At a keynote speech in Washington last month, former CIA director Leon E. Panetta warned that cyberspace is the “battlefield of the future.” Hackers could trigger disruptions similar to those caused by Hurricane Sandy if they gain access to electricity grids, transportation systems or other networks, he said.
Warnings like Panetta’s have created new opportunities for cybersecurity technology companies that once focused on computer networks. Many are looking to adapt their software to help protect other industries.
For instance, M2Mi — which stands for machine-to-machine intelligence — began eight years ago as a project out of the NASA Research Park in Moffett Field, Calif. The firm works with telecommunications companies to make sure that the devices that make up “the Internet of things” — a web of connected devices and sensors — can easily exchange information over a network.
M2Mi is turning its attention to the electrical grid. It has been working with the Smart Grid Interoperability Panel, a nonprofit group that began as a project about four years ago, funded by the Energy Department and the National Institute of Standards and Technology, to make sure its software meets the requirements of the electric utility industry. The panel draws up standards and practices to ensure that the devices, sensors and meters that make up the electrical grid can communicate.
“Most [tech companies] are trying to bring in business solutions, most of which have started out doing either security capabilities or cybersecurity from a different industry perspective, and then looking at how it applies to the smart-grid space,” said Patrick Gannon, the panel’s executive director.
Utility companies have been using M2Mi’s software to manage the information collected from various points in the electrical grid: the data transmitted from an energy sensor to a consumer’s “smart” meter, which might display the amount of energy consumed in an hour and its price, to the energy provider’s main data center and vice versa.
The software uses a lockbox system that grants authorized devices unique “keys,” allowing them to participate in that information exchange. A consumer’s smart meter may be granted one such key. An attack on the network can be traced to a particular user or device, chief executive Geoff Brown said.
M2Mi is not alone in looking for work across sectors. Utility companies make up about 80 percent of customers for the analytics firm Space-Time Insight, based in San Mateo, Calif. But other customers are companies in oil and gas, telecommunications, and transportation. Customers pay a software-licensing fee for the service.
Space-Time Insight’s system collects data from weather sensors, energy meters, security cameras and other sources to establish baselines, and immediately alerts administrators in case of an abnormality. The system also correlates abnormalities in data streams to triangulate the source of an intrusion — an irregularity caught on a video feed, or an unauthorized attempt to join the network, might be linked to a slowing of the network, for instance, said Steve Ehrlich, senior vice president of marketing.
Crossing industry lines can be tricky. In the smart-grid panel’s discussions with utility companies, Gannon said, he learned that although their concerns are similar to, say, the financial industry — detecting malware and viruses and encrypting data transmissions — “there is the added dimension [in the electrical grid] of the machine-to-machine interaction between autonomous devices that becomes a little more unique.”
Also, the utility industry tends to move slower on adopting new technology because of the way it is regulated, Gannon said. Most utility companies must undergo a formal rate-making process, during which they decide how much to charge consumers, so it’s rare for them to try out new technologies if it affects that process.
“It’s a much longer business cycle,” Gannon said.
Navigating that process can be tough for investors hoping for timely returns. As a result, investments may be slowing. According to data from Mercom Capital Group, a global clean-energy communications and consulting firm, venture funding for smart-grid companies reached $405 million in 2013, compared with $434 million in 2012.
Still, the Energy Department is actively searching for cybersecurity solutions for the electrical grid. In April, the department put out a research call for technology related to defending against moving targets, securing distributed energy resources that do not rely on a central power plant, and self-healing control systems for delivering energy.