Security Risk in Utility Management
As a member of management for a local utility, we deal with security in regards to our operation on a daily basis. A great amount of money, labor, and time is implemented in regards to the safety and security of our organization for the good of our employees and our consumers. Outside threats add to the significance of the challenge. Electric and gas utilities experience twice the number of attacks than do other businesses. There is sufficient documentation for this in cases cited by the National Security Telecommunications Advisory Committee Information Assurance Task Force (NSTAC), which recognizes vulnerabilities in critical utility Process Control Systems (PCS), such as Supervisory Control and Data Acquisition (SCADA), Energy Management Systems (EMS) to identify a few. On the structural side, the industry model has changed from a vertically integrated company to a worldwide society with a diversified asset base and numerous business entities.
These factors alone cause companies to incorporate their business systems and share information with internal and external stakeholders, thereby adding considerably to the intricacy of risk management. A wide-ranging field of influences combines to make risk management in the electric and gas utility industries much more complex than in the past. Some of them stem from dramatic transformation in how these businesses are structured. Others relate to new and critical kinds of outside threats.
According to Ortmeier, "The field of utility can be traced to World War II when the protection of utilities against savage direct attack was considered vital to the war defense effort. Utility facilities were protected by armed troops. Today, even though government troops are not employed, utilities are considered vital to national security and comprehensive security programs have been implemented to protect this valuable infrastructure. Without adequate water supplies, sewage systems, natural gas...