cyber security survey
INTELLIGENCE BY ZPRYME | ZPRYME.COM | SMARTGRIDRESEARCH.ORG© 2013 ZPRYME RESEARCH & CONSULTING, LLC. ALL RIGHTS RESERVED.
SPONSORED BY JANUARY 2013
1 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Table of Contents
Executive Summary .................................................................................... 2
About This Report ....................................................................................... 2
Methodology .............................................................................................. 2
Major Findings ............................................................................................. 2
Cybersecurity Survey Implications and Recommendations .................. 4
Market Implications .................................................................................... 4
Recommendations .................................................................................... 5
Conclusions ................................................................................................. 5
Survey Respondent Characteristics .......................................................... 7
Organization Size ........................................................................................ 7
Title Within Organization ............................................................................ 7
Industry Type ................................................................................................ 8
Utility Type .................................................................................................... 8
Cybersecurity Survey Detailed Findings ................................................... 9
Priority of Automation Security Real-time systems for Utilities .............. 9
Least Secure Segment of the Electrical Grid ......................................... 9
Overall Security of Electrical Networks in the U.S. ............................... 10
Expected Cyberattacks on U.S. Utilities in 2013 ................................... 10
Concern for Potential Cyber and Network Attacks ........................... 11
Major Risks Associated with Cyberattacks ........................................... 11
Benefits of Secure Automation Technology ........................................ 12
Expected Cybersecurity Investments in 2013 ...................................... 12
Roles Standards Play in Security Automation....................................... 13
Security Automation Demand by Technology .................................... 13
Technologies Most Vulnerable to Cyberattacks ................................. 14
Annual Utility Cybersecurity Budget ...................................................... 14
Decision Making about Cybersecurity .................................................. 15
Real-Time Overlay for Visualization of Security Status ........................ 15
Scalable Security “Dashboard” for Monitoring Security Status ......... 16
Cyber Securitity Importance to Ensure Reliability and Resilience .... 16
Providers of Cyberattacks Solutions ...................................................... 17
IT-based Security – Securing the Electrical Grid .................................. 17
Need for Cybersecurity Legislation ....................................................... 18
Zpryme Outlook ........................................................................................ 19
2 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Executive Summary
A hacker wearing a fake beard and dark sunglasses took
the stage at a computer security conference in Miami,
Florida this month and showed a group of about 60
security researchers how to intercept smart grid radio
communications.1
“If you can understand the way these systems speak to
one another, the potential to hack them is very real.”
- Atlas, January 17, 2013
Building the utility of the future is expected to yield
numerous benefits such as lower power losses, cleaner
power, lower electricity bills, and a healthier environment.
In fact, Smart Grid investments to date have been largely
in technologies that can yield these benefits. However,
the consequences of not securing a digital grid
connecting billions of devices such as smart meters,
electric vehicles, sensors, intelligent electronic devices,
transformers, smart phones, and home energy monitoring
systems are just now being seriously discussed. Simply put,
Smart Grid rollouts across the globe provide more “entry
ways” for potential hackers or cyberattacks to cause
electrical disturbances.
Utilities, global utility conglomerates, niche solution
providers, government stakeholders, and security experts
across the globe are working tirelessly to develop
standards, protocols, and system architectures that
address Smart Grid cybersecurity. To assist in this effort,
1 http://bits.blogs.nytimes.com/2013/01/17/a-hacker-says-smart-grid-can-be-
penetrated/
Zpryme‟s Smart Grid Insights and ViaSat have set out to
address several issues around utility cybersecurity, and
identify vulnerable parts of electrical systems and
networks.
Overall, the major findings in this report show that utilities
are becoming increasingly cognizant of credible threats to
their electrical systems and networks. More importantly,
utilities are now prepared to install cybersecurity systems
that can identify, isolate, and mitigate attacks to prevent
catastrophic system disturbances.
About This Report
The purpose of this report is to assess the overall
cybersecurity threat faced by utilities, and identify the key
benefits of cybersecurity investments. Additionally, this
report identifies key budgeting considerations for
cybersecurity, and where these funds are most likely to be
spent. And finally, this report outlines system architectures
or approaches that will best provide grid security. Methodology
Zpryme surveyed 213 Smart Grid and utility professionals in
November of 2012. Respondents were asked 21 questions.
