Related Substation Automation Study Examines Use of Encryption for Data Transmission To/From Control Center Systems
The Newton-Evans Research Company has released additional cyber security-related findings from two major report series. The research shows that reliance on outside assistance for cyber expertise is gaining ground – especially among international utilities, while the use of encryption for operational data transmission is growing across the world.
Use of Outside Assistance for Cyber Security-Related Activities
The areas in which most North American electric utilities seem to need outside assistance continue to include Vulnerability Assessment, Critical Infrastructure Protection, and Cyber Security Monitoring. Half of all survey respondents said they currently use an outside provider for Vulnerability Assessments, while 13% said they plan to use such service providers by 2019. This is an increase over what the survey sample had indicated in 2013. Forty-one percent currently use a third party for CIP-related consulting, and 31% use a third-party service to assist with Cyber Security issues; both increased over what utilities reported in 2013 (which was 28% and 18% respectively.)
The areas for which international utilities were using outside assistance at year-end 2017 continued to be Vulnerability Assessment, Critical Infrastructure Protection, and Cyber Security Monitoring. However, a much larger portion of the international survey sample indicated a current need for assistance in these areas than was reported in 2013. Plans for using outside services firms for vulnerability assessments and remediation look to be strong by 2019.
Use of Encryption To/From Substations
North America
Substation automation survey findings indicate that more electric utilities encrypt communications between the substation and the external host/network than communications within the substation or from substation to substation. Twenty-nine percent of North American utilities sampled said all communications between the substation and the external host/network are encrypted, and 40% said some of it is encrypted. Thirty-two percent (mainly smaller utilities) responded that they do not yet encrypt data in transit from the substation to the external host or network.
However, within the substation and from substation to substation, far fewer utilities indicated any use of encryption of data in transit; 60% said they do not encrypt data sent from substation to substation, and 74% said they do not encrypt data transmission within the substation. This trend was obeserved across all types and sizes of utilities in the sample.
International
Fourteen percent of the international utilities surveyed said they encrypt some data in transit within the substation; 29% encrypt at least some of the communications between the substation and the external host, and 30% encrypt at least some data sent from substation to substation.
Source for “Use of External Assistance or 3rd Party Services” findings: The World Market Study of SCADA, EMS, DMS and OMS in Electric Utilities: 2017-2019 (Basis of Findings: 60 North American study participants and 31 International study Participants).
Source for “Encryption of Substation Communications” findings: The World Market for Substation Automation and Integration Programs in Electric Utilities: 2017-2020 (Basis of Findings: 69 North American participants and 25 International Participants)
In the three most recent editions of the Newton-Evans research studies on operational systems, substation automation and protection and control conducted since 2010, more than 400 utilities from 55 countries have actively participated.
Further information on these reports is available from Newton-Evans Research Company, 10176 Baltimore National Pike, Suite 204, Ellicott City, Maryland 21042. Phone: 410-465-7316 Email: info@newton-evans.com or visit our reports page to order any of more than 100 related reports.
summary reviews and highlights from completed studies
