Find a downloadable version of this story in pdf format at the end of the story.
CYBER SECURITY PROGRESS at the US Department of Energy (DOE), the forces that will shape US energy policy development, and the dollars and jobs at stake were the hot topics covered by three keynote speakers at the 53rd ISA POWID Symposium in Las Vegas, Nevada, in June 2010.
Henry (Hank) Kenchington, deputy assistant secretary for research and development for the DOE's Office of Electricity Delivery and Energy Reliability, announced that the department, working closely with power-generation end users and vendors, has completed the first milestones in its cyber security testing and pre-qualification plan for automated power technologies such as Smart Grid and supervisory control and data acquisition (SCADA) systems. Kenchington shared with the 160 conference attendees some lessons the DOE learned as its team developed the plan. Foremost is that public-private collaboration, critical to building effective grid operational security, must be done within a strategically planned framework. Aligning activities to a common goal not only enhances success, he said, but also helps stimulate investments in control systems security. He added that the DOE's $4.5 billion from the 2009 Recovery Act that will be used for Smart Grid will be matched by $4.5 billion in private-sector investments.
Another lesson, Kenchington said, is that even with testing and pre-qualifying systems prior to deployment, 100% security is not possible. He pointed out that the electric grid in the US consists of over 200,000 miles of high-voltage transmission lines, thousands of generation plants, millions of digital controls, and over 1,800 entities that own and operate portions of the system. These factors make securing the electric grid a formidable task. To aid the mission, he urged performance-based standards that can provide agility to address rapidly evolving technologies and threats, and that are graded security.
Kenchington leads research and development activities to enhance the reliability, security, and efficiency of the US electricity delivery system. He also directs the $3.4 billion Smart Grid Investment Grant program to upgrade the nation's power grid with advanced digital communications. In 2003, he led the development of the national SCADA Test Bed program to enhance the cyber security of control systems. The program has conducted more than 30 vulnerability assessments of SCADA systems, leading to the development of 12 next-generation, hardened systems which are now being deployed to better secure the nation's power grid against cyber attacks.
Tim Roxey, manager of Critical Infrastructure Protection for the North American Electric Reliability Corporation (NERC), spoke on the increased importance of automation in power generation. He highlighted four key themes that will drive modern energy policy in the US. They include the need for a mix of resources for energy generation, technology developments, policy measures, and the public's growing awareness of energy issues. He outlined NERC's cyber security risk preparedness assessment, as well as the company's ongoing risk assessment efforts.
Download the story in pdf format here.