The survey was conducted over the internet.
Major Findings
Nearly half (47%) of the respondents believed
automation security belonged in the top 10% of all
priorities for utilities.
3 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
The least secure of an electricity grid‟s components
were the end user segment and the distribution
system; and only 4% of the sample said that U.S.
electricity grids were very secure.
Over half (52%) believed that IT-based solutions
alone were insufficient for securing the electrical
grid.
The most important role that standards play in
implementing security automation technologies was
to ensure interoperability among components.
Seventy-seven percent of the respondents reported
that cyberattacks on U.S. utilities would increase in
2013 with power outages and damage to electricity
control systems being the major impacts.
The top-rated benefit of secure automation
technology was reliable service.
Nearly two-thirds of the sample (65%) said
investments in cybersecurity in 2013 would increase,
with private industry software companies and
system integrators providing the best systems to
thwart cyberattacks.
This sample said the average organization amount
being budgeted for cybersecurity was $1,450,000
annually.
Almost three-fourths (73%) felt that the Cybersecurity
Act of 2012 should have been passed.
4 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Cybersecurity Survey Implications and
Recommendations
The survey results (presented in figures 1 – 21) in this report
offer key insights about how utilities will proceed with
cybersecurity projects in the near future. In this section we
present the major implications of the data, and
recommendations that can assist in advancing
cybersecurity deployments.
Market Implications
Several implications of the survey supplement evidence
from published articles about cybersecurity. Survey
respondents noted that security issues involve the IT sector
as well as operations technology. And there is some
evidence that security spending over the next three years
could be heaviest on equipment protection and
management.2
Although survey data reflected that the end user was less
secure than the distribution system, requiring more security
automation, other evidence suggests that the distribution
system will reap more benefits from security spending than
from an advanced metering system.3 Both, in fact, require
substantial “shoring up” to reduce cyberattack risks.
Further, Pike Research forecasts more investment in smart
grid control systems transmission upgrades, substation
automation, distribution automation than in smart
metering.4
2 Whitney, L. http://news.cnet.com/8301-1009_3-10447430-83.html, 2010. 3 www.pikeresearch.com/research/smart-grid-cyber-security, 2011. 4 Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011.
Hackers, terrorists, industrial spies, criminals, and disgruntled
employees are all potential threats to the electrical grid.
There are two major pathways into the electrical grid: the
internet and wireless networks.5 The NIST- published report
in 2010 identified 137 interfaces points of data exchange
within or between smart grid systems and subsystems
where opportunity exists for security breaches.6 A full-
spectrum of security measures is needed to best protect
the electrical grid. Tight security for industrial controls,
physical security such as cameras, badge access, and
perimeter security are all crucial to limit unwanted
access.7
Politics are a consideration for creating and enforcing
cybersecurity standards. Survey respondents supported
the recent Senate-rejected Cybersecurity Act of 2012.
However, some experts are concerned that the division of
responsibility between state and federal regulations
requires clarification.8 Further, evidence implies that
utilities are more concerned about regulatory compliance
than achieving effective cybersecurity.9 Political
uncertainty also impacts utilities‟ willingness to follow
guidelines until they are enforceable.10 And the lack of
enforceability creates a reluctance to invest until laws
have been enacted.
5 Goldman, C. FreeWave Technologies.
www.elp.com/articles/powergrid_international/print/volume-17/, 2012. 6 www.nist.gov/public_affairs/releases/nist-finalizes-initial-set-of-smart-grid-cyber-security-
guidelines, 2010. 7 www.accenture.com/us-en/Pages/insight-critical-infrastructure-protection-smart-grid/,
2012. 8 http://dailycaller.com/2012/07/25/report-utilities-focused-on-regulatory-compliance-
instead-of-cybersecurity/, 2012. 9 Ibid. 10 Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011.
5 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
The entire system, IT and operational technology, has to
become the focus for cybersecurity implementation.
When separate system components are secure, this does
not mean that the entire system is safe. A cybersecurity
architecture is needed for a system-level approach.
