Add to collection(s) Add to saved
  1. Business
  2. Management

cyber security survey

cyber security
SPONSORED BY
INTELLIGENCE BY ZPRYME | ZPRYME.COM | SMARTGRIDRESEARCH.ORG
© 2013 ZPRYME RESEARCH & CONSULTING, LLC. ALL RIGHTS RESERVED.
survey
JANUARY 2013
Table of Contents
Decision Making about Cybersecurity.................................................. 15
Real-Time Overlay for Visualization of Security Status ........................ 15
Executive Summary .................................................................................... 2
Scalable Security “Dashboard” for Monitoring Security Status ......... 16
About This Report ....................................................................................... 2
Cyber Securitity Importance to Ensure Reliability and Resilience .... 16
Methodology .............................................................................................. 2
Providers of Cyberattacks Solutions ...................................................... 17
Major Findings ............................................................................................. 2
IT-based Security – Securing the Electrical Grid .................................. 17
Cybersecurity Survey Implications and Recommendations .................. 4
Need for Cybersecurity Legislation ....................................................... 18
Market Implications .................................................................................... 4
Zpryme Outlook ........................................................................................ 19
Recommendations .................................................................................... 5
Conclusions ................................................................................................. 5
Survey Respondent Characteristics .......................................................... 7
Organization Size ........................................................................................ 7
Title Within Organization ............................................................................ 7
Industry Type................................................................................................ 8
Utility Type .................................................................................................... 8
Cybersecurity Survey Detailed Findings ................................................... 9
Priority of Automation Security Real-time systems for Utilities .............. 9
Least Secure Segment of the Electrical Grid ......................................... 9
Overall Security of Electrical Networks in the U.S. ............................... 10
Expected Cyberattacks on U.S. Utilities in 2013 ................................... 10
Concern for Potential Cyber and Network Attacks ........................... 11
Major Risks Associated with Cyberattacks ........................................... 11
Benefits of Secure Automation Technology ........................................ 12
Expected Cybersecurity Investments in 2013 ...................................... 12
Roles Standards Play in Security Automation....................................... 13
Security Automation Demand by Technology .................................... 13
Technologies Most Vulnerable to Cyberattacks ................................. 14
Annual Utility Cybersecurity Budget ...................................................... 14
1 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
Executive Summary
A hacker wearing a fake beard and dark sunglasses took
the stage at a computer security conference in Miami,
Florida this month and showed a group of about 60
security researchers how to intercept smart grid radio
communications.1
“If you can understand the way these systems speak to
one another, the potential to hack them is very real.”
-
Atlas, January 17, 2013
Building the utility of the future is expected to yield
numerous benefits such as lower power losses, cleaner
power, lower electricity bills, and a healthier environment.
In fact, Smart Grid investments to date have been largely
in technologies that can yield these benefits. However,
the consequences of not securing a digital grid
connecting billions of devices such as smart meters,
electric vehicles, sensors, intelligent electronic devices,
transformers, smart phones, and home energy monitoring
systems are just now being seriously discussed. Simply put,
Smart Grid rollouts across the globe provide more “entry
ways” for potential hackers or cyberattacks to cause
electrical disturbances.
Utilities, global utility conglomerates, niche solution
providers, government stakeholders, and security experts
across the globe are working tirelessly to develop
standards, protocols, and system architectures that
address Smart Grid cybersecurity. To assist in this effort,
Zpryme‟s Smart Grid Insights and ViaSat have set out to
address several issues around utility cybersecurity, and
identify vulnerable parts of electrical systems and
networks.
Overall, the major findings in this report show that utilities
are becoming increasingly cognizant of credible threats to
their electrical systems and networks. More importantly,
utilities are now prepared to install cybersecurity systems
that can identify, isolate, and mitigate attacks to prevent
catastrophic system disturbances.
About This Report
The purpose of this report is to assess the overall
cybersecurity threat faced by utilities, and identify the key
benefits of cybersecurity investments. Additionally, this
report identifies key budgeting considerations for
cybersecurity, and where these funds are most likely to be
spent. And finally, this report outlines system architectures
or approaches that will best provide grid security.
Methodology
Zpryme surveyed 213 Smart Grid and utility professionals in
November of 2012. Respondents were asked 21 questions.
The survey was conducted over the internet.
