For the past three years, Mason has partnered with IBM and the National Science Foundation (NSF) to research and develop recommendations for cyber security leadership core competencies and governance best practices for securing the smart grid.
“Electric companies and regulators have a changing vision of risk, as electric companies are regularly targeted by cyber criminals, hacktivists and nation states and in addition, as control systems are connected to networks and Internet,” said J.P. Auffret, director of research partnerships and grants initiatives at George Mason University’s School of Business.
Auffret, together with Angelos Stavrou, professor of computer science in the Volgenau School of Engineering at Mason and director of Mason’s Center for Assurance Research and Engineering (CARE), and Jane L. Snowdon, director of Watson Health Partnerships at IBM Watson Health, led the projects.
Most recently, the team presented their findings at the Fordham - FBI ICCS Conference and published the research in the Journal of Interconnection Networks (JOIN). Download a complete copy of the final report, Cybersecurity Leadership: Competencies, Governance, and Technologies for Industrial Control Systems.
Auffret said, “There is a convergence of IT and OT; information technology and operational technology are converging as the physical electric grid is made ‘smart’ through network connectivity. As a result of these increased risks, electric companies are strengthening cyber security leadership and institutions, including enhancing the role of the CISO and increasing board oversight of cyber security.”
The three-year venture started in 2014 as part of two grants, one through an IBM Shared University Research (SUR) Award focused on securing industrial control systems and the other through an NSF grant intended to create a set of chief information security officers (CISO) core competencies. These grants led to two research projects—one centering on cyber security leadership and the second focusing on securing SCADA (Supervisory Control and Data Acquisition) systems and the next generation smart grid.
With increased connections of the smart grid to one another and the internet, the risk for cyber crimes have increased greatly. Part of this research was to come up with ways that electric corporations and co-ops around the country could better secure their systems.
In an intensive cyber security workshop in 2014, CIOs, CISOs, IT and smart grid experts, and policy makers from across the government, private sector, and academia—both domestic and international—came together to provide insights on current and compelling cyber security issues. Download the first Mason-IBM-NSF 2014 Cybersecurity Workshop Report.
Research continued into 2015, building up to the Mason–IBM–NSF Cybersecurity Leadership and Smart Grid Conference which took place in April of that year and was attended by more than 200 cyber security professionals. Speakers included industry experts, such as CISOs, chief technology officers (CTOs) and chief information officers (CIOs) from the government, private sector, and non-governmental organizations (NGOs). Download the second Mason-IBM-NSF 2015 Cybersecurity Workshop Report.
Momentum continued to build for this research following these two events. In their final report, the research team concluded that identifying and mitigating the inherent risks in electric companies’ systems, operations, and processes will put enterprises in a better position to shield themselves against current and future cyber threats.
The research will be shared across industry and Mason is exploring several possible future collaborations with IBM.
“As a next step, we are incorporating this research into a new project on furthering cyber security governance by cities and counties across the country and an upcoming project on potential and best practices of regulatory approaches by state public service commissions for cyber security of electric companies,” said Auffret.