Network Security, Threat Management

RSA Conference 2012: Swapping info on the smart grid

Leaders in standards and policy say there is a lack of attention being paid the security implications of the smart grid.

Most utilities are developing smart grid technology, such as smart meters, which can be connected to appliances and enable two-way communication between homes and power companies.

But this presents challenges to owners and operators who are seemingly being left in the dark as far as threat intelligence is concerned, said a panel speaking Wednesday at the RSA Conference in San Francisco.

"We're going to see attacks on grids sponsored by nation-states at a minimum when conflicts get serious," said Stewart Baker, distinguished visiting fellow at policy research group the Center for Strategic and International Studies. "Without security there are real problems posed on smart grids…that will allow much more fine-tuned attacks."

An assault on the U.S. power grid has become a concern for the National Security Agency (NSA), yet the department provides little actionable intelligence to the private sector, according to the panel.

"If we really cared about the private sector, we would be bending over backward to see that they have everything they need," said Jason Healey, director of the Cyber Statecraft Initiative at the Atlantic Council, a security think tank. "If they have to have what the NSA has, then we should do everything we can to declassify what they have."

Some believe it may be the U.S. Department of Homeland Security that has the best chance to invoke change.

"Bringing the government together with the owners and operators would allow them to collaborate and identify what risks there are," said Kevin Gronberg, senior counsel to the U.S. House Committee on Homeland Security. "There are so many different committees on Capitol Hill that feel they have a jurisdiction on the issue. We think it's important that the DHS has the appropriate roles and responsibilities to perform the cyber security mission. We would like to clarify our roles in the team sport that is security."

Government regulation may be a long ways away, but a collaborative effort between various organizations and the private sector can be seen as an immediate solution, panel members said. Enterprises need to be educated with data, and the government is currently working on identifying and sharing important pieces of the security puzzle to tackle the issues with the industry in a holistic view.

"Government has a role, but we have to be measured and rational with our use of funding and authority," Gronberg said. "We also have to make sure that we appropriately leverage the expertise that the government brings to the table."

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.