Major Findings

Nearly half (47%) of the respondents believed
automation security belonged in the top 10% of all
priorities for utilities.
http://bits.blogs.nytimes.com/2013/01/17/a-hacker-says-smart-grid-can-bepenetrated/
1
2 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013

The least secure of an electricity grid‟s components
were the end user segment and the distribution
system; and only 4% of the sample said that U.S.
electricity grids were very secure.

Over half (52%) believed that IT-based solutions
alone were insufficient for securing the electrical
grid.

The most important role that standards play in
implementing security automation technologies was
to ensure interoperability among components.
Seventy-seven percent of the respondents reported
that cyberattacks on U.S. utilities would increase in
2013 with power outages and damage to electricity
control systems being the major impacts.


The top-rated benefit of secure
technology was reliable service.
automation

Nearly two-thirds of the sample (65%) said
investments in cybersecurity in 2013 would increase,
with private industry software companies and
system integrators providing the best systems to
thwart cyberattacks.

This sample said the average organization amount
being budgeted for cybersecurity was $1,450,000
annually.

Almost three-fourths (73%) felt that the Cybersecurity
Act of 2012 should have been passed.
3 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
Cybersecurity Survey Implications and
Recommendations
The survey results (presented in figures 1 – 21) in this report
offer key insights about how utilities will proceed with
cybersecurity projects in the near future. In this section we
present the major implications of the data, and
recommendations that can assist in advancing
cybersecurity deployments.
Market Implications
Several implications of the survey supplement evidence
from published articles about cybersecurity.
Survey
respondents noted that security issues involve the IT sector
as well as operations technology. And there is some
evidence that security spending over the next three years
could be heaviest on equipment protection and
management.2
Although survey data reflected that the end user was less
secure than the distribution system, requiring more security
automation, other evidence suggests that the distribution
system will reap more benefits from security spending than
from an advanced metering system.3 Both, in fact, require
substantial “shoring up” to reduce cyberattack risks.
Further, Pike Research forecasts more investment in smart
grid control systems transmission upgrades, substation
automation, distribution automation than in smart
metering.4
Whitney, L. http://news.cnet.com/8301-1009_3-10447430-83.html, 2010.
www.pikeresearch.com/research/smart-grid-cyber-security, 2011.
4 Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011.
2
3
4 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Hackers, terrorists, industrial spies, criminals, and disgruntled
employees are all potential threats to the electrical grid.
There are two major pathways into the electrical grid: the
internet and wireless networks.5 The NIST- published report
in 2010 identified 137 interfaces points of data exchange
within or between smart grid systems and subsystems
where opportunity exists for security breaches.6 A fullspectrum of security measures is needed to best protect
the electrical grid. Tight security for industrial controls,
physical security such as cameras, badge access, and
perimeter security are all crucial to limit unwanted
access.7
Politics are a consideration for creating and enforcing
cybersecurity standards. Survey respondents supported
the recent Senate-rejected Cybersecurity Act of 2012.
However, some experts are concerned that the division of
responsibility between state and federal regulations
requires clarification.8
Further, evidence implies that
utilities are more concerned about regulatory compliance
than achieving effective cybersecurity.9
Political
uncertainty also impacts utilities‟ willingness to follow
guidelines until they are enforceable.10 And the lack of
enforceability creates a reluctance to invest until laws
have been enacted.
Goldman, C. FreeWave Technologies.
www.elp.com/articles/powergrid_international/print/volume-17/, 2012.
6 www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-securityguidelines, 2010.
7 www.accenture.com/us-en/Pages/insight-critical-infrastructure-protection-smart-grid/,
2012.
8 http://dailycaller.com/2012/07/25/report-utilities-focused-on-regulatory-complianceinstead-of-cybersecurity/, 2012.
9 Ibid.
10 Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011.
5
ViaSat Presents: Utility Cybersecurity Study | January 2013
The entire system, IT and operational technology, has to
become the focus for cybersecurity implementation.
When separate system components are secure, this does
not mean that the entire system is safe. A cybersecurity
architecture is needed for a system-level approach.
Recommendations
1. Utilities should strive for real-time situational
intelligence visualization of the security posture of
their operational technology (OT) systems. Attacks
on utility OT systems can easily cause millions of
dollars in damages, and reduce customer
confidence in their electricity provider. Real-time
situational awareness of OT systems gives utilities
actionable data so they can significantly mitigate
any potential threats in a timely manner.
