If you’ve been following IT security lately, you’ve undoubtedly heard of Stuxnet. The worm is currently sparking some cybersecurity drama with a sprinkling of geopolitical intrigue. (Iran thinks the presence of the worm in its nuclear plant is an assault from foreign powers.) What sets this episode apart is that the worm targets industrial control and power systems, like the ones that keep big plants and electrical utilities humming. And unlike malware that affects PCs and servers and may inconvenience users and/or give attackers access to data, the fear is that Stuxnet, or other undesirable code like it, can cause real damage to electrical grids. That’s reason enough for concern, but it’s also an opportunity.
Essentially, what the makers of Stuxnet have done — besides successfully exploiting an old Windows vulnerability — is make a case for effective smart grid security solutions. The bottom line: it’s a good time to be a computer security firm. Why? Because their market has just grown a little bigger, a little hungier for solutions that secure smart energy platforms. According to Pike Research, smart grid security will grow to a $4.1 billion market by 2013 — not too shabby a market for a scant two years and some change.
Protecting against the unknown
In Usman Sindhu’s recent Harvard Business Review article, “Demystifying Smart Grid Security,” he singles out malware and other hacker-borne threats as one of the impediments to securing the smart grid. (Data management and consumer confidence and privacy are the others.) The biggest danger in this regard is zero-day code that exploits an unreported or freshly-discovered vulnerability before software vendors can remedy the issue. The transition period to hyper-connected electrical systems provides just the right set of ingredients (new hardware and software, expansive networking, ubiquitous connectivity) for these types of threats.
Firms that have a portfolio of heuristic and behavioral anti-malware technology (like Sophos, Blue Ridge Networks and Kaspersky) will be best positioned to help utilities roll out their smart grids in the face of unknown threats. Similarly, startups and IT security consultants that can guide utilities from their closed, proprietary fortresses to their new technologically distributed (and hence more vulnerable) reality will find boom times ahead.
Image credit: Ravages – Flickr – CC