Smart Grid  - A Hacker’s Prey?

Even an occasional shortfall of energy could cause devastating economic loss or even worse possible loss of lives, wherefore any nation ought identify energy as one of its critical infrastructure sectors and institute appropriate intervention. Since 9/11, proactive measurements in order to increase security to prevent attacks on critical infrastructure sectors have been taken both by the US and EU. In the case of the energy sector, guidelines have been modernized on how regulators, operators and owners need implement preclusive actions in order to mitigate spiteful cyber attacks afflicting the grid. The smart grid is especially vulnerable. Precautionary and security measures need be taken on EU level in order to avoid potential catastrophic outcome as a result of a malevolent cyber attack.

Malicious acts, by using the Internet in the form of cyber attacks, on critical systems are increasing. The electric utility grid has been identified as prime target by cyber felons for disruption activities and the energy industry has become the recipient of disproportional volumes of cyber interrelated intrusions that may lead to internecine outcome. Hence, cyber security has become a major concern for governments and citizens alike in regards of the energy sector infrastructure. Not only the smart grid is operated an accessible thru Internet connected systems but most critical infrastructure sectors. The gain of automated energy management such as efficiency, cost saving, appliance and convenience unfortunately invites malevolent actors to interrupt smart grids for financial reasons or for causing destruction. (Rice & AlMajali, 2014)
A central approach has been formulated by ECIP, The European Program for Critical Infrastructure Protection, which follows required guidelines from a range of governments and industry agencies in order to minimize the threat of cyber intruders. As a response to ECIP, US wholesale electricity producers recently presented a standard-based Public Key Infrastructure, PKI, enabling users of unsecure network such as the Internet to exchange data thru encryptions obtained by authorized entity. The PKI has been well received and considered to be a scalable, cost effective and flexible secure-measurement to authenticate the massive amount of digital identities involved in the electricity market. Due to substantial implementation details, however, the system may be vulnerable if the PKI technology is executed incorrectly and standardization is therefor required. (Cerrudo, 2015)

Due to the massive volumes of interconnected and exceedingly distributed machine-to-machine communication within a smart grid the advantage and gain of automated operation appear endless. However, smart grid seem be particularly vulnerable to undesirable infringement since it is not just operated buy energy producers but also by common citizen users. In the case of the smart grid, there is a two-way cyber information flow in a relatively new system that most likely enables easier intrusion by unwanted actors resulting in a potential catastrophic risk. It seem development of the actual smart grid technology does not go hand in hand with the development of a standardized system serving to protect the smart grid. As in any security planning, the level of security and correlated risk at rupture should be incorporated by IT- and security-professionals. Governments and energy authorities need therefore confer with energy market participants and IT security professionals how to incorporate EU security standards in terms of smart grid equipment, software, and operating system to step up efforts upgrading technology including of replacing weak identification passwords with stronger measures of personal- and device-authentication. Standardizing and security-criterion need come simultaneously with, not after, the development of smart grid technology in order to avoid major potential disasters and breakdowns.

References
Cerrudo, C., 2015. An Emerging US (and World) Threat: Cities Wide Open to Cyber Attacks. IOActive Security Service. Acquired 2015-11-03 from
http://www.ioactive.com/pdfs/IOActive_HackingCitiesPaper_CesarCerrudo.pdf

Rice, E. & AlMajali, A., 2014 Mitigating The Risk Of Cyber Attack On Smart Grid Systems. University of Southern California. Acquired 2015-11-04 from https://eis.hu.edu.jo/deanshipfiles/conf111681493.pdf