The contract for a re-examination of Transpower's digital security and authentication procedures (see Transpower still mulling over security proposals) has been awarded to a consortium including CAP Gemini Ernst & Young and SolNet.
The initial contract is for an examination of all security and authentication pertaining to operational control of the electricity distribution network, administration of the electricity market and Transpower’s internal business systems.
These three suites, originally separate, have been “joined up” with broadband communications links over the period from 1995, when the electricity market system was introduced, until now, says Transpower general manager of service delivery, Kieran Devine.
This integration is clearly beneficial, particularly as the market system needs a lot of information from the others; but it also creates obvious vulnerabilities.
Even customers can now enter the financial side of the integrated system to check on their dealings with the company.
Security improvements have been handled piecemeal over that period, “and we thought it’s time we put a peg in the sand to say ‘this is where we are’ and look at what needs improvement in our security systems”, Devine says.
Prior to 1995, security around the network control systems was chiefly physical; “they were in locked buildings.
“What [CGEY and Solnet] have got is a high-level short piece of work. It’ll probably take only three to five weeks.” The ideas coming out of this will “certainly lead to a whole series of contracts, worth many millions of dollars”.
CGEY will have the advantage of inside knowledge and experience from the first phase in bidding for some of this work, and is likely to play a future role, Devine says; but the future contracts will be put out to tender.
The security enhancement projects will never really finish, he says. Currently planned improvements will clearly slow down eventually but another three to five years out, Transpower will do another peg-planting exercise and the cycle will start again.
Security on the operational system is crucial to preventing external interference with Transpower's networks, vital to the nation's electricity supply.
The study will also doubtless bring some rationalisation of authentication procedures for Transpower’s staff, Devine says. This is likely to mean the convenience of a single sign-on for some ranges of application, though not all, he says.