What other vendors sell vulnerable gear to the energy industry and which vendor is likely to pop up next in a DHS alert? “You could throw a dart at a dartboard with a list of a vendors and come up with the next one,” according to Patrick Miller, President and CEO of EnergySec, an industry body focused on cyber security.
“But it’s like a bell curve. Some are on the front end and are doing good things, there is a bunch in the middle and a lot of bad ones at the end,” Miller said.
In fact, there is less security testing of the components that make up the electric grid than there is for the switches, routers and other devices that make up the Internet. “If it’s intended to go into a substation, depending on the type of device, there is a higher likelihood that it hasn’t gone through the same security measures as have the devices that go on the Internet,” according to Miller, who is also the Principal Investigator for the National Electric Cybersecurity Organization (NESCO).