When doors open to the benefits of innovative IT solutions, they also open to evil cybercrooks.

 

For example: The utility industry’s ongoing adoption of smart grid digital technology is bringing many conservation and cost-saving benefits. Yet it is also hauling with this unprecedented cybersecurity threats.

 

Denim Group, an IT consultancy that develops secure software and helps organizations assess and mitigate risks with their existing software, is advising utility companies of significant security and privacy risks as they transition to smart grid technologies. With advanced meters and smart grid technologies being deployed, Internet attacks, malware and privacy breaches have become a bigger risk. Denim researchers warn that if the appropriate defenses are not engineered into the system from inception, security breaches will occur. Far-reaching scenarios involving power to homes being shut down were once remote but have now become feasible.

“It will be difficult to put the genie back in the bottle when smart grid technologies are deployed,” John Dickson, Principal of Denim Group point out. “Advanced meters are Internet-based network computing devices, with many of the inherent security challenges of traditional network security. There are significant security and privacy implications that we hope are being taken into consideration; protecting these systems shouldn’t be an afterthought. While the cost of prevention is low, the cost of remediation can be extraordinary. The principles we’ve learned from designing and building secure systems and software apply to these smart grid technologies as well and should be rigorously followed.”

To help utilities meet these evolving challenges and opportunities, Verizon Business has unveiled a new suite of professional consulting services. The North American Electric Reliability Corporation (NERC) has established critical infrastructure protection standards for the nation’s bulk energy system. Verizon (News - Alert) is offering compliance and readiness assessments to help utilities meet the 2010 NERC CIP requirement to be Auditably Compliant: the highest level of compliance, which is subject to spot checks and audits.

 

The new consulting services join Verizon Business’ (News - Alert) existing portfolio of managed security services and professional security services. These help utilities identify and mitigate risks to critical cyber assets, including data, applications, IT systems and networks.

 

Under Verizon’s security management program, highly trained experts examine and analyze organizations’ security practices and procedures. Using ISO 27002 controls, SMP analysts can assess security at key layers of an extended utility enterprise including employees, customers, partners and suppliers. Using this programmatic approach SMP simplifies the security process and helps businesses achieve and maintain effective such policies and practices.

 

For example, advanced automated metering infrastructure now leverage wireless communication mechanisms. With them, however, are new risks with these devices and applications in standard and machine to machine communications.

 

Verizon Business’s team can perform a Wireless Vulnerability Assessment that can help address these concerns. This program covers aspects such as validating the actual physical perimeter of wireless networks, verifying the proper use of encryption and authentication, searching for rogue access points, and reviewing access point configurations. The professionals can also review client side security by validating how wireless clients are configured and secured against connection to rogue access points or hijackings over their wireless interface.

 

“Smart grids require savvy professionals to protect these digital networks from cyber threats,” said Rilck Noel, vice president and managing director for Verizon Business’ global energy and utility practice. “As the power industry employs more Internet protocol (IP)-based controls and machine-to-machine communications to monitor and control power generation, transmission and distribution, we can apply our security, IT and IP communications expertise to help accelerate the adoption of smart grids.”