Blog

Today in Cleantech

Let’s take this Friday to examine the state of smart grid cybersecurity, or the lack thereof. This week saw a flurry of debate over smart grid privacy and security standards, with the general theme being confusion. I previously reported how the Federal Energy Regulatory Commission has taken utilities and smart grid companies to task for not ensuring adequate privacy protections for consumer data carried over smart meters. At the same time, the Department of Energy’s inspector general has called out FERC for allowing “inadequate and incomplete” smart grid security standards to be included in the so-called critical infrastructure protection (CIP) guidelines used by the industry policing group North American Electric Reliability Corp. (NERC). NERC is a partner with DOE in a cybersecurity initiative, by the way, along with the National Institute of Standards and Technology (NIST). Getting confused yet? Don’t hold your breath for clarification on the matter — NIST is slowly working its way through hundreds of federal smart grid standards, although it’s put security as a priority. In the meantime, a recent report of Chinese hackers penetrating Western oil and energy companies with what cybersecurity company McAfee called an “incredibly sloppy” effort underscore the real-world need for smart grid security today.