2. Utilities should recognize that threats can originate
both inside and outside the utility‟s systems. For
example, compromised supply chains where
malware is embedded in new equipment or anyone
with access to a utility‟s system can use a simple USB
thumb drive to execute an internal attack.
3. The multiple networks (and silos) across a utility
system make both IT and OT systems vulnerable to
cyberattacks. Multiple networks often have varying
degrees of security and often do not integrate with
one common system, leaving „security gaps‟ that
hackers can easily identify. Thus, utility cybersecurity
systems should enable integration of OT and IT
networks and scale across multiple service territories
and systems.
5 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
4. Utilities should work closely together with vendors
that use standards based architecture that will
enable them to implement scalable security systems
that work in a multi-vendor environment.
5. Defense in depth is strongly advocated for
cybersecurity by implementing multiple levels of
security to achieve:




Prevention
Detection
Identification
Mitigation
Threats will continue to evolve, but a multi-layered
approach to security is a critical defensive strategy
6. As new technologies drive OT and IT network
convergence, utilities should establish a specialized
representative
or
office
where
security
accountability for all networks is priority one.
Conclusions
Electric utilities are recognized as perhaps the most
fundamental critical infrastructure sector, and thus need
to be protected from the cascading effect of both
physical events and cyberattacks. The drive towards
pervasive automation calls specific attention to the need
for integrated cyber-physical security systems that will
enable the advances in technology to truly deliver on the
promise of improved efficiency, resiliency and reliability.
ViaSat Presents: Utility Cybersecurity Study | January 2013
The Stuxnet cyberattack using a highly sophisticated
computer worm during the summer of 2010 demonstrated
that control networks (i.e., Siemens industrial softwareSCADA) are no longer secure simply because they are
isolated from the electrical network.11 The attack has led
to a critical need to upgrade electrical grid security.
The utility industry will be spending significant money on
cybersecurity (some reports as much as $21 billion by 2015
around the globe).12 Therefore, the security investments
need to be coordinated among all stakeholders to
promote effectiveness across the utility industry.
The aging infrastructure combined with unique regional
needs means each utility provider will have to examine its
own specific security needs to customize a response to
counter potential threats.
Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011.
12 Whitney, L. http://news.cnet.com/8301-1009_3-10447430-83.html, 2010.
11
6 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
Survey Respondent Characteristics
Organization Size
Title Within Organization
More respondents (45%) were located in organizations
with less than 100 employees than in any other size range.
Other organization size responses were: 101 – 500 (12%),
501 – 1000 (6%), 1001 – 5000 (14%), 5001 – 10,000 (6%), and
those with over 10,000 employees (18%).
A sample
average was 2878.
The sample was composed of: 36% professional/staff, 31%
executives, 19% management personnel, 2% operations,
and 11% “other.”
How many employees are in your organization?
(figure 1, source: Zpryme)
What is your title within your organization?
(figure 2, source: Zpryme)
Operations, 2%
Other, 11%
Over 10,000,
18%
1,001 – 5,000,
14%
Executive
(CEO, VP,
Director), 31%
Less than 100,
45%
5,001 – 10,000,
6%
Professional/
staff, 36%
Management,
19%
101 – 500, 12%
501 – 1,000, 6%
7 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
Industry Type
Utility Type
Respondents classified themselves as: a consultant
(business, technical, engineering) (25%); a vendor
(integrator, technology, electrical equipment, etc.) (32%);
a utility employee (24%); a nonprofit organization
employee (4%); a power generation organization
employee (4%); a state/federal government employee
(2%); or from other industries (9%).
The types of utilities where respondents were employed
were: investor-owned utility (41%), municipal (27%),
federal/state owned (15%), and cooperative (11%).
Another 6% said other (than one of these four types).
What industry are you currently in?
(figure 3, source: Zpryme) Nonprofit
State/federal
government,
2%
organization,
4%
At what type of utility are you employed?
