McAfee Report Highlights Critical Need for Improved Energy Grid Security

Industry Thought Leaders Discuss State of Energy Security

SANTA CLARA, Calif.--(BUSINESS WIRE)--McAfee today announced a report detailing the thoughts of industry leaders on the state of energy security. The report, Getting Smarter About Smart Grid Cyberthreats, looks at how legacy smart grids are vulnerable to attack and how security needs to be built into these critical systems.

“Security needs to be built into grid components at the planning and design phase”

The electrical power grid is the backbone on which everything else depends on. A cybercriminal could debilitate a major city by a single targeted attack on the energy grid and compromise anything from the lights and appliances in homes, to heart monitors in hospitals, to air defense systems. The most prevalent cyberthreat reported by the global energy sector is extortion. Criminals gain access to a utility’s system, demonstrate that they are capable of doing damage, and demand a ransom. Additional threats include espionage and sabotage all with the goal of financial gain, data theft and shutting down facilities.

How did we wind up with a system of energy production and distribution so vulnerable to attack? The answer lies in well-intentioned efforts to modernize energy distribution and make it safer, cleaner, more efficient, less costly, and open to more alternative forms of production. What makes the smart grid vulnerable?

  • Outdated systems - An estimated 70% of the existing energy grid is more than 30 years old. In the effort to update it and integrate it with more modern installations, connecting aging systems to the internet without the benefit of encryption, security has largely been an afterthought.
  • Automation – Moving systems from a manual process to one that is internet connected gave energy grid operators real-time info and allowed administrators to telecommute and field workers to re-program systems from remote locations through their smartphones however this also opened all their systems to the outside world.
  • Interconnection of embedded systems - The third and perhaps most alarming cause of vulnerability is the proliferation and increasing interconnection of embedded software and devices directing the flow of energy. While each of these built-in computers is typically single-function with a very specific task, more and more are being built with off-the-shelf rather than proprietary software, making them increasingly generic – and therefore vulnerable. As such, they are the prime targets of intruders seeking to gain control of or disrupt the delivery of energy.

“Security needs to be built into grid components at the planning and design phase,” said Tom Moore, vice president of Embedded Security at McAfee. “Because the grid relies heavily on embedded systems it makes them ripe targets for intruders thus it is imperative to integrate security solutions natively in these devices. McAfee is working with its partners in industry and government to make great strides on the technical front to mitigate the threats to these critical systems we all rely on.”

A wide range of technologies exists for achieving the goal of securing these embedded systems and the energy grid - from antivirus and anti-malware protection to firewalls, advanced encryption, and application blacklisting and whitelisting. Solutions such as McAfee Embedded Control prevent unauthorized changes to devices to make them resilient to malware infections and attacks. To mitigate vulnerabilities and prevent attacks, McAfee addresses endpoint, network, and data security within the grid as part of a cohesive security solution.

The report which features interviews from such firms as Atlantic Council, Invensys, and Pacific Northwest National Laboratory can be downloaded at:

About McAfee

McAfee, a wholly owned subsidiary of Intel Corporation (NASDAQ:INTC), is the world's largest dedicated security technology company. McAfee delivers proactive and proven solutions and services that help secure systems, networks, and mobile devices around the world, allowing users to safely connect to the Internet, browse and shop the Web more securely. Backed by its unrivaled Global Threat Intelligence, McAfee creates innovative products that empower home users, businesses, the public sector and service providers by enabling them to prove compliance with regulations, protect data, prevent disruptions, identify vulnerabilities, and continuously monitor and improve their security. McAfee is relentlessly focused on constantly finding new ways to keep our customers safe.

Note: McAfee is a trademark or registered trademark of McAfee, Inc. in the United States and other countries. Other names and brands may be claimed as the property of others.


Erica Coleman, 408-346-5624
H3O Communications
Heather Edell, 415-618-8814