• United States



by George V. Hulme

Portland General Electric flips switch on smart security monitoring

Aug 22, 20113 mins
Critical InfrastructureData and Information SecurityNetwork Security

Why Portland General Electric deployed Security Information and Event Management (SIEM) technology and what they've been able to accomplish as a result.

Doesn’t seem long ago that the IT systems utilities rely on to manage their business and deliver electrical power rarely changed. That’s no longer the case as power companies move to upgrade their IT systems to remain competitive and deliver new services. And so many are in the midst of a massive smart grid rollout.

The smart grid market alone, where more computing intelligence is built into the fabric of the power delivery infrastructure, according to the research firm GreenTechMedia, is expected to grow from $5.6 billion last year to $9.6 billion by 2015.

“Utilities have a much smaller threshold for risk than they used to,” says Travis Anderson, cyber security director at Portland General Electric (PGE). “The industry is realizing, with the changes over the last decade, that they are going to be held to a higher standard for security events, or threats to the company. There are more attack vectors today, most possible inputs into critical systems.”

PGE has always taken security seriously, says Anderson. They’ve deployed firewalls, anti-malware, vulnerability management, log management and monitoring, and many other security technologies you’d expect — and they instilled the processes they needed to manage it all over the years.

Then a number of catalysts occurred that required the information security program to have more rapid, deeper insight into their systems. One of those catalysts includes the North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) program, a set of practices designed to improve physical and IT security for the bulk power system. The other was the deployment of more than 800,000 smart meters across a 4,000-square-mile service area.

“We took a hard look at our security practice and our governance around information and system protection. And we developed a number of process and technology initiatives to better mature our program,” says Anderson.

One of the core drivers of those efforts was the deployment of a Security Information and Event Management (SIEM), QRadar from Q1Labs, to help the utility better understand security events and better manage its infrastructure. “The benefit of a SIEM, over a log management application, is that it enables better correlation of everything going on in the network,” says Anderson.

Anderson believes that higher signal-to-noise ratio will improve PGE’s security management and decision-making. “Just from an incident and event response, you can make better decisions around what types of events to follow-up up on and respond and ignore the false leads,” explains Anderson. “As you fine-tune a product like this, you get a better sense of what’s important and you can focus your time into what really matters, what’s impacting your most critical systems, your uptime, your network latency, and other critical factors.”

That ability to focus on what is important is only going to become more crucial as the infrastructure gets enhanced with more intelligent devices and smart meters. “In the smart grid space, many of the product vendors are still fairly new, and immature when it comes to the capability in their technology. We were looking for things you would commonly look for in IT devices: encrypted meters, encrypted transmissions, good management of the BIOS and firmware at the meter level. That wasn’t out-of-the-box capability when a lot of this technology was released to the industry,” he says. “The SIEM helps us make up for some of that immaturity, and monitor for odd traffic on this network, dropped connections, and things of that nature.”

“We just wouldn’t have the manpower to monitor it all otherwise,” Anderson says.