January 20, 2011
Echoing concerns of security experts, a new report from the Government Accountability Office warns that smart-grid systems are being deployed without built-in security features.
Certain smart meters have not been designed with a strong security architecture and lack important security features like event logging and forensics capabilities used to detect and analyze cyberattacks, while smart-grid home area networks that manage electricity usage of appliances also lack adequate built-in security, according to the report (PDF) released last week by the GAO, the auditing and investigative arm of the U.S. Congress.
“Without securely designed smart-grid systems, utilities will be at risk of not having the capacity to detect and analyze attacks, which increases the risk that attacks will succeed and utilities will be unable to prevent them from recurring,” said the report.
The report also took aim at the self-regulatory nature of the industry, saying utilities are focusing on complying with minimum regulatory requirements rather than having adequate security to prevent cyberattacks.