Securing the Smart Grid > Chapter 6. Public and Private Companies > Summary

Table of Contents

Download Safari Books Online apps: Apple iOS | Android

Entire Site

Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Search

Table of Contents

Front Cover

Securing the Smart Grid

Table of Contents

Acknowledgments (Tony Flick)

Acknowledgments (Justin Morehouse)

About the Authors

About the Technical Editor

Introduction

Chapter 1. Smart Grid: What Is It?

Chapter 2. Threats and Impacts: Consumers

Chapter 3. Threats and Impacts: Utility Companies and Beyond

Chapter 4. Federal Effort to Secure Smart Grids

Chapter 5. State and Local Security Initiatives

Chapter 6. Public and Private Companies

Industry Plans for Self-Policing

Compliance Versus Security

How Technology Vendors Can Fill the Gaps

How Utility Companies Can Fill the Gaps

Summary

Endnotes

Chapter 7. Attacking the Utility Companies

Chapter 8. Securing the Utility Companies

Chapter 9. Third-Party Services

Chapter 10. Mobile Applications and Devices

Chapter 11. Social Networking and the Smart Grid

Chapter 12. Attacking Smart Meters

Chapter 13. Attacking Smart Devices

Chapter 14. What's Next?

Index

106 CHAPTER 6 Public and Private Companies HOW UTILITY COMPANIES CAN FILL THE GAPS When properly implemented and utilized, vendor technologies can significantly improve entities' information security posture. However, in the current economical climate, it remains to be seen if utility companies will receive the funding to appropriately secure their smart grid deployments. When technologies cannot be purchased and implemented, the responsibility for implementing secure smart grid deployments will fall solely on the abilities of the utility companies. Although the challenge is daunting, utility companies can secure their smart grid deployments through strong and comprehensive policies, procedures, and standards. Utility companies will have to go beyond regulatory mandates and build their information security programs on industry best practices, such as the ISO 27000 series. Building such a program is covered in Chapter 8, "Securing the Utility Companies." SUMMARY Adequately securing the smart grid cannot be accomplished solely by utility companies; they will need the technologies, knowledge, and tools of the private sector. Likewise, the private sector cannot solely secure the smart grid as they will need utility companies to appropriately leverage the private sector's technolo- gies, knowledge, and tools as well as implement strong policies, procedures, and standards. The current approach toward securing the smart grid relies on the broken model of self-regulation and misconception that compliance and security are synonymous. NERC's own President and Chief Executive Officer, Rick Sergel, stated in their 2008 Annual Report that, "[NERC is] in a unique position to make the self-regulatory model work," 19 suggesting that the self-regulation model has historically failed. To better secure smart grid deployments and technologies, both the regulatory bodies and utility companies must recognize their current gaps and appropriately address them. Unfortunately, as often is the case with information security, it will most likely take a significant event to change the current approach. Let us hope this is not the case. Endnotes 1. Federal Energy Regulatory Commission. NERC certified as Electric Reliability Organiza- tion; Western Region Reliability Advisory Body Accepted [document on the Internet]. www.ferc.gov/news/news-releases/2006/2006-3/07-20-06-E-5.asp; 2006 [accessed 14.01.10].

Download Safari Books Online apps: Apple iOS | Android

This Book

Search

Contents

Chapter 6. Public and Private Companies > Summary - Pg. 106