Utilities investments in cyber security for ICS to total $4.1 billion during 2011-18
Nearly overnight, ICS security went from being a non-issue to being critical. Because of that rapid change, ramp-up time has been non-existent, with no time for an industry to consider what is needed and how to develop a manageable approach to security.
At nearly the same time, the American Recovery and Reinvestment Act of 2009 created a gold rush mentality, with utilities and vendors submitting requests quickly in order to obtain some of the funding. Many of those requests simply stated a list of infrastructure components, without adequate consideration of cyber security requirements.
As a result of these two developments, the utility industry now has a large installed base of smart grid components, but little idea how to secure them. No clear or shared vision exists of what to build.
According to a report from Pike Research, such risks to the electrical grid will require utilities to make major new investments in cyber security for ICS in the coming years. The clean-tech market intelligence firm forecasts these investments will total $4.1 billion during the years between 2011 and 2018.
Senior analyst Bob Lockhart said: â€œMany SCADA systems were deployed without security in the belief that SCADA would always be isolated from the internet. But itâ€™s not, and even when it is, attacks such as Stuxnet can circumvent the isolation by using USB memory sticks to spread. And SCADA security has different objectives than IT security.
â€œThe familiar confidentiality, integrity, and availability is replaced with safety, reliability, and integrity. This is nearly impossible to accomplish with the infrastructure-only approach taken by most information security products.â€
One of Stuxnetâ€™s more noticeable effects was to cause nearly every security vendor to create an Energy Business Unit. Security vendors have taken one of three approaches to entering the smart grid market.
A few security vendors have focused on ICS security since their founding. Some of the relative newcomers to ICS security have hired long-time energy industry veterans to run their energy business. Others have simply rebranded existing products as smart grid ready and sell based upon the widespread adoption of their products in IT environments.
Have your say and discuss with your peers on the InfoGrok community.
Participate by posting your comments now.