As the roll out of ‘smart’ and integrated technology becomes increasingly ubiquitous the challenges of ensuring the security of North American Critical Infrastructure increase.
The security of these systems revolves around the dynamic prioritization of the security triad of Confidentiality, Integrity, and Availability. This is a constantly changing system and depends on often the balance of operational and information technology. The information technology world tends to prioritize the traditional C-I-A system whilst the operational technology world shifts this to A-I-C. It is vital that this triad remains dynamic and adapts to each individual challenge.
For electric utilities as the security can be segmented into four layers:
– Physical protection: It is vital to protect your grid assets from intentional physical damage such as theft, vandalism and modification by miscreants. There are also non-intentional damage including natural occurrences i.e. weather, earthquakes, floods, cyclones and solar flares. These actions should be taken to reduce equipment replacement costs and to protect against someone breaking into your system and loading a cyber worm or virus that could attack your system.
– Cyber security and defense: Smart sensors and advanced communications devices are in essence computers and microprocessors and are consequently subject to cyber-attacks ranging from denial of service to reading (stealing) or changing the data in transit. These attacks are at the heart of the C-I-A prioritization.
– Privacy protection: Privacy of personal information is becoming increasingly imperative around the world and is becoming a key concern in the USA in particular California and Ohio
– Data management and storage: As the ‘smart’ concept evolves the data generated by intelligent devices will increase massively. Austin Energy, Texas, USA is one of the pioneers in the smart grid domain are seeing their data handling increase 730x by shifting from monthly to hourly readings.
Working to ensure the strength of these systems will help to enhance your overall system resilience. It is essential to maximize your overall system robustness that a clear response plan is formulated to get your assets back online with as little disruption as possible when the system fails.