Recommendations
1. Utilities should strive for real-time situational
intelligence visualization of the security posture of
their operational technology (OT) systems. Attacks
on utility OT systems can easily cause millions of
dollars in damages, and reduce customer
confidence in their electricity provider. Real-time
situational awareness of OT systems gives utilities
actionable data so they can significantly mitigate
any potential threats in a timely manner.
2. Utilities should recognize that threats can originate
both inside and outside the utility‟s systems. For
example, compromised supply chains where
malware is embedded in new equipment or anyone
with access to a utility‟s system can use a simple USB
thumb drive to execute an internal attack.
3. The multiple networks (and silos) across a utility
system make both IT and OT systems vulnerable to
cyberattacks. Multiple networks often have varying
degrees of security and often do not integrate with
one common system, leaving „security gaps‟ that
hackers can easily identify. Thus, utility cybersecurity
systems should enable integration of OT and IT
networks and scale across multiple service territories
and systems.
4. Utilities should work closely together with vendors
that use standards based architecture that will
enable them to implement scalable security systems
that work in a multi-vendor environment.
5. Defense in depth is strongly advocated for
cybersecurity by implementing multiple levels of
security to achieve:
Prevention
Detection
Identification
Mitigation
Threats will continue to evolve, but a multi-layered
approach to security is a critical defensive strategy
6. As new technologies drive OT and IT network
convergence, utilities should establish a specialized
representative or office where security
accountability for all networks is priority one.
Conclusions
Electric utilities are recognized as perhaps the most
fundamental critical infrastructure sector, and thus need
to be protected from the cascading effect of both
physical events and cyberattacks. The drive towards
pervasive automation calls specific attention to the need
for integrated cyber-physical security systems that will
enable the advances in technology to truly deliver on the
promise of improved efficiency, resiliency and reliability.
6 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
The Stuxnet cyberattack using a highly sophisticated
computer worm during the summer of 2010 demonstrated
that control networks (i.e., Siemens industrial software-
SCADA) are no longer secure simply because they are
isolated from the electrical network.11 The attack has led
to a critical need to upgrade electrical grid security.
The utility industry will be spending significant money on
cybersecurity (some reports as much as $21 billion by 2015
around the globe).12 Therefore, the security investments
need to be coordinated among all stakeholders to
promote effectiveness across the utility industry.
The aging infrastructure combined with unique regional
needs means each utility provider will have to examine its
own specific security needs to customize a response to
counter potential threats.
11 Lockhart, B. and Gohn, B. Utility Cybersecurity: Seven Key Smart Grid Security Trends to
Watch in 2012 and Beyond. Pike Research. 2011. 12 Whitney, L. http://news.cnet.com/8301-1009_3-10447430-83.html, 2010.
7 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Survey Respondent Characteristics
Organization Size
More respondents (45%) were located in organizations
with less than 100 employees than in any other size range.
Other organization size responses were: 101 – 500 (12%),
501 – 1000 (6%), 1001 – 5000 (14%), 5001 – 10,000 (6%), and
those with over 10,000 employees (18%). A sample
average was 2878.
Title Within Organization
The sample was composed of: 36% professional/staff, 31%
executives, 19% management personnel, 2% operations,
and 11% “other.”
Less than 100,
45%
101 – 500, 12%
501 – 1,000, 6%
1,001 – 5,000,
14%
5,001 – 10,000,
6%
Over 10,000,
18%
How many employees are in your organization?
(figure 1, source: Zpryme)
Executive
(CEO, VP,
Director), 31%
Management,
19%
Professional/
staff, 36%
Operations, 2% Other, 11%
What is your title within your organization?
(figure 2, source: Zpryme)
8 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Industry Type
Respondents classified themselves as: a consultant
(business, technical, engineering) (25%); a vendor
(integrator, technology, electrical equipment, etc.) (32%);
a utility employee (24%); a nonprofit organization
employee (4%); a power generation organization
employee (4%); a state/federal government employee
(2%); or from other industries (9%).
Utility Type
The types of utilities where respondents were employed
were: investor-owned utility (41%), municipal (27%),
federal/state owned (15%), and cooperative (11%).
Another 6% said other (than one of these four types).
Nonprofit
organization,
4%
Utility, 24%
Power
generation, 4% Vendor, 32%
Consultant
(business,
technical, or
engineering),
25%
State/federal
government,
2% Other, 9%
What industry are you currently in?
