With all the groups and committees working on the Smart Grid’s security requirements, one might expect that there would now be a recipe for making an automation system secure. But we’re finding that building secure automation systems is more complex than we anticipated.
Most of us have some degree of familiarity with information security as it is practiced in our corporate environments. We may find it annoying at times, but we trust our Information Technologies (IT) people to protect the confidentiality and integrity of the data residing in business systems. This includes our mail servers, file servers, and financial systems. To keep them secure, our IT staff uses a variety of tools, including standards, best practices, and automated security technologies.
On the other hand, a utility that initiates a Smart Grid project generally will be deploying thousands, or even tens of thousands, of relatively inexpensive devices with limited computing capabilities. These devices are deployed for the long term, and may require an expensive truck roll to update a firmware version or to change a setting. The group managing the automation system not only is tasked with ensuring the confidentiality and integrity of data, but also system availability. The system cannot be shut down for maintenance because it’s needed to keep the lights on.