats are known and an enterprise is ready to take action on their risk plan, technology companies are then in better positions to provide assistance.
Yet, a common theme I have heard lately is that cybersecurity experts within electric utilities are very aware of threats but have trouble receiving attention throughout the organization.
The responsibility for SCADA (supervisory control and data acquisition) systems, North American Electric Reliability Corporation critical infrastructure protection plans (NERC CIP), and operational technology (OT) network security is often some combination of information technology (IT) and line of business (generation, transmission, or distribution). This shared concern is where an enterprise can consider using a risk management approach to address its security needs.