Because utilities are connected across vast geographical areas. Usually, you can get by with local control in isolated stations, but some applications (such as synchrophasors on the power grid) need wide area networks for control. And it is much cheaper to ride the internet in some parts than it is to build your own isolated wide area network infrastructure (which still wouldn't be immune to physical access).
The idea is to encrypt everything, use a firewall, and have user account control. There are standards for how to do this safely (NERC-CIP). And isolate every network from the net unless it's absolutely necessary.
Right now we're in a state of flux. The industry will mature as younger engineers with computer backgrounds and an understanding of IT (like me) take over.
If someone gained access to just the synchrophasors, could they shutdown the whole plant down? Or is this just the point of "leakage" into other parts of the system? Can the phase synchronization still not be done by hand? I'm just trying to understand the example more.
These are large scale engineer projects, and it's been said before that trad. engineers are more rigorous in their methods and approach to solutions, as compared to software engineers. And yet, they are taking shortcuts (the internet) which do not live up to the engineering standards of the rest of the system.
For me, the only real solution is to use an isolated network. Yes, there will always be the risk of physical access, but that exists with every solution. By removing critical hardware/software from the internet, you reduce your number of attacks dramatically.
Synchrophasors are timestamped data from individual measuring devices on the power grid, such as relays. If you can control those devices on a live system you absolutely can do a lot of damage. However, there are often several layers between those devices and the phasor data concentrator. And more security between the PDC and the public internet.
Synchrophasors' value is in comparing voltages across entire synchronous regions[1] to maintain stability and prevent events like the 2003 Northeast blackout. As such, they're essentially national in scale. How do you get information across the country (in roughly real time) without the internet? As you can imagine, replicating huge chunks of the internet is cost prohibitive to even the largest utilities.
Believe me, networking is taken extremely seriously in my industry (electric power), and no device is connected to the internet unless it absolutely has to be. There are plenty of valid concerns; however, progress must still be made. I'm interested to see how this all plays out, and to play my own small part in the development of networked utility infrastructure.
So far, the power grid has been safe from the types of nuisance attacks the water utility in the article saw. I really don't know why water pumps and sanitation systems need to be online. I have a hunch we electrical engineers have a leg up on civil engineers when it comes to computer security. ;)
Generally what you want to do is have your internal networks gated by hardened devices communicating over VPN. Disconnection from the Internet is simply not practical anymore, but snooping and attacks can be significantly mitigated. My fine employer works in this area and sells these sorts of devices, I would be happy to email interested parties links to our whitepapers and devices. :-)
The idea is to encrypt everything, use a firewall, and have user account control. There are standards for how to do this safely (NERC-CIP). And isolate every network from the net unless it's absolutely necessary.
Right now we're in a state of flux. The industry will mature as younger engineers with computer backgrounds and an understanding of IT (like me) take over.