The era of voluntary reliability standards for electric utilities has ended, and power companies now face a set of US federally mandated rules that can cost them up to $US1 million a day in fines if they turn the lights out on their customers.
But the day of reckoning for one industry is an opportunity for another — namely, the IT industry. The new regulations are boosting IT spending by utilities, particularly for security technologies, according to analysts.
Whatever money is being spent is not [equal to] the hit the economy takes when there is a blackout
Spending on cybersecurity tools is now the fastest-growing segment of the utility software market in North America, said Christine Richardson, an analyst at IDC's Energy Insights unit based in the US. Cybersecurity purchases are growing at an annual rate of 11.2 percent, compared with an overall growth rate of 7.1 percent, she said.
The new reliability rules have triggered "a huge rush from companies to have products to make sure they are compliant," said Richardson, who predicted that cybersecurity spending by utilities will increase to nearly $US435 million by 2010.
The regulations stem from the Northeast Blackout of 2003, a cascading power outage that left 50 million people in eight US states and Ontario without electricity and cost businesses billions of dollars in lost revenue. It was the result of a series of utility company mishaps — from a failure to remove tree branches dangling over power lines to computer system errors.
The blackout prompted public outrage, similar to the complaints that followed the Enron and WorldCom accounting scandals and led to the passage in 2002 of the Sarbanes-Oxley Act, which set new financial reporting requirements on publicly traded companies.
In the utility industry's case, Congress ultimately decided that voluntary reliability measures were no longer working and imposed mandatory and enforceable standards for power providers via the Energy Policy Act of 2005.
The North American Electric Reliability Corp. (NERC), an industry-owned self-regulatory organization based in the US, is responsible for enforcing compliance by utilities with the new standards. NERC said earlier this month that it will work with eight regional entities to monitor compliance and take enforcement actions when violations are identified.
NERC spokeswoman Susan Boucher said the increased IT spending being prompted by the regulations is less expensive than the possible alternative: another blackout that wreaks havoc on customers and the economy. "Whatever money is being spent is not [equal to] the hit the economy takes when there is a blackout," Boucher said.
One vendor that has started aiming IT security products at the utility market is Hewlett-Packard. HP has adapted its Atalla network security and data encryption technology, previously used in ATMs and point-of-sale systems, to utility applications. Atalla subsystems are bundled into an umbrella offering called the Trusted Compliance Solution for Energy, which HP announced last month to provide utilities with hardware-based cryptography, authentication and other security services.
At HP's Technology Forum & Expo 2007, the vendor introduced additional security products and said it is making its technology broadly available to users in other industries.
In particular, HP announced an Itanium-based appliance intended to provide high-speed analysis of network logs to help IT staffers look for information about security incidents. The Compliance Log Warehouse gives users a connection between identity management and event logging, and enables them to gather data not just about an incident but also about who may be behind it, said Chris Whitener, HP's US director of enterprise security strategy and Atalla product manager. For instance, the appliance can point to a particular IP address, he said.
HP also detailed new tape drives that support hardware-based encryption of data, which is designed to save users from the CPU-burning exercise of encrypting data on a separate server. The StorageWorks LTO-4 Ultrium1840 drives are due out later this year.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.