Power companies to inject $4.1 billion into industrial control system cybersecurity

Cybersecurity investment is predicted to increase at a relatively steady rate over the next seven years, rising from $309 million in 2011 to $692 million per year in 2018, according to Pike’s Industrial Control Systems Security report.

Security analysts identify industrial control systems and smart meters as the two most vulnerable aspects of the smart grid system from a cybersecurity perspective. In fact, the infamous Stuxnet worm attacked the industrial control systems of Iran’s nuclear facilities, shutting down its uranium enrichment centrifuges.

Industrial control systems for the electricity grid have similar vulnerabilities, Ulf Lindqvist, program director at SRI International’s Computer Science Laboratory, told Infosecurity in a recent interview.

Lindqvist said that many types of power plants use control systems, so they could be vulnerable to a Stuxnet-like attack. “Malware is really just limited by the imagination and resources of the attacker. Once you have software that can spread through vulnerabilities in systems, you can make it do whatever you want.”

According to the Pike study, major investments in industrial control system security will include control consoles and systems, telecommunications security, human-machine interfaces, system sensors and collectors. The enhancements are anticipated to benefit areas such as distribution automation, substation automation and transmission upgrades.

The investments are expected to create new professional opportunities, such as development and maintenance of security reference architectures for utilities' control networks, development of security policies and procedures, maintenance of employee security awareness programs for industrial control systems and change management, according to Pike.

What’s Hot on Infosecurity Magazine?