Also, 72% of energy security professionals believe smart grid cybersecurity standards are not adequate, and 61% believe that smart meters do not have sufficient security controls to protect against false data injection, according to a survey of 104 security professionals conducted in March.
False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection.
"A false data injection attack is an example of technology advancing faster than security controls”, said Elizabeth Ireland, vice president of marketing for nCircle. “This is a problem that has been endemic in the evolution of security and it's a key reason for the significant cybersecurity risks we face across many facets of critical infrastructure. Installing technology without sufficient security controls presents serious risks to our power infrastructure and to every power user in the US", she added.
The survey also found that a majority of security professionals believe that privacy concerns around smart metering are overblown.
"Smart grid meter privacy is still a new area", observed Patrick Miller, CEO of EnergySec, a public-private partnership funded by the US Department of Energy to improve cybersecurity of the electrical grid.
"State regulations are inconsistent and sensitive customer details in smart grid data vary from utility to utility. I expect to the smart grid industry to struggle with several challenges around who ultimately 'owns' customer data. There are several grey areas that impact how smart grid customer data will be used as the industry attempts to maximize revenue potential. Even seemingly innocuous customer data has significant value", Miller added.