Will the Illinois Utility Hack Impede Smart-Grid Rollout?

Tallahassee, Fla., Mayor John Marks and other smart grid experts discuss the benefits and real-world vulnerabilities of the emerging technology.

by / November 21, 2011

Last month Digital Communities published an article on SCADA hacking — a seemingly arcane but important subject closely related to the reliability of power and other essential utilities. And then, in an eerie coincidence, on Nov. 8, a hacker apparently shut down a pump at an Illinois water supply station. The U.S. Homeland Security Department and the FBI are investigating, according to Monday’s Chicago Tribune.

As the systems that control power, water, sewage, gas and other utilities are updated, most are looking to smarter systems and the so-called “smart grid.” In two examples of many, Tallahassee, Fla., and Austin, Texas are well under way in smart-grid rollout. Larry Karisny, an expert on the smart grid and author of the aforementioned Digital Communities article on smart-grid security, wrote: “Keeping the power grid dumb is really not an option in securing today’s power grid.” So the issue is that the theoretical apparently has become reality. Does on the hack attack on the Illinois water system change the game plan for smart-grid rollout? Do the benefits of smart-grid deployment outweigh any perceived or actual vulnerabilities?

At a recent session at the National League of Cities conference in Phoenix, a number of presenters envisioned the smart grid and its benefits.

Smart Grid Defined

Cadmus Group’s Mark Lesiw said the grid is somewhat misunderstood and does more than just bring electricity to homes and offices. It manages the supply and demand of electricity, ensures power quality and voltage, and maintains power reliability. “You only really notice it when it goes out,” he said. But the existing grid has its limitations, imposed by one-way and top-down communication from big power plants to users. If there are lots of power inputs to the system, said Lesiw, it’s hard to balance the inputs to the system with the outputs of electricity flow. And the bills we get don’t show us how much power we used yesterday, at night, and so forth. And the grid — by necessity — is engineered to meet peak demand, even if that peak demand occurs only two or three days per year.

The smart grid improves communication, Lesiw said, and is really the Internet brought to the electrical system. The smart grid brings that communication network to the existing grid, allowing a multitude of energy-consuming and energy-producing devices to talk to one another. That becomes more important as inputs include solar panels, wind turbines and other distributed generation facilities. In addition, electric vehicles may draw increasing amounts of current, especially at night, and the smart grid allows a varying rate structure — lower at off-peak times, for example — as another lever to encourage better load balancing.

Real-World Benefits

Mayor John Marks of Tallahassee, Fla., a self-described “recovering utility regulator” said his 30 years as an attorney focused on utilities led to his interest in the smart grid. Tallahassee has electricity and gas on a smart-grid system, with water next. If you put a digital meter inside the house, said Marks, people can have more control over their consumption. The city’s smart-grid system has been in place for nearly two years now, said Marks. “It’s a fully integrated smart grid. It not only supports my electric utility, it supports my gas utility and my water utility — all three.” Marks said he believes that Tallahassee has the only such system in the world with a smart grid system that supports electric, gas and water. “The electric system is fully deployed,” said Marks, “the gas system is lagging behind a little bit, and our water system has not been deployed at this point in time.”

The smart grid system is the future, said Marks, and the city is in a good position to see if utilities can get people to make better use of water, electricity and gas. “The whole purpose of the smart grid, in relation to customers,” said Marks, “is to provide customers with choices.”

Marks said that if Alexander Graham Bell and Thomas Edison were to appear in today’s society, Edison would recognize electric lighting as quite similar to his invention. Bell, however, would not recognize a mobile phone as anything resembling early telephone systems. A cellular customer can add apps based on his or her lifestyle. With the smart grid, those kinds of choices can be applied to the electrical system.  Tallahassee has night and weekend rates for utilities, he said. Why not give college students a prepaid option, Marks said, or “install a device so somebody can swipe a credit card, punch in how much electricity they want, and the meter counts down. I give it to them at a discounted rate, and if they go over, it costs them a little more.”

Marks said that the city runs all three of the utilities, which is probably the only way to get them all networked.  It won’t happen, he said, in a city with independent utilities. But doing so can help to shave peak demand, which should help avoid building new plants to keep up with growth.

Real-World Vulnerabilities

Smart-grid advocates have pointed out that “dumb” systems are hackable, and that regardless of the system's IQ, security measures are necessary. Karisny said in an email that the costs of intrusion prevention systems "Isn't that much of an issue."

Cadmus Group's Mark Lesiw and Charles Bicknell — who last month presented smart-grid cyber-security issues to the Department of Energy in conjunction with the Public Technology Institute — discussed smart-grid security with Digital Communities in light of the Illinois hack.

This isn't the first hack of a utility, said Bicknell. Such attacks have been going on for some time. "Is the Illinois water pump going to change anything?" he asked. "And the answer is: not really. The smart grid has been designed from the start with these types of concerns. The designers and engineers realize that as you pull these systems together, you really have to be careful as to what kind of control you have and what kind of access to the control of those systems is available." Connected to the Internet, he said, a system will obviously be more vulnerable to attack than a separate system.

Lesiw said a good parallel is online banking. There is a great deal of concern about the bad things that can happen (e.g., hacking of financial records), but online banking has evolved into a fairly safe way to conduct monetary transactions.

So do smart-grid rollouts have sufficient security? Bicknell said that recent events should be used to check for vulnerabilities. “Whenever there's an attack,” he said, “everyone ought to do a quick assessment to see if they are vulnerable for the same." It doesn't necessarily mean major shifts in development. Lesiw said it means that utilities and IT teams should compare notes to look for vulnerabilities to fix.

"Austin and Tallahassee and Boulder, (Colo.,)" said Lesiw, "are all doing things differently in terms of functionality and connectivity. There is no one smart grid."

Question: Does the hack of the Illinois water supply plant change your views about smart-grid rollout? If so, how? Send your comments to

Wayne Hanson

Wayne E. Hanson served as a writer and editor with e.Republic from 1989 to 2013, having worked for several business units including Government Technology magazine, the Center for Digital Government, Governing, and Digital Communities. Hanson was a juror from 1999 to 2004 with the Stockholm Challenge and Global Junior Challenge competitions in information technology and education.