Utility Automation magazine strives to bring its readers the latest information on new technologies, new business strategies and trends relating to power delivery and customer service. By covering topics ranging from transmission and distribution infrastructure innovations to new customer service and billing technologies, Utility Automation magazine keeps its audience informed.
Utility Automation editors work with industry experts from across North America to develop interesting, informative articles. The editors are constantly looking for relevant, unbiased, objective articles and news releases for publication in Utility Automation. Often it is the readers who are the most knowledgeable on events and trends occurring in the industry. Therefore, readers are invited to submit information to Utility Automation magazine’s editors to be considered for publication. Preference will be given to submissions from utilities or utility representatives. Consultants may submit information and articles that are noncommercial in nature. Product manufacturers, service providers and other suppliers may submit noncommercial articles that provide the readers with knowledge that can be put to immediate use on the job. Utility Automation’s editors reserve the right to edit any submissions.
Many of the subjects to be covered in 2001 are listed on the editorial calendar (see table). There is also space, however, for articles dealing with pertinent topics that are not listed. Those who wish to share information with other readers, discuss an article idea or request editorial guidelines, can contact the editors at firstname.lastname@example.org or email@example.com.
EPRI Program Identifies Energy Industry Electronic Security Threats
Modern user-friendly information technology provides hackers, disgruntled employees and contractors, and cyber terrorists with easy access to the electronic systems that run the nation’s power plants and transmission grids. EPRI’s (formerly Electric Power Research Institute’s) Enterprise Infrastructure Security Initiative (EIS), launched in early 2000, has examined the threats to and vulnerabilities of the power industry’s electronic infrastructure and is working to help mitigate some of the weaknesses.
“Anyone with a computer and Internet connection can do harm because energy industry networks were designed for information exchange prior to the need to keep previously ‘open’ information confidential,” said Jim Fortune, EPRI’s EIS program manager.
While significant efforts have been made to protect Internet and e-commerce applications, the same protections were not built into many plant and transmission and distribution (T&D) computer systems. Plant distributed control systems and T&D SCADA systems, for example, must have the ability to obtain and utilize vast amounts of dynamic data on a rapid basis, be highly reliable, user configurable, and also allow for interactive operation. These objectives make the systems vulnerable to electronic intrusion.
Joe Weiss, EPRI’s EIS technical manager, said electronic security has become a bottom-line issue for power companies. “In the past, operational systems used proprietary protocols and were usually kept on local networks that were not accessible from outside,” he said. “With current productivity tools and information technology, these operational systems can have direct access to the web, and possibly even be controlled from the web.”
According to EPRI, few utility equipment, software or database suppliers have addressed electronic security, and, similarly, most security vendors have failed to consider the unique aspects of real-time systems. This means utility system vendors and security vendors must work together to develop secure, highly efficient systems, Weiss said.
In its initial year of operation, the EIS program set the stage for more detailed development of security awareness by providing a basic understanding of electronic security and the status of power industry systems with respect to security. Workshops focused on internal security policies and procedures as well as legal and insurance implications of a security breach. In addition, three security primers and a set of guidelines for T&D security procedures were prepared.
In 2001, EIS plans to help members develop more robust electronic security programs. Workshops and reports will give special attention to secure integration of corporate business systems with operations systems. “Vendor teams,” including representatives from member companies, will work with representatives of key power industry vendors to develop electronic security features and specifications for existing and new products.
The next workshop for EIS members will focus on risk assessment and vulnerability. It will take place Feb. 21-22, 2001, in Phoenix. A special workshop for non-members will take place Jan. 17-18, 2001, in Tempe, Ariz. This workshop will recap lessons learned about system vulnerabilities and review government mandates to secure the country’s critical infrastructure. Contact Joe Weiss at 650-855-2751 or firstname.lastname@example.org for more information on either workshop.
To obtain copies of the security primer, contact the EPRI Customer Assistance Center at 800-313-3774 or email@example.com. Those interested in more information about EPRI’s technology development programs can visit the EPRI Destinations Web site at www.epri.com/destinations.