Utility security, always a vital topic, has become increasing critical.  The trend toward interoperability required by the smart grid, and desirable for many solid economic and safety reasons, has intensified the spotlight on the need for a comprehensive security policy at every utility.  Such a security policy will require definitive actions from all parties including:

• the utility,
• vendors supplying hardware and software,
• standards groups, particularly those providing security standards and procedures, and 
• data exchange standards such as MultiSpeak.

It is important to emphasize that services implemented to enhance the security of MultiSpeak messages do not constitute a comprehensive approach to cyber-security.  Utility staff members concerned with implementing MultiSpeak data exchanges or the utility’s security policy should carefully consider the potential security risks of MultiSpeak messaging and adopt appropriate countermeasures. 

NERC Critical Infrastructure Protection (CIP) requirements often apply to the utilities that might apply MultiSpeak, but even if this is not the case, data security is becoming a necessary business practice in today’s world.  MultiSpeak makes some provisions for data security using secure sockets layer (SSL) encryption and authentication, but complex application interactions may require more than just SSL for complete security.  An enterprise service bus can consistently provide additional security for all data communications, enterprise-wide.