Transpower sees dangers in the increasingly digital management of the country’s electricity distribution network, and has set up a seven-person committee to minimise possible threats.
The various divisions of the company have put security measures in place before and continue to monitor their appropriateness, says spokesman Kevin Mackey, but the new committee will bring these disparate efforts together and unite consideration of threats to IT and to the “physical assets of the network”, bearing in mind the extent to which the two are now intertwined.
Transpower’s move follows discussions during the formulation of the State Services Commission report Protecting New Zealand’s Infrastructure from Cyber-Threats. This report identified the potential threat from accident or malicious damage to the digital devices now controlling much of the electricity network.
Transpower IT&T analyst Bernard O’Brien says “security awareness [within Transpower] was probably raised by interviews being conducted for the report”, but overseas incentives in the same direction (particularly in the US) were also an influence.
The so-called Smart committee (Security Measures Against Random Threats) declares its intent as: “Firstly [to] identify the threats, then review the current measures that exist to deal with threats."
Transpower says its staff are involved in international security groups and best international practices will be used to ensure that Transpower maintains power system integrity in the face of new threats. The committee has so far held one meeting, in December last year and plans to probably meet quarterly.
O’Brien rebuts a suggestion that the New Zealand electricity industry may be late in its awareness of digital security. “I think I can say honestly that when we compare what we’re doing with what’s happening overseas, we’re at least as good as them [in terms of progress].”
The security questions presented are not the typical ones, he says, in that they are to do with ensuring security of supply rather than simply protecting digital systems from intrusion.
The authors of the SSC report found readiness to meet threats rather harder to assess, owing to the fragmented state of the electricity industry. “The project team has been unable to gather any information about the protection of electricity lines companies’ infrastructure assets,” the report says. "Given that there are several such companies, each with an effective monopoly in their respective areas, there would appear to be scope for industry co-operation to provide mutual assurance of infrastructure security.”
Once Transpower has established international best practice, it will be up to IT and operational managers within the organisation to ensure suitable measures are implemented, Mackie says.