It’s a game of hide and seek that has reached international scope – and that baffles the best minds in every industry sector. For each firewall created, there’s a hacker who will take it as a personal challenge to circumvent the new level of security – for fun, for profit or just to be the proverbial bully.
Smart grids are no exception according to survey results just released by nCircle, a San Francisco-based information risk and security management firm, in cooperation with EnergySec, a Clackamas, Oregon-based U.S. Department of Energy funded public-private partnership.
The online poll of 104 energy security professionals was conducted between March 12 and March 31, 2012.
Sixty-one percent of respondents said, “No,” when asked, “Do smart meter installations have sufficient security controls to protect against false data injection?”
False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection.
“Smart meters vary widely in capability and many older meters were not designed to adequately protect against false data injection,” said Patrick Miller, founder and CEO of EnergySec. “It doesn’t help that some communication protocols used by the smart meter infrastructure don’t offer much protection against false data injection either.”
“Together, these facts highlight a much larger potential problem with data integrity across the smart grid infrastructure,” he concluded. “Because our nation relies on the smart grid to deliver robust and reliable power, we need to make sure that all systems that process usage data, especially those that make
autonomous, self-correcting, self-healing decisions, assure data integrity.”
What are the contributing factors and state-of-the-art responses to this problem? Findings of another research report - released two weeks ago by the Silicon Valley-based Symantec (News - Alert) Corporation, a leader in providing security management, and the Traverse City, Michigan-based Ponemon Institute, which conducts independent research on privacy, data protection and information security policy – provide the following insights:
Negligent insiders and malicious attacks are the main causes of data breach. Thirty-nine percent of organizations say negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from a malicious insider.
Certain organizational factors reduce the overall cost. If the organization has a Chief Information Security Officer (CISO) with overall responsibility for enterprise data protection, the average cost of a data breach can be reduced as much as $80 per compromised record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.
More customers remain loyal following the data breach. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, hiking data breach costs higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce these expenses.
The cost of data breach has since declined. For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have fallen. The organizational cost has also declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194.
“One of the most interesting findings of the 2011 report was the correlation between an organization having a CISO on its executive team and reduced costs of a data breach,” said Dr. Larry Ponemon, chairman and founder of the Ponemon Institute (News - Alert). “As organizations of all sizes battle an uptick in both internal and external threats, it makes sense that having the proper security leadership in place can help address these challenges.”
Companies can analyze their own risk by visiting Symantec’s Data Breach Risk Calculator.
Edited by Braden Becker