Posted on

Electric Utilities Will Require More 3rd Party Assistance for Cybersecurity in the Next 3 Years

The recently completed Newton-Evans study of the Global Market for Protective Relays shows that out of 97 electric utilities surveyed around the world, 20% claim they currently require outside assistance for cyber security audits of their relay systems, and an additional 42% claim they will need third party assistance by 2022.

Continue reading Electric Utilities Will Require More 3rd Party Assistance for Cybersecurity in the Next 3 Years

Posted on

Growing Use of Specialized Consultants to Assist with Utility Cyber Security Activities Reported in Control Systems Study

Related Substation Automation Study Examines Use of Encryption for Data Transmission To/From Control Center Systems

The Newton-Evans Research Company has released additional cyber security-related findings from two major report series. The research shows that reliance on outside assistance for cyber expertise is gaining ground – especially among international utilities, while the use of encryption for operational data transmission is growing across the world.
Continue reading Growing Use of Specialized Consultants to Assist with Utility Cyber Security Activities Reported in Control Systems Study

Posted on

Encryption of Substation Communication Protocols On The Rise in North American Electric Utilities

The recent Newton-Evans survey of the Worldwide Market for Substation Automation and Integration programs in Electric Utilities: 2014-2016 reveals the increasing trend in North America of encrypting substation communication protocols. Here are a few facts about this topic:

1) Out of 59 North American electric utilities responding to the survey question, “What protocols do you use within the substation, between substations, and from the substation to the external host or network?” forty-five said they currently use DNP3 (serial) and 28 said they use DNP3 LAN (TCP or UDP) within the substation. For communication from substation to substation, 16 said they use SEL protocols and 21 said they use a version of DNP3. For communication from substations to the external host or network most respondents use a version of DNP3.

2) When asked the follow up question, “Are these protocols encrypted?” sixty-nine percent (41/59) said “No.” This seems like a lot, but the Newton-Evans survey has found that every few years more and more North American utilities are using encryption.

Are substation communication protocols encrypted?
SSA_enr_protocolsNA

3) Utilities were then asked, “If your protocols are encrypted, where do you employ encryption?” a) Inside the substation b) substation to substation c) substation to master (choose all that apply). Of the 15 North American utilities responding to this question, 14 indicated they encrypt protocols from substation to master, while only 3 use encryption within the substation and 2 from substation to substation.

Purchase the full report from our reports page for more detailed information on substation protocol use, encryption, and substation communications.

Posted on

Use and Plans for Vendor Security Certification Programs: 2011-2013

The final question in the 2011 survey requested information on vendor security certification requirements that utilities may have adopted since the previous study in 2008. In North America, only 11% of utilities in the sample had implemented such a program, but another 19% planned to require vendor security certification by year end 2013. Two thirds of the utilities have no plans for such vendor security certification.

North America Sample, 2011:
vendorsecurityprog

North America Sample, 2011:
VSPinvolves

Of the International utilities that answered this question in 2011, three out of twenty-one (14%) had implemented such a program, while another 33% plan to require vendor security certification by year end 2013. Almost half had no plans for such vendor security certification. Of the three out of twenty-one utilities with such a plan, all of them said it involved commissioning and maintenance processes; two said it involved product and service design, development and testing, and one indicated that their plan also involved organizational processes and disciplines.

International Sample, 2011:
vendorsecurityprogINT

To get more excerpts from our research studies, and to receive news and updates about our upcoming research projects like World Market for Substation Automation and Integration Programs in Electric Utilities: 2014-2017, write to info@newton-evans.com with a subject line, “Sign me up!”