The topic du jour across government and the electricity industry is the smart grid and the amazing efficiencies it will bring to the nation. There’s also, however, a growing chorus about potential cyber-security dangers as new smart grid infrastructures are designed and installed across North America. Is it real, hype or somewhere in between? Let’s start by defining the smart grid and then some of those security issues.
Depending on who you ask — whether a vendor, utility, consumer or the government — you’ll likely get different answers about what a smart grid is. It’s probably most accurate to describe it as a vision for delivering electricity rather than something wholly tangible. Certainly technology is a big part of it, but the smart grid also includes planning, public policy, regulatory oversight and even consumer participation. Without getting too technical, the smart grid overlays the existing electricity generation, transmission and distribution infrastructure currently serving North America so reliably, with digital technology that provides more efficient delivery and accurate measurement of consumption.
Quite simply, the smart grid vision provides for a decentralized and automated network of delivering electricity by enabling interoperability and two-way flow of energy and information with sensors to monitor key attributes of the grid. When implemented, this vision offers a more granular detail of electricity flowing on the grid, giving both the electric industry and consumers more control. According to the U.S. Department of Energy, “The smart grid brings the philosophies, concepts and technologies that enabled the Internet to the utility and energy grid.”
The smart grid provides an availability of intelligence about the grid that the electricity industry has never had. This intelligence enables vastly improved efficiencies for load planning and real-time information to balance supply and demand, along with opportunities to improve grid reliability. For consumers, this new information offers the ability to control smart appliances and potentially decrease electricity costs by altering use to take advantage of off-peak hours and even curtail usage during times of voluntary incentive-based reduction periods. Recent federal, provincial and state policy initiatives promote the vision of a smart grid that is much more interactive and interoperable, reliable and robust. From a big-picture perspective, the smart grid:
What about those cyber-security concerns? It’s neither hyperbole nor fantasy. Anytime you consolidate a critical infrastructure service like electricity in an environment as notoriously fraught with vulnerabilities as the public Internet, it’s time to pay attention. While a well designed system can increase resilience by providing visibility that enables both prevention of and rapid recovery from system disruptions, a poorly designed system can expose vulnerabilities that threaten the entire structure. The key words are “well designed,” and that worries many people.
The interoperable design of smart grids, unless carefully planned and operated, can provide avenues for intentional cyber-attack or the unintentional introduction of errors that impact bulk power system reliability. Any system designed for control functionality — where errors resulting from misuse, miscommunication or IT system failure can impact the confidentiality, integrity and availability of control system data — requires a robust and deliberate, defense-in-depth approach. Security of control systems that can be defeated or corrupted by either villainous intent or simple ignorance demands a design based on worst-case scenarios.
Forrester Research analyst Unman Sindhu called the smart grid “the cloud computing of the utility industry,” and with the evolving nature of cyber-security in the cloud arena, that alone should give us pause. Because communications between electricity generators, transmission providers and distribution utilities is a key component of reliability, any system that exposes critical communications to the Internet is serious cause for concern. This includes the smart grid. Andy Bochman and Jack Danahy write The Smart Grid Security Blog with the iconic slogan, “We’ve Got to Get it Right This Time.” This is more than just a catchy tagline, it’s a societal, economic and national security imperative.
Mark Weatherford is the former chief information security officer of California. Weatherford now serves as vice president and chief security officer for the North American Electric Reliability Corp., an organization whose mission is to ensure the reliability of the bulk power system of North America.
NEW ON THE PODCAST