Patrick C. Miller is president and CEO of EnergySec, a 501(c)(3) nonprofit organization formed to support organizations within the energy sector in securing their critical technology infrastructures. A March survey by EnergySec of 100 energy security professionals revealed that two-thirds think smart-grid projects do not adequately deal with security threats. Larry Karisny, director of Project Safety.org, interviewed Miller about the survey and the subject of smart-grid security.
Karisny: Your survey results from top industry professionals seemed to clearly demonstrate a real concern with the lack of security in today’s power grid. Is this what you expected?
Miller: Yes, it isn’t far from what I’ve heard from them over the past few years as we’ve ramped up the grid modernization efforts. Overall, the grid itself is highly resilient, but we are implementing new technologies and new connections without fully understanding the emergent issues that arise with this degree of innovation and complexity.
You stated that we are moving so fast with smart-grid innovation that rather than baking in security we are bolting it on. Does this mean that we will be adding modules or maybe recall retrofits to insure security to some even recently deployed power-grid equipment and devices?
Yes, I speculate there will need to be some unexpected retrofits or replacements for early technology or components. Without question, more security modules, shims or wrappers will need to be employed. Utilities have an expectation that these digital devices will have a life-span somewhat similar to the older analog elements they replaced. For discussion’s sake, let’s say they think the new digital meter will last 15-20 years. How much will the digital technology surrounding the meter change in that same span? How will the attacker landscape change during this timeframe? To give a general comparison, how many new smartphones will you own between now and when this meter is replaced with the “next generation?”
Are personal security concerns legitimate and are you seeing safeguards to protect personal privacy in the smart grid?
This isn’t a hard problem to solve. For example, opt-in/out programs for any data beyond what is necessary for operations could be one solution. Such an approach would provide those who are sensitive to the matter an option that doesn’t immediately involve going backward and ripping out the smart meters. There are some cryptographic protections for the data, depending on the implementation, but the areas of concern often seem to reside in the ownership of the data and how the data may be used beyond the operational needs of the utility (either by the utility or any third party).
One of the positive responses to the survey was a user acceptance of security for online utility payments. Is this a false sense of security or could the power companies maybe learn something form banks when it comes to cybersecurity?
Many of the utilities use already existing financial clearinghouses to process payments. I think those that are familiar enough with securing an electric utility know that payment, or lack thereof, doesn’t directly [immediately] affect the flow of power. Power can still be delivered, even if the payment, billing or end-point metering system isn’t perfect.
Standards are necessary in developing industrywide technologies but they also delay solutions from being deployed. How can we expedite security standards while keeping pace with smart-grid technology deployments?
Take a page from Nike and “Just Do It.” We can move as quickly as we want. Moving too fast isn’t the best approach, but neither is moving too slow. My personal belief is that we’re past due for standardization. I think some of the churn has been around governance of the standards and not the standards themselves. Maybe some flexibility in this area might let everyone feel more comfortable, resulting in more substantial movement.
Can you give examples of some of the security innovations that you are currently reviewing and testing?
Our organization does not do this research directly, but we are involved in many security-related conversations on the subject of grid modernization software and hardware. I know many vendors are at least thinking about the problem and how to solve it. A much smaller number of vendors have solid traction and are implementing security at a pace that equals innovation of new features. Even fewer are at the tip of the sword with a holistic model that balances cutting-edge innovation with proven security development approaches such as thorough code review and rigorous supply-chain management.
How can we “architect” a sustainable power grid without having as you said a “spare power grid” to test and deploy fixes?
Infrastructure isn’t inexpensive. Building a full-replica spare is as costly (or more) as building the original. The most cost-effective approach is to use representative platforms, virtualization, simulators, emulators, etc. I think everyone understands that “testing in production” is at the edge of the risk spectrum. It may or may not go wrong for any one specific test, but if it does, the consequences may be severe. For any new system deployed, a portion of the project budget should be allocated to include a satsifactory test (or quality assurance) environment. This is an unpopular position to take in such a tight economic landscape because it can add significant cost to any endeavor.
We talk about security in the power grid because that is our focus. Isn’t there a lot more “smart” that needs to be secured in other industries and the smart grid may be just the start?
This is an area of interest for me. I think we are ultimately seeking a modernized power system that is somewhat self-aware, self-healing and self-managed. This implies an emergent intelligence much like a flock of birds or school of fish. They are all unique individual organisms (devices), but they can operate with a collective, emergent intelligence as a single unit when dealing with threats, obstacles, food (fuel) sources. Securing the entire environment in a utility will be profoundly different when we achieve this state.
It is far too expensive to entirely replace the legacy grid components with the newer “smarter” elements, so there will still be a fairly substantial base of analog, electromechanical and “old” or “dumb” devices in the grid. This aging equipment will be working alongside tomorrow’s amazing new intelligent gadgetry, maybe even in the same rack. Securing this breadth of historic and future technology will be our greatest challenge for the security profession in the electric sector.
Larry Karisny is the director of http://www.projectsafety.org/home.html Project Safety.org, a smart-grid security consultant, writer and industry speaker focusing on security solutions for the smart grid and critical infrastructure.