ico-news-orange-001
  • Electricity Policy
  • Mar 23, 2016

Are Regulators’ Heads in the Cloud?

Newsroom_background_cloudsecurity
By Brien Sheahan, Elizabeth McErlean, and Anastasia Palivos

Are Regulators’ Heads in the Cloud? Primary Challenges to Utility Adoption of Cloud-Based Solutions

While companies like Amazon, Google, Netflix and Uber are using the cloud and IoT to disrupt entire industries, offering dynamic pricing and services, utilities are lagging behind. As the energy landscape evolves, regulators must consider whether the technical and functional merits of the cloud can create value for utilities and ratepayers.

I. Introduction

Increasingly, unregulated businesses are adopting cloud-based information technologies to improve service while leveraging back-office scale and security to generate greater value for consumers and shareholders. Burdened by outdated accounting rules that incentivize investments in legacy technology, cloud adoption by public utilities is relatively low due in large measure by the failure of regulators to consider forwarding looking policies. As the electricity grid evolves, cloud-based services will become necessary to manage a smarter, more efficient, and more distributed network and regulators will have to overcome antiquated views regarding how we think about rate-base and cybersecurity.

Excerpt from Article:
At a time when utilities need to embrace innovation and invest in new technologies more aggressively, both regulators and utilities need to carefully examine the economics of the traditional CapEx/OpEx model to determine the best course of action for the entire industry. B. Cybersecurity Further blurring the issue is whether Internet-based solutions are as secure as on-premises technologies. It is estimated that by 2020, 60 percent of enterprise information budgets will be spent on cybersecurity. There is no question that the IoT, supported by cloud and mobile computing, has transformed how traditional security works. Only a few years ago Bring-Your-Own-Device policies for corporate IT were unthinkable. Today they are commonplace. As technology and employee expectations change, corporate IT policies have adapted and evolved. Technological developments are pushing the front-lines of cybersecurity further and further away from corporate data centers. According to Carol Bartucci, Vice President of IT at Commonwealth Edison, “there are security risks no matter where you data sits . . . . [W]e have to make sure that we prepare ourselves internally and we have to hold the vendor accountable.” But is it really the case that data in the cloud is more difficult to protect and less reliable than on-premises infrastructure? Or are critics too quick to decide that the cloud is inherently unsecure based on the traditional utility IT model? According to IT pioneer Tom Siebel, CEO of C3 IoT, “you couldn’t find a less secure place to put [data] than behind [a corporation’s] own firewall,” concluding that in the future the cloud will be “the only place where you can secure the data.” Among some of the most newsworthy cybersecurity attacks—NSA Snowden leaks, JP Morgan Chase breach, Home Depot breach, Jennifer Lawrence iCloud photos, Target breach, and North Korean SONY attacks—the lone attack to hit a cloud system was the Apple iCloud hacking of Jennifer Lawrence’s pictures. The intruders gained entry through poor user password usage, not through sophisticated cyber-hacking or security issues with iCloud itself. All the other attacks were breaches of on-premises corporate systems guarded by IT departments. “People should associate IT with a lack of security actually. Almost all of the massive data breaches we’ve seen of late were within traditional on-premise IT,” says Wiedland Alge, Vice President and General Manager of EMEAR at Barracuda Networks. Migrating important data to a shared cloud infrastructure certainly involves changes to a corporation’s cybersecurity risk profile but that does not necessarily mean an increased risk of intrusion. According to cloud proponents, the contention that cloud computing is less secure than on-premises systems is unfounded and is largely due to the fact that the cloud computing approach itself seems unsecure because data is stored on servers and systems that the utility does not own or control. In fact, the uncertainty associated with relinquishing control from a utility-owned infrastructure to an infrastructure that exists outside the physical and electronic security perimeter of the utility is the most significant challenge in utilizing cloud computing in the utility industry. It should be noted, however, that approximately 80 percent of IT breaches are caused or assisted, most often unwittingly, by people “inside” the corporation.   Read full article at: http://www.electricitypolicy.com/Articles/are-regulators-heads-in-the-cloud-primary-challenges-to-utility-adoption-of-cloud-based-solutions