Government Report Finds Smart Grid Security Inadequate

A new document from the U.S. Government Accountability Office--the auditing office of the U.S. Congress--assessing the current state of security of the rapidly deploying smart grid networks around the country finds that necessary built-in security features are often missing from the networks and the smart meters themselves.

As reported on CNET News,

Certain smart meters have not been designed with a strong security architecture and lack important security features like event logging and forensics capabilities used to detect and analyze cyberattacks, while smart-grid home area networks that manage electricity usage of appliances also lack adequate built-in security....

The report also took aim at the self-regulatory nature of the industry, saying utilities are focusing on complying with minimum regulatory requirements rather than having adequate security to prevent cyberattacks.

Additionally, the GAO report criticizes the National Institute of Standards and Technology (NIST)--the government agency charged with developing security standards for the smart grid system--for not having specific plans on how to maintain and update their cyber-security guidelines. An area of specific concern is the rising threat of combination cyber/physical attacks which, according to the report's appendix, NIST agrees need to be better explored.