Evaluating Grid Communications Networks: Security Takes Priority Over Cost
Utilities are unanimous on the importance of improving ‘reliability’ in their grid communications networks, but the verdict is mixed when it comes to the second most important factors: grid communication security and costs.
In a new study on distribution grid reliability, Silver Spring Networks found that utilities identified costs and grid communication security as the top priority for their grid communications networks by 78% and 75%, respectively, showing how close these two factors compete with each other in securing resources.
But while utility executives may be divided on which factor matters most in building an effective grid communications network, there’s a growing consensus among industry thought leaders about the outsized impact of failing to invest in network cyber-security measures.
Indeed, the Silver Spring Networks report makes clear how crucial cyber-security defenses are for large and small utility firms alike, as they deal with a cyber threat environment that “has changed dramatically” especially as utility assets become “increasingly dispersed” across territories. The matter’s urgency takes on a new life for utilities with “older networks,” as these utilities have infrastructure that “can’t address current security demands,” the study states.
And as a sobering fact, the expense of data breaches for utility firms are not declining at the same rate as other industries, IBM found in its annual cyber breach study with The Ponemon Institute. For example, where global costs-per-data breaches fell by 10% year-over-year in 2017, the cost for utilities and energy firms decreased by a mere 2% year-over-year. Further, cost per incident stood at roughly $7.4 million in the utility and energy sector, highlighting its effect on financial results.
To fully understand the security needs of modern networks, executives can benefit by focusing on multiple components of layered grid communications networks. This calls for close examinations of networking functions such as WiFi, cellular communications, fiber optics and RF Mesh. Below is a short breakdown of the importance of maintaining strong cyber-security standards in areas that are crucial to providing efficient and trusted services.
WiFi – There’s little to dispute WiFi’s role in helping utilities transform their grid networks into intelligent, interactive communications systems. But the enormous popularity WiFi enjoys today have also helped expose it to significant cyber security weaknesses. As reported by the U.K.’s The Guardian, Belgium security expert Mathy Vanhoef found that most WiFi connections have been broken, allowing Internet communication to be exposed to cyber thieves and various ease droppers. Indeed, The Guardian’s headline ‘All networks are vulnerable to hacking’ offers a strong reminder on the liabilities utilities face when failing to make their networks compliant with modern cyber security standards.
Fiber Optics – As a majority of utility providers identify fiber optics as playing a key role in building layered communications networks (according to Silver Spring Networks), the more crucial it will be to ensure such systems are fully protected from cyber intrusions. A recent Security Affairs report documented how famous hacker Kevin Mitnick had little difficulty breaching fiber optic networks. In the case study, Mitnick managed to clamp onto a fiber optic cable by deploying the network analyzer Wireshark, demonstrating first-hand how cyber-thieves can steal encrypted information “without leaving any trace,” Security Affairs wrote. The article helps underscore the risks involved when key physical infrastructure is not in line with proper cyber security protocols.
Legacy Communications – Perhaps the toughest cyber-security incursion to prevent against concerns those involving legacy communications systems. In these situations, the existing infrastructure of grid communications security is not built to withstand the sophisticated, multi-throng attack from digital assailants. In a 2014 Forbes article, EiQ Networks co-founder Vijay Basani explains how companies often lack the economic incentive to invest in upgrading older technology, viewing it as a “sunk cost.” As a consequence, utilities can be made vulnerable to a “catastrophic” event, the Forbes article reported. And as one studies the detrimental impact cyber attacks have had on corporate reputations (with Equifax serving as a case in point), the more risky it becomes for utilities to remain committed to the antiquated cyber standards of legacy systems.
So, while the severity of the communication grid vulnerabilities will depend on each utility’s specific background, it’s becoming increasingly clear that the outcomes of faulty cyber practices can have more lasting and dire impacts than many utility executives would initially acknowledge. Indeed, a negative reputation on grid communications security may be more consequential than reliability and cost issues. As a result, failure to act in this key area could do more damage than any utility is prepared to cope with.