(figure 3, source: Zpryme)
IOU, 41%
Muni, 27%
Coop, 11%
Federal/State
Owned, 15%
Other, 6%
At what type of utility are you employed?
(figure 4, source: Zpryme)
9 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Cybersecurity Survey Detailed Findings
Priority of Automation Security Real-time systems for
Utilities
The respondents believed that automation security was
important for utilities‟ real-time systems and should be
placed in the top 50% of all priorities, with 25% saying top
5%, 22% saying top 10%, 23% saying top 25%, and 29%
saying top 50% of all priorities. In fact, nearly half (47%)
said automation security belonged in the top 10% of all
priorities.
Least Secure Segment of the Electrical Grid
The largest group of respondents (43%) said that the end
user segment was the least secure component of the
electricity grid. The distribution system was next less secure
(38%), with the transmission system (14%) and the
generation system (5%) both lowest security risks. The end
user and distribution system appear most vulnerable to
security threats.
25%
22% 23%
29%
2%
0%
5%
10%
15%
20%
25%
30%
35%
Top 5% of all
priorities
Top 10% of all
priorities
Top 25% of all
priorities
Top 50% of all
priorities
Not a priority
issue at all
What priority should automation security for the real-
time systems have for utilities?
(figure 5, source: Zpryme)
5%
14%
38%
43%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Generation Transmission Distribution End users
When considering the entire electrical grid, what
segment is least secure?
(figure 5, source: Zpryme)
10 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Overall Security of Electrical Networks in the U.S.
When considering electrical networks in the U.S. as a
whole, only 4% of the sample believed they were very
secure. Forty-three percent said the networks were
somewhat secure, 39% said somewhat insecure, and 15%
said very insecure.
Expected Cyberattacks on U.S. Utilities in 2013
Respondents were asked to predict how cyberattacks on
U.S. utilities would change in 2013. While 23% believed
attacks would stay the same, 77% said they would
increase (20% would be focused on information
technology (IT) systems, 57% on both IT and operations
technology).
4%
43%
39%
15%
0%
10%
20%
30%
40%
50%
Very secure Somewhat secure Somewhat
insecure
Very insecure
Overall, how secure are electrical networks in the
U.S.?
(figure 6, source: Zpryme)
20%
57%
23%
0% 0%
10%
20%
30%
40%
50%
60%
Increase in
frequency, but still
focus on the IT
systems
Increase in
frequency, but
expand to include
both OT and IT
systems
Stay the same Decrease in
frequency
How do you expect cyber attacks on U.S. utilities to
change in 2013?
(figure 6, source: Zpryme)
11 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Concern for Potential Cyber and Network Attacks
Nearly two-thirds (63%) said utilities should be very
concerned about the potential for cyber and network
attacks, with 33% saying moderately concerned, and the
remainder (5%) saying slightly concerned.
Major Risks Associated with Cyberattacks
The major risks associated with cyberattacks on a utility
distribution system were reported as (in descending order
of frequency): power outages (44%), damage to
electricity control systems (22%), financial losses and fines
(9%), denial of service (8%), damage to operations
equipment (7%), and safety equipment failure (5%).
Another 5% said risks (other than those in this list) would
occur.
63%
33%
5%
0% 0%
10%
20%
30%
40%
50%
60%
70%
Very concerned Moderately
concerned
Slightly concerned Not concerned at
all
What concern level should utilities have about the
potential for cyber and network attacks?
(figure 7, source: Zpryme)
5% 5% 7%
8% 9%
22%
44%
0%
10%
20%
30%
40%
50%
Safety
equipment
failure
Other Damage
to
operations
equipment
Denial of
service
Financial
losses and
fines
Damage
to
electricity
control
systems
Power
outages
What is the major risk that is associated with a cyber
attack on a utility’s distribution system?
(figure 8, source: Zpryme)
12 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Benefits of Secure Automation Technology
The sample was next asked to rate the benefits of secure
automation technology by using a scale where 1 = lowest
benefit and 6 = greatest benefit. Benefit ratings were;
reliable service (4.58), accurate network information (4.36),
positive control of safety systems (4.33), low/no fraudulent
activities (4.06), and low/no power losses (4.02).
