Source: IDC Energy Insights
A new IDC Energy report, Business Strategy: Smart Grid Security – What’s Real and What's Hype (Document # EI229072) provides analysis of the security initiatives among North American utility companies, based on a survey of over 150 U.S. utility respondents, as well as in-depth interviews with utility personnel responsible for security at utilities, including CIOs.
As the smart grid progresses rapidly among North American utilities, so have security concerns. Senior management in the utility companies have acknowledged the need for a robust security methodology and as a result, the year 2010 and onward has seen strong commitments toward security as well as an increase in security budgets. In fact, more than 75% of the respondents surveyed deem security investments to be of the highest importance. At the same time, 38% of the respondents depict security to be one of the top IT initiatives this year.
According to the results, in 2011, utilities are spending their budgets updating the security appliances and software, especially focusing on client security (antivirus, anti spam, anti-malware) and intrusion prevention.
Although security initiatives in the smart grid ecosystems are ramping up, these efforts may not be sufficient. While large investor-owned utilities (IOUs) and public cooperative utilities are spending money and setting up best practices to streamline security, they only embody 20% of the utilities in the United States. To enable industry-wide momentum, CIOs and CISOs will need to carefully evaluate the architecture to ensure end-to-end infrastructure safety and protection, given all the unknowns in the smart grid arena. The new IDC Energy Insights report provides key recommendations on developing a security strategy to address challenges and ensure protection.
Other findings in the report include:
• More than 60% of the survey respondents plan investments in new security solutions or maintaining or upgrading their existing solutions. Planned investment in security software is particularly high: 58% of respondents stated that investment in security software will comprise 25-49% of their budget.
• A majority of utility CIOs recognize that data protection will be a key issue. Some utilities are already collecting large amounts of data via their pilot programs, and they are starting to realize that to win customers' confidence, they have to employ protection schemes.
• Many utility CIOs express concern about the lack of security standards for home area networks (HANs), which will push security vulnerabilities upstream, requiring the utility to perform ongoing vulnerability testing in multiple areas.
"There's great momentum in the industry towards ensuring security is addressed in smart grid projects; however, these efforts are led by 50% of the large utility companies," says Usman Sindhu, senior research analyst, IDC Energy Insights. "While investments are picking up, utility companies are still behind on developing a security-aware culture. CIOs and CISOs will play a key role; they should be ready to work with operations and engineering groups to ensure security and risk practices are implemented."
IDC: Utilities’ security initiatives in Smart Grid ecosystems ramping up
Source: IDC Energy Insights