In the smart grid cybersecurity business, being a governance, risk management, and compliance (GRC) professional is just about as thrilling as being the accountant that certifies the Academy Awards.
Not many security developers yearn to spend months designing a policy repository when they could otherwise be exploring new encryption algorithms. But GRC is the foundation upon which all cybersecurity is deployed.
In fact, according to Boulder, Colorado based Pike Research, GRC for smart grids gradually is gaining recognition in its own right and players in the sector are splitting into two segments:
- Providers with innovative or direct approaches to smart grid cybersecurity, and
- Large and powerful vendors that sell industry-agnostic solutions into this market.
The latest Pike Pulse (News - Alert) report finds that, among the innovators that have gained an edge in GRC are Santa Clara, California-based McAfee and its recently acquired subsidiary, NitroSecurity, located in Portsmouth, New Hampshire; as well as and Foxborough, Massachusetts-based Industrial Defender.
However, according to Pike, none of the companies on its list can truly be characterized as a “leader.” "Despite the fact that governance, risk management, and compliance are essential requirements for any cybersecurity program, this is not a well-served market for smart grids," says Pike Research (News - Alert) Senior Analyst Bob Lockhart. "Pike Research expects that to change in the coming two to three years, but at present we have not identified a single vendor that combines the necessary innovation, scale, and smart grid focus to be considered a leader in this area."
The criteria upon which the GRC vendors were scored included: vision, go-to-market strategy, partners, product strategy and roadmap, technical innovation, geographic reach, market share, sales and marketing, product performance and features, product portfolio, control system focus, and staying power.
The combination of McAfee (News - Alert) and NitroSecurity ranked highest in this Pike Pulse, based largely upon recently acquired Nitro's GRC capabilities. McAfee's acquisition of NitroSecurity (News - Alert), which already had positioned itself as a smart grid specialist, plugged a gaping hole in the McAfee product line and gave McAfee instant credibility in control systems markets.
Second-ranked Industrial Defender has a long history of focus on control system security. There is then a drop to RSA — in this case, RSA’s (News - Alert) Overland Park, Kansas-based Archer Technologies — and BWise, with headquarters in New York City; two GRC specialists that score well, based upon the breadth of their offerings and their extensive experience.
Armonk, New York-based IBM is ranked fifth, largely for its sales strengths and a well-articulated smart grid GRC playbook — something not yet common among the sizeable vendors.
A number of large household-name vendors in this Pike Pulse offer their cross-industry GRC suites to utilities. Other vendors, such as Silicon Valley-based Agiliance, Vancouver, Canada-based Wurldtech, and Calgary, Canada-based SUBNET Solutions, are lesser-known innovators that have targeted specific areas of GRC with creative approaches.
Although lower in the rankings, Silicon Valley denizen AlienVault sells a security information and event management (SIEM) tool with predefined templates for smart grid GRC.
The researchers commented that AlertEnterprise, which ranked last, “makes and sells a truly innovative situational awareness offering that sometimes stuns new viewers with its capabilities, but has only a partial overlap with the scope of this Pike Pulse.”
An executive summary of the report is available for free download on the firm's website.
Edited by Rich Steeves