Expected Cybersecurity Investments in 2013
Expectations about how utilities would change their
investments in cybersecurity in 2013 were pulsed. Sixty-five
percent of the sample said investments would increase;
34% said investments would remain stable; but only 1% said
investments would decrease.
3.53
4.02 4.06
4.33 4.36 4.58
0.00
0.50
1.00
1.50
2.00
2.50
3.00
3.50
4.00
4.50
5.00
Other Low/no
power losses
Low/no
fraudulent
activities
Positive
control of
safety
systems
Accurate
network
information
Reliable
service
Rating of the following benefits of secure automation
technology?
(figure 9, source: Zpryme)
65%
34%
1%
0%
10%
20%
30%
40%
50%
60%
70%
Increase investment level Keep the same
investment level
Decrease investment
level
How do you expect utilities to change their
investments for cybersecurity in 2013?
(figure 10, source: Zpryme)
13 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Roles Standards Play in Security Automation
The most important role that standards play in
implementing security automation technologies was to
ensure interoperability among components for 41% of
these respondents. Another 23% reported that providing
acceptable protection levels was most important, with
17% saying to enable communications across utilities, and
16% saying to provide metrics to measure security status.
Security Automation Demand by Technology
The technology that will see the strongest demand for
security automation and applications (in descending
order of frequency) was: smart meters/AMI (32%),
distribution automation (26%), upgrade of existing
transmission and distribution equipment (18%), advanced
transmission monitoring systems (15%), and substation
automation (10%).
3%
16%
17%
23%
41%
0% 10% 20% 30% 40% 50%
Other
Provide metrics to measure security
status
Enable communication across utilities
Provide acceptable protection levels
Ensure interoperability among
components
What is the most important role that standards play in
implementing security automation technologies?
(figure 11, source: Zpryme)
10%
15%
18%
26%
32%
0% 10% 20% 30% 40%
Substation automation
Advanced transmission monitoring
systems
Upgrade of existing transmission and
distribution equipment
Distribution automation
Smart meters/AMI
Which technology will see the strongest demand for
security automation technologies and applications?
(figure 12, source: Zpryme)
14 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Technologies Most Vulnerable to Cyberattacks
The technology that is most vulnerable to cyberattacks is:
operations and information technologies equally (47%),
information technology (35%), and operations technology
(18%). Clearly, information technology has the highest risk.
Annual Utility Cybersecurity Budget
Their organizations were budgeting differing amounts for
cybersecurity on an annual basis: less than $100,000 (25%),
$100,001 to $500,000 (30%), $500,001 to $1,000,000 (5%),
$1,000,001 to $2,500,000 (20%), $2,500,001 to $5,000,000
(10%), and over $5,000,000 (10%). Although around half
(55%) spent $500,000 or less, the average amount for the
entire sample was $1,450,000 annually for cybersecurity,
which is substantial.
18%
35%
47%
0%
5%
10%
15%
20%
25%
30%
35%
40%
45%
50%
Operations technology Information technology Operations and
information technologies
equally
Which technology is most vulnerable to cyber
attacks?
(figure 13, source: Zpryme)
25%
30%
5%
20%
10% 10%
0%
5%
10%
15%
20%
25%
30%
35%
Less than
$100,000
$100,001 to
$500,000
$500,001 to
$1,000,000
$1,000,001 to
$2,500,000
$2,500,001 to
$5,000,000
Over
$5,000,000
How much is your organization budgeting annually for
cybersecurity?
(figure 14, source: Zpryme)
15 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Decision Making about Cybersecurity
The organizational level where decisions are made about
cybersecurity was: executive (CEO, VP) (37%),
management (47%), or professional/staff (16%).
Real-Time Overlay for Visualization of Security Status
Having a real-time overlay for visualization of their
organization‟s security status was important (28% said very
important, 72% said moderately important) to these
respondents.
37%
47%
16%
0%
10%
20%
30%
40%
50%
Executive (CEO, VP) Management Professional/staff
At what organization level are decisions made about
cybersecurity?
