Smart Grid Security: Little Debate, Lots of Money


When I think about smart grid security I get a tired-feeling like I’m being forced to watch the Bachelor on TV. That’s because the debate is largely over around how important it is (it is very), the U.S. government and standards bodies are taking it extremely seriously, and it’s clear that many companies are looking to the IT industry for cues on the architecture.

So what’s left to talk about then?: The money. A report from Pike Research predicts that utilities will spend $21 billion on smart grid cyber security between 2010 and 2015. Pike says utilities will spend the most on protecting distribution automation systems and transmission upgrades, followed by smart meter infrastructure.

That potential surge in the new market size is enough to get computer security firms drooling. These companies were the most vocal in 2009 for how important smart grid security will be, including IOActive, a decade-old computer security firm that boasts famous security geeks like Dan Kaminsky on its staff and is advised by Steve Wozniak.

To prepare for the coming boom in the smart grid security market — which was given a jolt by the close to $4 billion in smart grid stimulus funds — the National Institute for Standards and technology has been busy crafting standards and guidelines for smart grid security. Yesterday NIST updated the draft copy — initially released back in October — of the security requirements and suggestions with comments from the industry.

With a lot of the debate over how important smart grid security is, the next conversation will be over who are the leading smart grid security vendors. Watch for defense contractors like Boeing, and Lockheed Martin to move heavily into this market.

Image courtesy of Blueberry Pony’s photostream Flickr Creative Commons.


Tark Dom

While smart grid security is important, honestly, I think companies like IOActive have really exaggerated the problem. I work in IT and many of the issues these companies keep describing are relatively easily fixed with well known and proven security measures. Moreover, I do not trust a security firm that uses exaggerated claims and fear to win business. Its pretty clear IOActive (and firms like them) want to manipulate this situation into a lot of money for themselves.


Too much needless news. I couldn’t agree more that there is need for a secure national electric system. But I don’t want to hear about it everyday. If you are in the business of supplying electricity make the system secure and robust. It is just like food, banking, investments, credit, etc. If you are in any of those businesses you make it work with the security that is needed. I don’t need to hear about it, see it or fund it.

Kurt Morrow

Lets stop and think.We could spend billions to build and billions every year to defend the undefendable not so smart grid or design and retrofit efficiency and renewable energy solar into all new building and existing buildings creating lots of new permanent middle class jobs installing and maintaining solar on every building in the country.Thats right we can’t do that, it creates jobs that can’t be outsourced we wouldn’t want to do that. Long term being 100% renewable and individually owned would give our consumers safety, security and a hell of an economic advantage.Excuse me did I offend corporate america, don’t worry GE you can get rich carrying the financing on every system in america. It’s time for our equivalent of the space race on individual home solar.


It’s likely these utilities have been infiltrated the old fashioned way through human assets bringing in embedded malware in chip sets and circuit boards which can all be command lined back at the adversaries command and control cyber headquarters in some rogue state somewhere.

Comments are closed.