Computerworld - Verizon Business today launched a set of consulting services specifically designed for electric utilities working to safeguard the reliability of the electric grid in North America.
Among the services Verizon will offer is advice on, and implementation of, security software that can be used to thwart cyberattacks on the electric grid.
The consulting services could cost from $30,000 to multiple millions of dollars, depending on the size of the utility and its needs, said Omar Khawaja, product manager at Verizon Business, a division of Verizon Communications Inc. Khawaja said the average consulting services contract would cost between $50,000 and $200,000.
Verizon already provides security consulting to hundreds of companies and has many electric utilities under contract. The new services are intended to specifically help electric utilities meet a July 1, 2010 deadline to be "auditably compliant" with the North American Electric Reliability Corp.'s Critical Instruction Protection (NERC CIP) requirements, Khawaja said in an interview. "Auditably compliant" means that electric utilities must be able to show an auditor that the utility has logs and other records indicating it has 12 months of compliance with the requirements.
NERC was empowered by the U.S. 2005 Energy Law to enforce the NERC CIP standards; NERC is overseen by the Federal Energy Regulatory Commission (FERC).
Verizon will be competing with international accounting firms that provide similar utility audits and the consulting services of IBM Corp., Khawaja said. However, Verizon's familiarity with communications networks gives it more expertise in dealing with electric networks, which could give it an edge.
In addition, smart electric grids of the future will involve two-way communications using Internet Protocol controls that are part of Verizon's expertise, Khawaja added.
The smart grid concept is designed to help utilities conserve energy and costs, partly by allowing utilities to communicate with a variety of devices on a grid about the real-time cost of electricity. For example, a dishwasher or electric car might have an automatic two-way communication with the electric utility about what time of day energy is less expensive. The car or dishwasher would shut down until a time when costs were lower, Khawaja said.
The data passed over IP could be communicated via existing wired infrastructure or even wirelessly, Khawaja said, but there is also developing technology that allows data to be carried over electric lines.
With such smart grids, utilities will need cyber security protection against fraud by homeowners and average consumers trying to keep their electric bills low, as well as against international terrorists who might want to cripple the grid as part of a larger attack, Khawaja said. "IP is a well-known protocol, so there is potential for security breaches and the amount of threats is much greater now." The CIP regulations will also protect electric utilities against accidents or natural disasters.
Verizon will offer four basic types of consulting, starting with strategy, then planning, implementation (including installation of patch management technology) and security operations.
Utilities must meet eight NERC CIP requirements, including identification of cyber assets in the grid, adequate training for personnel and the physical security of computer assets. The CIP requirements also detail how cyberattacks must be reported and lay out plans for recovery in the event of an attack or accident.
Read more about Security in Computerworld's Security Topic Center.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