(figure 15, source: Zpryme)
28%
72%
0% 0% 0%
10%
20%
30%
40%
50%
60%
70%
80%
Very important Moderately
important
Slightly important Not important at
all
How important to your organization would a real-time
overlay for visualization of security status be?
(figure 16, source: Zpryme)
16 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Scalable Security “Dashboard” for Monitoring Security
Status
And having a scalable security “dashboard” to monitor
their organization‟s security status was felt to be useful for
them: 22% said very useful, 56% said moderately useful,
and 22% said slightly useful.
Cyber Security Importance to Ensure Reliability and
Resilience
A strong majority (82%) said that cybersecurity was very
important to ensuring the electricity grid reliability and
resiliency. Fewer said cybersecurity was moderately (16%)
or slightly (2%) important.
22%
56%
22%
0% 0%
10%
20%
30%
40%
50%
60%
Very useful Moderately useful Slightly useful Not useful at all
How useful would a scalable security “dashboard” be
for monitoring your organization’s security status?
(figure 17, source: Zpryme)
82%
16%
2% 0%
0%
10%
20%
30%
40%
50%
60%
70%
80%
90%
Very important Moderately
important
Slightly important Not important at
all
How important is cybersecurity to ensuring the
electrical grid’s reliability and resiliency?
(figure 18, source: Zpryme)
17 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Providers of Cyberattacks Solutions
When asked who will provide the best solutions to thwart
cyberattacks on utilities, respondents said: private industry
software companies (42%), system integrators (27%), utility
companies themselves (14%), or private hardware
companies (9%). An “other” category (than these four
choices) was chosen by an additional 9% of respondents.
IT-based Security Solutions – Securing the Electrical Grid
Two final statements were provided and respondents were
asked for their level of agreement. The first statement was:
“IT-based security solutions are sufficient for securing the
electrical grid.” About half (48%) agreed with this
statement (7% strongly, 41% somewhat) with slightly more
(52% disagreeing (28% somewhat, 24% strongly). Slightly
more than half of the sample believed more than just IT is
involved in securing the electrical grid.
9%
9%
14%
27%
42%
0% 10% 20% 30% 40% 50%
Private industry hardware companies
Other
Utility companies themselves
Systems integrators
Private industry software companies
Who will provide the best solutions to thwart cyber
attacks on utilities?
(figure 19, source: Zpryme)
7%
41%
28%
24%
0%
10%
20%
30%
40%
50%
Strongly agree Somewhat agree Somewhat
disagree
Strongly disagree
How much do you agree with this statement: “IT-based
security solutions are sufficient for securing the
electrical grid.”
(figure 20, source: Zpryme)
18 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Need for Cybersecurity Legislation
The second statement was: “The recent Senate-rejected
Cybersecurity Act of 2012 was an important piece of
legislation and greatly needed by the electricity industry.”
A large majority (73%) agreed with this statement (19%
strongly, 54% somewhat), while fewer (28%) disagreed
(22% somewhat, 6% strongly). Nearly three-fourths of this
sample believed the Cybersecurity Act should have been
passed.
19%
54%
22%
6%
0%
10%
20%
30%
40%
50%
60%
Strongly agree Somewhat agree Somewhat
disagree
Strongly disagree
The recent Senate-rejected Cybersecurity Act of 2012
was an important piece of legislation and greatly
needed by the electricity industry. How much do you
agree with this statement?
(figure 21, source: Zpryme)
19 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
Zpryme Outlook
Utilities are becoming increasingly cognizant of the fact
that their electrical systems and networks face many
credible threats. Smart Grid rollouts across the globe
further provide more „entry ways‟ for potential threats to
cause electrical disturbances. In the short-term, utilities will
focus on preparing a plan of action to secure the most
vulnerable part of the grid. Thus, field proven systems and
technologies that can increase the security for end-users
and the distribution system will be in high demand among
utilities. The focus on Smart Grid cybersecurity will also
demand higher budget allocation to technologies that
enhance grid security.
Although many utilities will hold-off on large scale
cybersecurity investments until well defined standards are
in place, forward looking utilities will be the first to install
the best of breed cybersecurity, irrespective of costs and
standards.
The high demand for grid security products will bring
multiple key and niche players in the market. However,
niche players will face an uphill battle with utilities if they
do not have previous experience working with the
electrical sector.