(figure 4, source: Zpryme)
Other, 9%
Consultant
(business,
technical, or
engineering),
25%
Other, 6%
Federal/State
Owned, 15%
Utility, 24%
Coop, 11%
Vendor, 32%
8 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Power
generation, 4%
IOU, 41%
Muni, 27%
ViaSat Presents: Utility Cybersecurity Study | January 2013
Cybersecurity Survey Detailed Findings
Priority of Automation Security Real-time systems for
Utilities
Least Secure Segment of the Electrical Grid
The respondents believed that automation security was
important for utilities‟ real-time systems and should be
placed in the top 50% of all priorities, with 25% saying top
5%, 22% saying top 10%, 23% saying top 25%, and 29%
saying top 50% of all priorities. In fact, nearly half (47%)
said automation security belonged in the top 10% of all
priorities.
The largest group of respondents (43%) said that the end
user segment was the least secure component of the
electricity grid. The distribution system was next less secure
(38%), with the transmission system (14%) and the
generation system (5%) both lowest security risks. The end
user and distribution system appear most vulnerable to
security threats.
What priority should automation security for the realtime systems have for utilities?
(figure 5, source: Zpryme)
When considering the entire electrical grid, what
segment is least secure?
(figure 5, source: Zpryme)
50%
35%
25%
43%
45%
29%
30%
38%
40%
25%
22%
23%
35%
30%
20%
25%
15%
20%
10%
14%
15%
10%
5%
2%
0%
Top 5% of all
priorities
Top 10% of all Top 25% of all Top 50% of all
priorities
priorities
priorities
Not a priority
issue at all
9 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
5%
5%
0%
Generation
Transmission
Distribution
End users
ViaSat Presents: Utility Cybersecurity Study | January 2013
Overall Security of Electrical Networks in the U.S.
Expected Cyberattacks on U.S. Utilities in 2013
When considering electrical networks in the U.S. as a
whole, only 4% of the sample believed they were very
secure.
Forty-three percent said the networks were
somewhat secure, 39% said somewhat insecure, and 15%
said very insecure.
Respondents were asked to predict how cyberattacks on
U.S. utilities would change in 2013. While 23% believed
attacks would stay the same, 77% said they would
increase (20% would be focused on information
technology (IT) systems, 57% on both IT and operations
technology).
Overall, how secure are electrical networks in the
U.S.?
(figure 6, source: Zpryme)
How do you expect cyber attacks on U.S. utilities to
change in 2013?
(figure 6, source: Zpryme)
60%
50%
57%
43%
50%
39%
40%
40%
30%
30%
23%
20%
15%
10%
10%
4%
0%
Very secure
20%
20%
Somewhat secure
Somewhat
insecure
Very insecure
10 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
0%
0%
Increase in
Increase in
frequency, but still frequency, but
focus on the IT expand to include
systems
both OT and IT
systems
Stay the same
Decrease in
frequency
ViaSat Presents: Utility Cybersecurity Study | January 2013
Concern for Potential Cyber and Network Attacks
Major Risks Associated with Cyberattacks
Nearly two-thirds (63%) said utilities should be very
concerned about the potential for cyber and network
attacks, with 33% saying moderately concerned, and the
remainder (5%) saying slightly concerned.
The major risks associated with cyberattacks on a utility
distribution system were reported as (in descending order
of frequency): power outages (44%), damage to
electricity control systems (22%), financial losses and fines
(9%), denial of service (8%), damage to operations
equipment (7%), and safety equipment failure (5%).
Another 5% said risks (other than those in this list) would
occur.
What concern level should utilities have about the
potential for cyber and network attacks?
(figure 7, source: Zpryme)
What is the major risk that is associated with a cyber
attack on a utility’s distribution system?
(figure 8, source: Zpryme)
50%
70%
44%
63%
60%
40%
50%
30%
40%
33%
22%
30%
20%
20%
10%
10%
5%
5%
5%
Safety
equipment
failure
Other
7%
8%
9%
0%
0%
Very concerned
Moderately
concerned
Slightly concerned Not concerned at
all
11 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
0%
Damage Denial of Financial Damage
to
service losses and
to
operations
fines
electricity
equipment
control
systems
Power
outages
ViaSat Presents: Utility Cybersecurity Study | January 2013
Benefits of Secure Automation Technology
Expected Cybersecurity Investments in 2013
The sample was next asked to rate the benefits of secure
automation technology by using a scale where 1 = lowest
benefit and 6 = greatest benefit. Benefit ratings were;
reliable service (4.58), accurate network information (4.36),
positive control of safety systems (4.33), low/no fraudulent
activities (4.06), and low/no power losses (4.02).
