Verizon Business today launched a set of consulting services specifically designed for electric utilities working to safeguard the reliability of the electric grid in North America. The consulting services could cost from $30,000 to multiple millions of dollars, depending on the size of the utility and its needs, said Omar Khawaja, product manager at Verizon Business, a division of Verizon Communications Inc. Among the services Verizon will offer is advice on, and implementation of, security software that can be used to thwart cyberattacks on the electric grid. Khawaja said the average consulting services contract would cost between $50,000 and $200,000. Verizon already provides security consulting to hundreds of companies and has many electric utilities under contract.
NERC was empowered by the U.S. 2005 Energy Law to enforce the NERC CIP standards; NERC is overseen by the Federal Energy Regulatory Commission (FERC). Verizon will be competing with international accounting firms that provide similar utility audits and the consulting services of IBM Corp., Khawaja said. The new services are intended to specifically help electric utilities meet a July 1, 2010 deadline to be "auditably compliant" with the North American Electric Reliability Corp.'s Critical Instruction Protection (NERC CIP) requirements, Khawaja said in an interview. "Auditably compliant" means that electric utilities must be able to show an auditor that the utility has logs and other records indicating it has 12 months of compliance with the requirements. However, Verizon's familiarity with communications networks gives it more expertise in dealing with electric networks, which could give it an edge. The smart grid concept is designed to help utilities conserve energy and costs, partly by allowing utilities to communicate with a variety of devices on a grid about the real-time cost of electricity. In addition, smart electric grids of the future will involve two-way communications using Internet Protocol controls that are part of Verizon's expertise, Khawaja added. For example, a dishwasher or electric car might have an automatic two-way communication with the electric utility about what time of day energy is less expensive.
The data passed over IP could be communicated via existing wired infrastructure or even wirelessly, Khawaja said, but there is also developing technology that allows data to be carried over electric lines. The car or dishwasher would shut down until a time when costs were lower, Khawaja said. With such smart grids, utilities will need cyber security protection against fraud by homeowners and average consumers trying to keep their electric bills low, as well as against international terrorists who might want to cripple the grid as part of a larger attack, Khawaja said. "IP is a well-known protocol, so there is potential for security breaches and the amount of threats is much greater now." The CIP regulations will also protect electric utilities against accidents or natural disasters. Utilities must meet eight NERC CIP requirements, including identification of cyber assets in the grid, adequate training for personnel and the physical security of computer assets. Verizon will offer four basic types of consulting, starting with strategy, then planning, implementation (including installation of patch management technology) and security operations. The CIP requirements also detail how cyberattacks must be reported and lay out plans for recovery in the event of an attack or accident.
0 comments:
Post a Comment