via Intelligent Utility
Confusion reigns for many utilities over precisely what is required in terms of cyber security, because much current utility work focuses on the distribution system. The critical infrastructure protections promulgated by the North American Electric Reliability Corporation (aka the NERC CIP) targets generation and transmission, so confusion is not surprising.
In fact, as you’ve read here previously, compliance with regulatory mandates doesn’t necessarily make your utility more secure. (See “How to Think About Cyber Security” and “CIP: Creating a Culture of Compliance?”)
But there are steps to take and concepts to understand that will help utilities develop effective strategies for their own circumstances, according to an IDC webcast yesterday.
Drivers of cyber security investment include the aforementioned focus on the distribution system, the convergence of information technology (IT) and operations technology (OT), the move from electromechanical devices to digital controls and communications and recent developments that include the notorious Stuxnet virus, according to Marcus Torchia, research manager for intelligent grid strategies at IDC Energy Insights. (See “Stuxnet’s Lessons Learned.”)
Inhibitors to investments in this critical area, Torchia said, include confusion around the applicable regulations on the distribution system and a lack of policy coordination between the federal and state governments. Though it is not promulgating regulations, still the National Institute of Science and Technology has taken a leadership role in providing practical guidelines, the analyst added.