Expectations about how utilities would change their
investments in cybersecurity in 2013 were pulsed. Sixty-five
percent of the sample said investments would increase;
34% said investments would remain stable; but only 1% said
investments would decrease.
How do you expect utilities to change their
investments for cybersecurity in 2013?
(figure 10, source: Zpryme)
Rating of the following benefits of secure automation
technology?
(figure 9, source: Zpryme)
5.00
4.33
4.50
4.02
4.00
4.36
4.58
4.06
70%
65%
60%
3.53
50%
3.50
3.00
40%
34%
2.50
30%
2.00
1.50
20%
1.00
10%
0.50
1%
0.00
Other
Low/no
Low/no
power losses fraudulent
activities
Positive
control of
safety
systems
Accurate
network
information
12 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Reliable
service
0%
Increase investment level
Keep the same
investment level
Decrease investment
level
ViaSat Presents: Utility Cybersecurity Study | January 2013
Roles Standards Play in Security Automation
Security Automation Demand by Technology
The most important role that standards play in
implementing security automation technologies was to
ensure interoperability among components for 41% of
these respondents. Another 23% reported that providing
acceptable protection levels was most important, with
17% saying to enable communications across utilities, and
16% saying to provide metrics to measure security status.
The technology that will see the strongest demand for
security automation and applications (in descending
order of frequency) was: smart meters/AMI (32%),
distribution automation (26%), upgrade of existing
transmission and distribution equipment (18%), advanced
transmission monitoring systems (15%), and substation
automation (10%).
What is the most important role that standards play in
implementing security automation technologies?
(figure 11, source: Zpryme)
Which technology will see the strongest demand for
security automation technologies and applications?
(figure 12, source: Zpryme)
Ensure interoperability among
components
41%
Provide acceptable protection levels
10%
15%
Substation automation
3%
0%
18%
Advanced transmission monitoring
systems
16%
Other
26%
Upgrade of existing transmission and
distribution equipment
17%
Provide metrics to measure security
status
32%
Distribution automation
23%
Enable communication across utilities
Smart meters/AMI
20%
30%
40%
13 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
50%
10%
0%
10%
20%
30%
40%
ViaSat Presents: Utility Cybersecurity Study | January 2013
Technologies Most Vulnerable to Cyberattacks
Annual Utility Cybersecurity Budget
The technology that is most vulnerable to cyberattacks is:
operations and information technologies equally (47%),
information technology (35%), and operations technology
(18%). Clearly, information technology has the highest risk.
Their organizations were budgeting differing amounts for
cybersecurity on an annual basis: less than $100,000 (25%),
$100,001 to $500,000 (30%), $500,001 to $1,000,000 (5%),
$1,000,001 to $2,500,000 (20%), $2,500,001 to $5,000,000
(10%), and over $5,000,000 (10%). Although around half
(55%) spent $500,000 or less, the average amount for the
entire sample was $1,450,000 annually for cybersecurity,
which is substantial.
Which technology is most vulnerable to cyber
attacks?
(figure 13, source: Zpryme)
50%
47%
How much is your organization budgeting annually for
cybersecurity?
(figure 14, source: Zpryme)
35%
45%
30%
30%
40%
35%
35%
25%
30%
25%
20%
20%
25%
20%
15%
18%
15%
10%
10%
10%
5%
5%
5%
10%
0%
0%
Operations technology Information technology
Operations and
information technologies
equally
14 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Less than
$100,000
$100,001 to $500,001 to $1,000,001 to $2,500,001 to
Over
$500,000
$1,000,000 $2,500,000 $5,000,000 $5,000,000
ViaSat Presents: Utility Cybersecurity Study | January 2013
Decision Making about Cybersecurity
Real-Time Overlay for Visualization of Security Status
The organizational level where decisions are made about
cybersecurity
was:
executive
(CEO,
VP)
(37%),
management (47%), or professional/staff (16%).
Having a real-time overlay for visualization of their
organization‟s security status was important (28% said very
important, 72% said moderately important) to these
respondents.
At what organization level are decisions made about
cybersecurity?
(figure 15, source: Zpryme)
50%
47%
How important to your organization would a real-time
overlay for visualization of security status be?
