Discussions of security for smart grid industrial control systems among utilities, vendors, systems integrators, and public regulators have become more common in recent years, and utilities as a group appear to be better informed of cyber risks to their grids and substations.
However, funding for these upgrades remains spotty, according to a recent report from Navigant Research. The market for smart grid industrial control systems cybersecurity will reach $608 million in 2020, expanding at a relatively slow compound annual growth rate of 6.4 percent, the study concludes.
“Utilities’ awareness of potential threats and risks to industrial control systems is growing, but utilities mainly view security as a method of limiting costs, and advances toward meaningful regulations remain weak,” says Bob Lockhart, senior research analyst with Navigant Research. “Despite that discouraging overview, though, progress will be steady as the cost of complacency becomes more visible.”
One sign of progress is the increasing number of utility cyber security consulting engagements. However, legacy systems often lack basic information on devices’ locations and their mode of communicating with the network, making security assessments difficult. In such cases, a pre-assessment project to map the network is required. For utilities hoping to deploy one or two new products and declare victory, this can be disappointing news.