Every industry has its particular concerns about information security. Companies in the utility industry, particularly those providing electricity, gas and water to citizens worldwide, have specific requirements that have been highlighted as infrastructure ages, while threats external and internal underscore the "critical" in "critical infrastructure." In North America, bulk electric systems now have compliance goals in the form of Critical Infrastructure Protection (CIP) rules to improve the reliability of their systems. Ironically, this comes at a time when many of those same electric utilities are in the process of evaluating, engineering and implementing new advanced metering infrastructure (AMI) systems, a relatively mature and much-hyped technology for automated meter reading for commercial and industrial customers. While a significant market with significant vendors, concerns about project scope, business requirements and technology standards, particularly in security, worry some. Concerned utilities have taken a leadership role in those standards efforts, and not just in technology standards. Key processes for developing an AMI program, documenting an effective security design and identifying AMI security requirements have been the purview of utilities such as Southern California Edison (SCE), which has spent years developing a secure AMI program in the form of a product offering called SmartConnect. Others, including SCE, have been heavily engaged in standards bodies such as the Utility Communications Architecture (UCA) International Users Group (IUG), UtilityAMI working group and AMI Security (AMI-SEC) task force to close the gap between need and reality.

So, what's the message here? There are several. Major issues aren't static; they're dynamic. While infrastructure ages, new demands are being made on it. The parties that deliver the service must find a way to deliver compliance and a solution plan simultaneously, while still providing critical infrastructure services - not an easy task. Having the right participants at the right level of engagement and at the right pace is, well, I guess you could say critical.