(figure 16, source: Zpryme)
80%
72%
70%
40%
37%
60%
50%
30%
40%
20%
16%
30%
28%
20%
10%
10%
0%
Executive (CEO, VP)
Management
Professional/staff
15 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
0%
Very important
Moderately
important
0%
0%
Slightly important
Not important at
all
ViaSat Presents: Utility Cybersecurity Study | January 2013
Scalable Security “Dashboard” for Monitoring Security
Status
Cyber Security Importance to Ensure Reliability and
Resilience
And having a scalable security “dashboard” to monitor
their organization‟s security status was felt to be useful for
them: 22% said very useful, 56% said moderately useful,
and 22% said slightly useful.
A strong majority (82%) said that cybersecurity was very
important to ensuring the electricity grid reliability and
resiliency. Fewer said cybersecurity was moderately (16%)
or slightly (2%) important.
How important is cybersecurity to ensuring the
electrical grid’s reliability and resiliency?
(figure 18, source: Zpryme)
How useful would a scalable security “dashboard” be
for monitoring your organization’s security status?
(figure 17, source: Zpryme)
60%
56%
90%
82%
80%
50%
70%
40%
60%
50%
30%
22%
40%
22%
20%
30%
16%
20%
10%
10%
0%
0%
Very useful
Moderately useful
Slightly useful
Not useful at all
16 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
2%
0%
Slightly important
Not important at
all
0%
Very important
Moderately
important
ViaSat Presents: Utility Cybersecurity Study | January 2013
Providers of Cyberattacks Solutions
IT-based Security Solutions – Securing the Electrical Grid
When asked who will provide the best solutions to thwart
cyberattacks on utilities, respondents said: private industry
software companies (42%), system integrators (27%), utility
companies themselves (14%), or private hardware
companies (9%). An “other” category (than these four
choices) was chosen by an additional 9% of respondents.
Two final statements were provided and respondents were
asked for their level of agreement. The first statement was:
“IT-based security solutions are sufficient for securing the
electrical grid.”
About half (48%) agreed with this
statement (7% strongly, 41% somewhat) with slightly more
(52% disagreeing (28% somewhat, 24% strongly). Slightly
more than half of the sample believed more than just IT is
involved in securing the electrical grid.
Who will provide the best solutions to thwart cyber
attacks on utilities?
(figure 19, source: Zpryme)
How much do you agree with this statement: “IT-based
security solutions are sufficient for securing the
electrical grid.”
(figure 20, source: Zpryme)
50%
Private industry software companies
42%
41%
40%
Systems integrators
27%
28%
30%
Utility companies themselves
24%
14%
20%
Other
9%
10%
Private industry hardware companies
7%
9%
0%
10%
20%
30%
17 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
40%
50%
0%
Strongly agree
Somewhat agree
Somewhat
disagree
Strongly disagree
ViaSat Presents: Utility Cybersecurity Study | January 2013
Need for Cybersecurity Legislation
The second statement was: “The recent Senate-rejected
Cybersecurity Act of 2012 was an important piece of
legislation and greatly needed by the electricity industry.”
A large majority (73%) agreed with this statement (19%
strongly, 54% somewhat), while fewer (28%) disagreed
(22% somewhat, 6% strongly). Nearly three-fourths of this
sample believed the Cybersecurity Act should have been
passed.
The recent Senate-rejected Cybersecurity Act of 2012
was an important piece of legislation and greatly
needed by the electricity industry. How much do you
agree with this statement?
(figure 21, source: Zpryme)
60%
54%
50%
40%
30%
20%
22%
19%
10%
6%
0%
Strongly agree
Somewhat agree
Somewhat
disagree
Strongly disagree
18 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
Zpryme Outlook
Utilities are becoming increasingly cognizant of the fact
that their electrical systems and networks face many
credible threats. Smart Grid rollouts across the globe
further provide more „entry ways‟ for potential threats to
cause electrical disturbances. In the short-term, utilities will
focus on preparing a plan of action to secure the most
vulnerable part of the grid. Thus, field proven systems and
technologies that can increase the security for end-users
and the distribution system will be in high demand among
utilities. The focus on Smart Grid cybersecurity will also
demand higher budget allocation to technologies that
enhance grid security.
Although many utilities will hold-off on large scale
cybersecurity investments until well defined standards are
in place, forward looking utilities will be the first to install
the best of breed cybersecurity, irrespective of costs and
standards.
The high demand for grid security products will bring
multiple key and niche players in the market. However,
niche players will face an uphill battle with utilities if they
do not have previous experience working with the
electrical sector.
