Default Encryption Could Bolster Energy Grid Security

Securing sensitive data and networks has long been a priority for government offices and third-party contractors, and the stakes are even higher when critical infrastructure, such as electrical grids and transportation systems, is involved. Nevertheless, a consistent stream of reports have revealed within the past year that even some of these vital assets are going without fundamental protections. To mitigate risk and ensure public safety, more engineers are starting to call for data encryption as a default practice.

Critical vulnerabilities
The cybersecurity community weathered several eye-opening events in 2012, including independent attacks and government assessments that revealed concerning deficiencies within everything from water treatment facilities to mass transit systems. At the center of the issue has been weak and inconsistent access control measures governing Supervisory Control and Data Acquisition (SCADA) systems.

According to CSO Online, white hat hackers recently alerted the U.S. Department of Homeland Security to a list of more than 7,000 vulnerable SCADA system login credentials around the country. This exploration was conducted with only a modest budget and elementary hacking resources,leading the researchers to believe their work could be confirmed and extended by much more elaborate and nefarious penetration tests in the future.

Patching the problems
In a recent guest post for Consulting-Specifying Engineer, Institute of Electrical and Electronics Engineers senior member Sam Sciacca expressed his desire to target SCADA vulnerabilities with industry standard encryption practices.

"Encryption has become standard practice in other verticals that depend on online data transfers, such as online banking and shopping," Sciacca wrote. "In fact, due to the ease with which encryption can be accomplished and the low cost of the semiconductors that enable it, encryption will become a universal expectation. So it is today with power."

When operating in an ecosystem that contains components and devices directly tied into electrical grids, leaving data in "clear text" is simply too risky in Sciacca's opinion. Through the application of basic data encryption software, the odds of willful breach or unintended mishap could be significantly reduced.

Grid operators can expect a certain level of latency in transmissions, Sciacca noted, but nothing that would outweigh the benefits of protection. There are already a variety of methods of achieving encryption within critical electrical networks, and emerging innovations are only expected to minimize noticeable performance issues.