June 15, 2008

Assessing and addressing cyber threats to control systems

Andrew Bartels, Aegis Technologies Inc.

The arms race continues

So, if that’s the scope of the T&D cyber security problem—which has become bigger than anyone cares to acknowledge—what’s the solution?

Step one is for leaders of the nation’s power industry to learn more about the problem and the severity of its consequences. Step two is to begin taking concrete and comprehensive actions to solve it (see table). Humans are usually motivated to address a situation once they recognize that it is indeed a crisis. In this case, utilities must believe that a crippling cyber attack “can happen here” and realize that a security breach might jeopardize both their reputation for excellent service and the revenues and profits that their shareholders demand.

Are your control systems cyber safe? These are the top 10 questions that utility risk managers should be asking about the security of their IT and SCADA systems. Checking “no” for any item indicates that a more in-depth assessment of the utility’s security status is warranted. Source: Aegis Technologies Inc.

When the 9/11 attacks happened seven years ago, one of the reasons cited for not preventing the tragedies was a “failure of imagination.” When it comes to power failures, there’s nothing to imagine, because few of us haven’t had that unsettling experience. This threat is real, and the danger should be clear to the general public. The utilities that step up to the challenge will be the ones that survive and thrive in the years ahead.

—Andrew Bartels (abartels@aegistech.us) is chief technology officer of Phoenix-based Aegis Technologies Inc., a designer, builder, and installer of solutions that improve the longevity, performance, and security of legacy and new control systems.