Creating a „hacker-proof‟ electrical grid is going to take
five to ten years, but utilities with a long-term vision and
plan to secure their grid will be best able to mitigate the
losses associated with cyberattacks.
19 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
ViaSat Presents: Utility Cybersecurity Study | January 2013
About Zpryme Smart Grid Insights:
White Paper Credits:
Zpryme-powered Smart Grid Insights Publication, Practice and
Advisory Board help organizations understand their business
environment, engage consumers, inspire innovation, and take action.
Zpryme Smart Grid Insights represents an evolution beyond traditional
market research and consulting: combining sound fundamentals,
innovative tools and methodologies, industry experience, and
creative marketing savvy to supercharge clients‟ success. At Zpryme,
we don‟t produce tables and charts; we deliver opportunity-focused,
actionable insight that is both engaging and easy-to-digest. For more
information regarding our custom research, visit: www.zpryme.com.
Zpryme:
Managing Editor
Megan Dean
Sr. Research Analysts
Roger Alford, PhD
Paula Smith
Research Lead
Stefan Trifonov
Nivedita
Wantamutte
ViaSat (Expert Contributor):
Brett Luedde (brett.luedde@viasat.com)
Director, Critical Infrastructure Security Secure Network Systems
Zpryme Smart Grid Insights Contact:
smart.grid@zpryme.com | +1 888.ZPRYME.1 (+1 888.977.9631)
www.smartgridresearch.org (Zpryme Smart Grid Insights)
About ViaSat
ViaSat delivers fast, secure communications, Internet, and network
access to virtually any location for consumers, governments,
enterprise, and the military. The company offers fixed and mobile
satellite network services including Exede® by ViaSat, which features
ViaSat-1, the world's highest capacity satellite; service to more than
1,750 mobile platforms, including Yonder® Ku-band mobile Internet;
satellite broadband networking systems; and network-centric military
communication systems and cybersecurity products for the U.S. and
allied governments. ViaSat also offers communication system design
and a number of complementary products and technologies. Based
in Carlsbad, California, ViaSat has established a number of locations
worldwide for customer service, network operations, and technology
development. For more information about ViaSat, please
visit: www.viasat.com/critical-infrastructure-security
20 www.zpryme.com | www.smartgridresearch.org | www.viasat.com
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Disclaimer:
These materials and the information contained herein are provided by Zpryme Research & Consulting, LLC and are
intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of
such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal,
investment, consulting or other professional advice or services. The information is not intended to be relied upon as
the sole basis for any decision which may affect you or your business. Before making any decision or taking any
action that might affect your personal finances or business, you should consult a qualified professional adviser. These
materials and the information contained herein is provided as is, and Zpryme Research & Consulting, LLC makes no
express or implied representations or warranties regarding these materials and the information herein. Without limiting
the foregoing, Zpryme Research & Consulting, LLC does not warrant that the materials or information contained
herein will be error-free or will meet any particular criteria of performance or quality. Zpryme Research & Consulting,
LLC expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness
for a particular purpose, noninfringement, compatibility, security, and accuracy. Prediction of future events is
inherently subject to both known and unknown risks, uncertainties and other factors that may cause actual results to
vary materially. Your use of these and the information contained herein is at your own risk and you assume full
responsibility and risk of loss resulting from the use thereof. Zpryme Research & Consulting, LLC will not be liable for any
special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an
action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these
materials and the information contained herein.
ViaSat Presents: Utility Cybersecurity Study | January 2013
INTELLLIGENT RESEARCH FOR
AN INTELLIGENT MARKET
SONSORED BY
INTELLIGENCE BY ZPRYME | ZPRYME.COM | SMARTGRIDRESEARCH.ORG
FOR MORE INFORMATION ABOUT VIASAT, PLEASE VISIT VIASAT.COM/CRITICAL-INFRASTRUCTURE-SECURITY
Related documents
Read Key Cybersecurity`s full description of
Read Key Cybersecurity`s full description of
BroadBand Building Future Skills for National Security and Business
BroadBand Building Future Skills for National Security and Business
ARS Results
ARS Results
Improving Critical Infastructure Cybersecurity
Improving Critical Infastructure Cybersecurity
Security as a Service
Security as a Service
National Security Key Issues Deck
National Security Key Issues Deck
The Political Economy of Cybersecurity
The Political Economy of Cybersecurity
Download