April 25, 2024

SMECO Alert to Cyber Threats

Posted by on Wednesday, March 13, 2013 · Leave a Comment 

cybersecurity

By Sheila Gibbons Hiebert
Contributing writer

cybersecurityThe wall outlet. The light switch. The DVR. The Internet connection. We take their reliability completely for granted, worried mostly about losing use of them when a big storm approaches and threatens an outage.

But there are other worries right up there with threats from Mother Nature.

Baltimore Gas & Electric’s president and CEO, Kenneth DeFontes, Jr., in testimony offered on Valentine’s Day before the House of Representatives’ Select Committee on Intelligence, warned that fast-evolving cyber threats from the nation’s adversaries can spawn tsunamis of a different sort. “They require quick action and flexibility that can come only from constant vigilance and close collaboration with government and emergency response protocols that are planned and practiced before a disaster strikes,” he said.

DeFontes was testifying in support of the Cyber Intelligence Sharing and Protection Act (CISPA), which would increase the amount and type of intelligence the government shares with the energy industry for the express purpose of anticipating and containing threats to the bulk power system. Recent reports from The Hill indicate that the bill’s prospects are good.

The Lexington Leader asked SMECO how it has modified its procedures to address security issues that didn’t exist as recently as 20 years ago.
“Physical security was the main issue 20 years ago. Then we were worried about people losing their keys to the building,” says Tom Dennison, SMECO government and public affairs manager. “Now we have a badge-plus-PIN system to enter our building in Hughesville,” which controls access and identifies those passing through the doors.

The guts of the security function have changed as well, says Dave Viar, SMECO’s Reliability, Compliance and Security Director: “There’s a whole different shift in focus on electronic security that wasn’t there 20 years ago. Then we had mainframes in buildings, connected to a terminal. Now we have computers connected to one another and to vendors and people who support the system.”

SMECO has taken steps to keep separated computer equipment that supports energy production and that which is used administratively, a standard “air gap” that electric utilities strive to maintain. That means that something as simple and convenient as a thumb drive will be encrypted, password-protected, and may not be used with certain computer networks. All of this is to seal off potential system entry points from hackers.

The SMECO work force now includes many more employees trained in protecting the integrity of data. There are also precautions about which and how many people have access to critical facilities and SMECO’s operation center from where, Mr. Dennison says, “all of our electric infrastructure can be monitored and controlled.” SMECO employees who interact directly with the coop’s customer members also work under strict privacy protocols that protect customer information, Mr. Dennison says.

Dave Viar emphasizes that security plans needs constant testing and evaluation. “You try your best to look at emerging threats. The problem is you protect for today but the guys on the other side are always trying to get in,” he says. That has led to extra scrutiny of new hires, including background checks.

It also has established a high threshold for vendors to clear, Mr. Viar adds. “Twenty years ago, you hired a contractor, they came on site, not a big issue,” he says. Today, many vendors work remotely for SMECO. Mr. Viar says today’s relationships with vendors involve background checks, confidentiality pledges, and the implementation of very strong security agreements.

The new world in which SMECO and other utilities operate requires an extraordinary amount of intra-industry cooperation. Mr. Dennison notes that SMECO is part of a 13-state electric power grid, across which “communications are ongoing and part of our normal operations for security,” he says.

Customers have been the beneficiaries of many of the technology improvements, say Mr. Dennison and Mr. Viar. Technology enables SMECO to identify outages, isolate them, and re-route power, and to manage its workforce more effectively. “From the standpoint of reliability, we know better where our trucks are, which customers are out, and what our availability is,” Mr. Viar says. Currently under way is the upgrade of the transmission line linking Calvert and St. Mary’s counties, which will insure reliable service to Calvert and southern St. Mary’s, Mr. Dennison says. Upgrades in Charles and elsewhere in St. Mary’s are planned over the next two years, he adds.

SMECO has an application before the Maryland Public Service Commission to roll out “smart meters,” which are currently being piloted in Waldorf, Pax River, Webster Field and the Solomons Rec Center. The goal of smart meters, known as advanced metering infrastructure (AMI), is to provide utility companies with real-time data about power consumption and allow customers to make informed choices about energy usage based on the price at the time of use.

The technology has generated some controversy in other communities among those concerned about privacy of data and suspicious that utilities could manipulate pricing depending on the data they collect. The Maryland Public Service Commission, which supports the AMI technology, has said ratepayers may be able to opt out of having a smart meter, but wants to have more information on costs before permitting it. About a quarter of U.S. electrical customers now have smart meters — more than 37.2 million in all, according to the U.S. Energy Information Administration.

Filed under Biz & Tech · Tagged with , ,

Leave A Comment