Proving the Business Case for the Internet of Things

Intel platform could secure new and legacy power grids

Steve Rogerson
March 16, 2015
Intel Security has announced a technology platform that could secure both legacy and new capabilities within the electric power grid. Called Intel Security Critical Infrastructure Protection (CIP), it was developed in collaboration with the Department of Energy-funded Discovery Across Texas smart grid project including deployment at Texas Tech University, and is a joint project of Intel Security and Intel subsidiary Wind River.
CIP works by separating the security management functions of the platform from the operational applications, allowing the operational layer to be robustly secured, monitored and managed. It is claimed to be easy to use and cost effective, and can work for new and legacy infrastructure. It can be applied with little or no changes to business processes or application software, and can be retrofitted onto many existing systems.
Protecting the security of the power grid, which is critical to a nation’s ability to function, has long been an Intel Security priority. In 2011 and 2010 the company sponsored two global studies on the security of the grid with the Center for Strategic & International Studies, the number one ranked think tank in the USA for defence and national security by the Lauder Institute at the University of Pennsylvania. The most recent study found that of the 200 CIP executives surveyed globally, 32% had not adopted special security measures for smart grid controls. Yet 33% anticipated a major cybersecurity incident within 12 months. In short, the report concluded that the energy sector was not adequately prepared for cyberattacks.
“The risk of cyberattacks on critical infrastructure is no longer theoretical, but building security into the grid is challenging due to the amount of legacy infrastructure and the importance of availability of service,” said Lorie Wigle, vice president of IoT security for Intel Security. “Traditional security measures such as patching and rebooting are often inappropriate for the grid, so we set out to design something entirely different that could be non-invasive but simultaneously robust.”
CIP provides a secure managed platform that includes protection building blocks such as device identity, malware protection, data protection and resiliency – all tailored to today’s M2M environments. The technology also holds promise beyond the power grid and could be equally effective for departments of defence, the oil and gas industry, and medical application.
“From December 2013 to January 2015, the Intel Security CIP was in a field trial at Texas Tech University, where it performed as required by NIST standards and withstood penetration testing, as well as protected the synchrophasor applications during the Heartbleed vulnerability and Havex attacks,” said Milton Holloway, president and COO for the Center for the Commercialization of Electric Technologies. “This project was an outstanding example of a successful public-private partnership in that it produced technologies that are market ready. What could be a better outcome of a demonstration project?”