The U.S. Department of Energy has just released Roadmap to Achieve Energy Delivery Systems Cybersecurity dated September 2011. It is an update of the 2006 report.
The Stuxnet computer worm has brought into public focus what some experts have been stating for years, that computerized devices other than computers can be hacked with devastating consequences. The Stuxnet worm attacked only computerized controllers operating centrifuges in Iran’s nuclear program. It resulted in damage to the equipment that set their development program back months if not years.
Why is the Energy Department interested in this topic? The United States is reliant on the safe delivery of energy, electricity, natural gas or oil. All of those systems are computerized and the valves, pumps and meters all rely on microchips. All may be vulnerable to a hack similar to Stuxnet.
Imagine an over-pressurized natural gas pipeline exploding. Or, the electrical grid of a major city disrupted during a heat wave. Or, for some the worst case, the loss of the data identifying who owns what parts of the energy product being pumped or transmitted, which in turn means no one can be billed for their purchases.
Recent conference demonstrations showed how electronic locks in a prison could be hacked and how a car with remote access features could be unlocked by a hacker. The vision of the Energy Department is that by 2020 “resilient energy delivery systems are designed, installed, operated, and maintained to survive a cyber incident while sustaining critical functions.”.
The report suggests five strategies to reach that goal:
- build a culture of security
- assess and monitor risk
- develop and implement new protective measures to reduce risk
- manage incidents
- sustain security improvements
The report lays out a road map for achieving energy delivery systems cybersecurity. A variety of measurable goals, milestones, are provided, for both the near and far terms. The report’s authors recognize that changing technologies, both hardware and software, mean the road map must be flexible and adaptive.
Charles Simmins brings thirty years of accounting and management experience to his coverage of the news. An upstate New Yorker, he is a free lance journalist, former volunteer firefighter and EMT, and is owned by a wife and four cats.