By Gowri Rajappan, smart grid specialist at Doble Engineering Co., and
Matt Lawrence, senior director of solutions at Doble Engineering Co.
Cybersecurity is a top concern for utilities and power companies – the Ukraine grid cyberattack late last year was a wake-up call to take the matter seriously. With the number of devices and connection points to the grid increasing every day, the chance for a breach is much higher than ever before, and so are the stakes.
Laptops and removable storage media such as USB thumb drives are among the weakest links in grid security, since both can bring malicious software into protected substation environments. Regulators have taken notice: the North American Electric Reliability Corporation (NERC) has developed new critical infrastructure protection (CIP) requirements for transient cyber assets and removable media that are designed to prevent these kinds of breaches.
Starting in April 2017, anyone who works on a utility or power company’s medium or high impact system, including contractors, needs to comply with the standards and use locked-down devices to prevent unauthorized access points to the network. Companies need to take steps now in order to avoid serious regulatory and financial consequences.
The new NERC CIP requirements: What they entail and the impact on the industry
The new CIP-010-2 R4 requirement for transient cyber assets and removable media affects laptops used in substations. Companies will need to transform their laptops into “locked-down” devices in order to comply with the new regulations.