Later on Tuesday, the Information Trust Institute at the University of Illinois announced through a press release said that it had received a grant worth $18.8 million that would be used for a five-year research project that will determine the best way to secure the smart grid. The grant was provided by the U.S. Departments of Energy and Homeland Security.
Researchers are supposed to discover, with certainty, how the smart grid can be completely intrusion-proof. The work will be carried out at the Institute and three other learning institutions: Dartmouth, the University of California at Davis, and Washington State University in a project titled the Trustworthy Cyber Infrastructure for the Power Grid.
“It reflects a strong consensus that cybersecurity and resilience will be critical to the realization of a modernized, reliable, and efficient power grid, so that it will be able to guarantee delivery of electricity to consumers and maintain critical operations, even when malicious cyber attacks occur,” said the press release.
But why is the research being done as the technology is being implemented? Shouldn’t research into smart grid integrity be completed before the new infrastructure is built?
Could this be the headlines of the future?
“Given the degree of seriousness that the Obama administration is applying to cybersecurity and the smart grid, we could look forward to the kind of things happening here that happened to Brazil, where hackers successfully brought down the power,” said Richard Clark, chairman of the Good Harbor security consultancy, in an interview with Wired.
Ilesanmi Adesida, dean of the College of Engineering at the University of Illinois, says that existing smart grid technology can’t offer a security guarantee, adding in the press release that “we could even open the door to new risks if we carelessly put together new systems that don’t have resilience and security guarantees built in from the ground up.”
The Department of Energy says there is nothing to worry about and that the government has the security concerns under control. “Each application was examined by at least two interoperability and cybersecurity experts, and it was a central component to the selection criteria for each of the awards,” said Jen Stutsman, spokeswoman for the DOE. She didn’t elaborate on who the experts were that conducted the reviews.
Stutsman said the electrical grid will be modernized using available technology and that advances will be integrated as they are discovered. She said the government will continue to monitor the energy industry “to ensure that we are taking every step we can to secure the country’s electric grid.”
Clarke isn’t so sure that cybersecurity concerns are being addressed. “We have no way of having any confidence that there’s any cybersecurity plans since we don’t know anything about the qualifications of the experts who examined them or the criteria they’re using to judge them,” he explained. “In the absence of someone like the NSA [National Security Agency] or the cybercenter at DHS [Department of Homeland Security], there’s no reason to believe they’re taking security seriously.”
Clarke insists that grant recipients pass a security audit. He said that auditing firms have told him that they have been able to penetrate Supervisory Control and Data Acquisition (SCADA) systems at every utility company where a security audit was conducted.
Information Trust Institute
University of Illinois at Urbana-Champaign
1308 West Main St, Urbana, IL 61801-2307
http://www.iti.illinois.edu
Good Harbor Consulting, LLC
2101 Wilson Blvd., 10th Floor, Suite 1000
Arlington, VA 22201
http://www.goodharbor.net