Creating a „hacker-proof‟ electrical grid is going to take
five to ten years, but utilities with a long-term vision and
plan to secure their grid will be best able to mitigate the
losses associated with cyberattacks.
20 www.zpryme.com | www.smartgridresearch.org | www.viasat.com ViaSat Presents: Utility Cybersecurity Study | January 2013
Copyright © 2013 Zpryme Research & Consulting, LLC All rights reserved.
About Zpryme Smart Grid Insights:
Zpryme-powered Smart Grid Insights Publication, Practice and
Advisory Board help organizations understand their business
environment, engage consumers, inspire innovation, and take action.
Zpryme Smart Grid Insights represents an evolution beyond traditional
market research and consulting: combining sound fundamentals,
innovative tools and methodologies, industry experience, and
creative marketing savvy to supercharge clients‟ success. At Zpryme,
we don‟t produce tables and charts; we deliver opportunity-focused,
actionable insight that is both engaging and easy-to-digest. For more
information regarding our custom research, visit: www.zpryme.com.
Zpryme Smart Grid Insights Contact:
[email protected] | +1 888.ZPRYME.1 (+1 888.977.9631)
www.smartgridresearch.org (Zpryme Smart Grid Insights)
About ViaSat
ViaSat delivers fast, secure communications, Internet, and network
access to virtually any location for consumers, governments,
enterprise, and the military. The company offers fixed and mobile
satellite network services including Exede® by ViaSat, which features
ViaSat-1, the world's highest capacity satellite; service to more than
1,750 mobile platforms, including Yonder® Ku-band mobile Internet;
satellite broadband networking systems; and network-centric military
communication systems and cybersecurity products for the U.S. and
allied governments. ViaSat also offers communication system design
and a number of complementary products and technologies. Based
in Carlsbad, California, ViaSat has established a number of locations
worldwide for customer service, network operations, and technology
development. For more information about ViaSat, please
visit: www.viasat.com/critical-infrastructure-security
White Paper Credits:
Zpryme:
Managing Editor
Megan Dean
Sr. Research Analysts
Roger Alford, PhD
Research Lead
Stefan Trifonov
Paula Smith Nivedita
Wantamutte
ViaSat (Expert Contributor):
Brett Luedde ([email protected])
Director, Critical Infrastructure Security Secure Network Systems
Disclaimer:
These materials and the information contained herein are provided by Zpryme Research & Consulting, LLC and are
intended to provide general information on a particular subject or subjects and is not an exhaustive treatment of
such subject(s). Accordingly, the information in these materials is not intended to constitute accounting, tax, legal,
investment, consulting or other professional advice or services. The information is not intended to be relied upon as
the sole basis for any decision which may affect you or your business. Before making any decision or taking any
action that might affect your personal finances or business, you should consult a qualified professional adviser. These
materials and the information contained herein is provided as is, and Zpryme Research & Consulting, LLC makes no
express or implied representations or warranties regarding these materials and the information herein. Without limiting
the foregoing, Zpryme Research & Consulting, LLC does not warrant that the materials or information contained
herein will be error-free or will meet any particular criteria of performance or quality. Zpryme Research & Consulting,
LLC expressly disclaims all implied warranties, including, without limitation, warranties of merchantability, title, fitness
for a particular purpose, noninfringement, compatibility, security, and accuracy. Prediction of future events is
inherently subject to both known and unknown risks, uncertainties and other factors that may cause actual results to
vary materially. Your use of these and the information contained herein is at your own risk and you assume full
responsibility and risk of loss resulting from the use thereof. Zpryme Research & Consulting, LLC will not be liable for any
special, indirect, incidental, consequential, or punitive damages or any other damages whatsoever, whether in an
action of contract, statute, tort (including, without limitation, negligence), or otherwise, relating to the use of these
materials and the information contained herein.
INTELLIGENCE BY ZPRYME | ZPRYME.COM | SMARTGRIDRESEARCH.ORG
INTELLLIGENT RESEARCH FORAN INTELLIGENT MARKET
SONSORED BY
FOR MORE INFORMATION ABOUT VIASAT, PLEASE VISIT VIASAT.COM/CRITICAL-INFRASTRUCTURE-SECURITY