The use of ICTs within the electrical grid means an evolution from isolated structures into open and networked environments where the subversion of power control systems has become a reality. The restructuring of the power sector and the emergence of the smart grid has largely ignored the issue of cyber security. Industrial control systems have poor methods of authentication, little encryption, and are not often capable of detecting intrusions. By failing to address cyber security, and focusing on the cost-savings and gained efficiencies of a market-oriented model, the susceptibility to cyber-attacks has grown.
ABI Research estimates the spending on cyber security solutions to secure the infrastructure will total $2.9 billion globally by the end of 2013. “Cyber-attacks that can cause serious damage to electrical grids are a reality. Operators need to view cyber security as a core, integrated requirement of their offering and not as a secondary add-on,” says Michela Menting, ABI Research’s senior analyst for cyber security. Efforts by governments and standardization bodies to tackle vulnerabilities within power control systems are raising the level of awareness. This is in turn driving a dedicated market in cyber security for critical infrastructure, targeting the security of industrial control systems, substations and advanced metering capabilities.
Manufacturers such as GE, Siemens, and Honeywell offer dedicated cyber security services to accompany their ICS product offerings. Other larger niche vendors such as Advantech, AGT International, AlertEnterprise, Maxim Integrated offer specialized SCADA security solutions and companies like 4Secure, OwlComputing Technologies, and DNV KEMA propose expert consulting services. A number of energy companies have also made significant efforts at implementing a cyber security culture within their electric grid operations, such as Alliander, Enel, and E.On Nordic.