GridThe smart grid offers convenience, but it also makes cyberattacks more likely

Published 25 July 2014

Recent efforts to modernize the electric grid have increased communication between utilities and consumers, enhanced reliability, and created more opportunities for green energy producers; but it has also elevated the risk of cyberattacks. Proposed smart grids rely on technology that has created millions of new access points; and though more access points within the grid allows renewable energy generators to supply utilities, they also present opportunities for hackers to breach the system.

Recent efforts to modernize the electric grid have increased communication between utilities and consumers, enhanced reliability, and created more opportunities for green energy producers; but it has also elevated the risk of cyberattacks.

Proposed smart grids rely on technology that has created millions of new access points; and though more access points within the grid allows renewable energy generators to supply utilities, they also present opportunities for hackers to breach the system. “Technology is always a double-edged sword,” and more dependency on technology comes with an evolving risk, said Michael Assante, a board member for the Council on CyberSecurity, and lead for training on industrial control systems and supervisory control and data acquisition security for the SANS Institute.

Annabelle Lee, senior technical executive at the Electric Power Research Institute, believes that despite the enhanced risk, the implementation of smart grid technology is largely positive. Smart meters have allowed consumers to be better informed about their energy usage. Such real-time information will help make the electric grid more efficient, Lee said.

The Pittsburgh Post-Gazette reports that though the United States has yet to face a cyberattack on the grid, security company Symantecreported last month that a group of hackers known as “Energetic Bear” and “Dragonfly” had gained access to electric systems in the United States and Europe. President Barack Obama has already ordered federal authorities to assess the grid’s risk, and in 2010, the National Institute of Standards and Technology released guidelines for smart grid cybersecurity, outlining precautions utilities should take as they adopt modern electric systems.

In November 2013, the Federal Energy Regulatory Commission approved new critical infrastructure protection reliability standards that address the stability of electricity transmission. The new standards, which will take effect in 2016, require bulk electric system operators to classify all assets as high, medium, or low risk and to establish security plans for each. Current standards require those operators to only identify critical assets.

Industry advisors recommend that electric utilities regularly evaluate their security risk. A Bloomberg survey of sixty-one electric utilities indicated that firms are investing roughly $3 million annually on cybersecurity. Assante advises that those investments should be coordinated with any new technology integrated into current electric systems. Assante also notes that businesses should share more information about security breaches so other firms can avoid similar problems. “Being able to learn how incidents are occurring — what was effective, what failed — that’s an important part of any security process,” he said.