Cyber Week in Review: May 19-23, 2008

May 27, 2008
The Week (May 19-23) in Review I thought Dale Peterson’s weekly review was a great idea so I have decided to do my own: Two major events occurred on either side of the country the same day - Congressional hearings on cyber security of the grid and Connectivity Week (Smart Grid) in Santa Clara. The hearings were about the industry and NERC’s inadequate response to cyber security of the bulk electric grid (transmission and central station generation) while Connectivity Week was about the Smart G...
The Week (May 19-23) in Review I thought Dale Peterson’s weekly review was a great idea so I have decided to do my own: Two major events occurred on either side of the country the same day - Congressional hearings on cyber security of the grid and Connectivity Week (Smart Grid) in Santa Clara. The hearings were about the industry and NERC’s inadequate response to cyber security of the bulk electric grid (transmission and central station generation) while Connectivity Week was about the Smart Grid (opening up the distribution system). I encourage everyone to read and listen to the transcripts from the Congressional hearings (http://homeland.house.gov/Hearings/index.asp?ID=143). It is not often you hear Congress threaten to hold NERC in Contempt of Congress for lying. Other items of interest were the dichotomy between Congress (NIST is the gold standard- why isn’t it being applied) and NERC (we don’t want to do it) and to have FERC ask for emergency powers to regulate cyber because it so different than traditional reliability issues. I don’t believe this will be the last time you hear Congress question industry on the adequacy of securing the electric grid. As for Connectivity Week, it was interesting to hear the Automated Metering Infrastructure (AMI) suppliers talk about how secure they were until you started asking the tough questions they couldn’t answer. In private, they would concur they have not secured the demand side management aspect of the meter. An interesting sidelight was the lack of generation and industrial users. If the Smart Grid is really intended to integrate the entire grid including residential, commercial, and industrial users, it is not working. Discussions are on-going on how to get generation and industrial users to be a part of this effort. I had an interesting discussion was with a very influential (Public Utility Commission) PUC Commissioner. The NERC CIPs exclude distribution yet distribution often directly communicates with transmission. Consequently, distribution can be an entry point that can compromise the bulk electric grid. Since the PUCs “regulate” distribution, there are now discussions ongoing about how PUCs should be involved. This same discussion extended to how cyber security of the Smart Grid should be addressed. I also saw a copy of a recent report on how North American and international utilities were addressing cyber security. The report addressed different approaches for reducing cyber vulnerabilities in operational networks. What was missing in identifying the different approaches was explicitly identifying control systems policies and procedures. Considering that most control system cyber incidents are caused by inappropriate policies, procedures, testing, and technologies, I find the results of the report short sided. Joe Weiss

Sponsored Recommendations

Make Effortless HMI and PLC Modifications from Anywhere

The tiny EZminiWiFi is a godsend for the plant maintenance engineers who need to make a minor modification to the HMI program or, for that matter, the PLC program. It's very easy...

The Benefits of Using American-Made Automation Products

Discover the benefits of American-made automation products, including stable pricing, faster delivery, and innovative features tailored to real-world applications. With superior...

50 Years of Automation Innovation and What to Expect Next

Over the past 50 years, the automation technology landscape has changed dramatically, but many of the underlying industry needs remain unchanged. To learn more about what’s changed...

Manufacturing Marvels Highlights Why EZAutomation Is a Force to Be Reckoned With

Watch EZAutomation's recent feature on the popular FOX Network series "Manufacturing Marvels" and discover what makes them a force to be reckoned with in industrial automation...