As the United States marked the tenth anniversary of the terrorist attacks of September 11, Americans remained convinced that, in order to protect their nation and its infrastructure, they must maintain an unwavering state of alertness and preparedness. “They will keep trying to hit us again. But…we remain vigilant,” said President Barack Obama. “We're doing everything in our power to protect our people. And no matter what comes our way, as a resilient nation, we will carry on.”

As an integral part of the nation’s infrastructure, the U.S. energy grid and its endpoints represent highly desirable targets for radical raids and hacking. In recognition of that threat, utilities have begun driving increased investment toward cyber security systems—which will total $14 billion from 2011 through 2018, according to a new report from Boulder, Colorado based Pike Research

Their concern—which is reflected throughout the public and private sectors—is one of the key drivers behind a cyber security measure that is making its way through the U.S. Congress. On May 12, when the Obama Administration presented the proposed legislation for consideration, Howard A. Schmidt, cyber security coordinator and special assistant to the president, emphasized that, “It helps protect our national security by addressing threats to our power grids, water systems, and other critical infrastructure.  These systems are the backbone of our modern economy; many are privately owned, but all merit our support in protecting them.”

And, even in an increasingly divisive political arena, the critical imperative of cyber security has received relatively little pushback. Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman, (ID-Conn.), said in early October, “As cyber crimes and attacks take an increasing toll on our privacy, economy, and national security, there is simply no reason we can’t pass bipartisan legislation this year to address this urgent and growing threat.”

 “Smart grids need intelligence or they are not smart,” explained Pike Research (News - Alert) Senior Analyst Bob Lockhart. “Adding that intelligence to grids will increase their attack surface and utilities know this. But the industry is still playing catch-up to the threats facing power grids: the greatest needs lie in securing control system segments— including transmission upgrades, substation automation, and distribution automation. However, despite this, many cyber security vendors are still focusing on IT security functions, such as smart meter security, revealing a critical gap between current security offerings and the needs of the market.”

Lockhart added that several key market drivers have appeared or gained importance during the past year, and are documented in the report, “Smart Grid Cyber Security.” Among them are the following:

The North American Electric Reliability Corporation (NERC (News - Alert))— an Atlanta-based independent, not-for-profit organization, dedicated to ensuring the reliability of the bulk power system in North America— has begun issuing fines for non-compliance with its Critical Infrastructure Protection (CIP) reliability standards.

Cyber security vendors report that now they are spending a lot more time speaking with utility operations groups, no longer meeting only with security managers or CIOs. Vendors have told Pike that utility operations teams have increased their cyber security savvy over the past 12-18 months and are now open to discussions about protection products, sometimes demanding those discussions.

Utilities are asking better questions about cyber security, although some education is still needed when a security vendor first calls on a utility. Nearly all security and technology vendors have told us that they will add more security to their products when the utilities start asking for it, which appears to have begun during the past 12 months.

 Hackers appear to have moved on to other industries: not nearly as many stories are heard about smart meter vulnerabilities. Pike Research does not view this as a positive development. One speaker at a recent conference said, “Do not fear hackers. Fear engineers who hack.” That is how nation-states attack, and the relative quiet in the press may be the calm before the storm.

Pike also has detected some signals that early adopters of technologies – especially advanced metering infrastructure (AMI) –may now be concerned that they did not include sufficient cyber security in their deployments. This may be because the state of cyber security capabilities has advanced, as has the awareness of cyber security issues.

“Much has changed for the positive in the smart grid security market,” commented Lockhart. “Unfortunately, one thing has not changed. Cyber security is still way behind the attackers. Even where strong countermeasures exist, they are not consistently deployed, and most sophisticated attackers look at smart grids from a systemic perspective while often the defenses have been installed in piecemeal fashion, without architecture. This hands an enormous advantage to the attackers—one that the utility industry will grapple with neutralizing for years to come.”

Pike Research’s report assesses the threats and vulnerabilities that confront smart grid technologies, to arrive at an analysis of the most significant cyber security investments and market opportunities. The report includes a detailed examination of key market drivers and barriers, along with profiles of key industry players and global forecasts, segmented by region and application area, for smart grid cyber security revenue through 2018.