What is the Deal with Security in Smart Grid?

The panel "Cyber Security: Dealing with Your Smart Grid Insecurities” was very interesting because several people discussed security for smart grid from different perspectives.

The panel consisted of:

Moderator:

  • Jeffrey Katz, chief technology officer, Electric and Utility Industry, IBM

Panelists:


From left: Jeffrey Katz, Tim Roxey, Erfan Ibrahim, and Joe Weiss

Katz opened the discussion by presenting his view on security. The point that sticks in my mind is that security in the IT industry is not the same as security in smart grid. One of his slides showed the consequences of breach. Other speakers also mentioned that the big difference between the IT industry and the power industry is that malfunctions of the power system can cause the loss of human lives. Two other points that caught my attention:

  • There is no federal or state agency to certify security of the power system.
  • Source-code-level security is important, and code should be designed and implemented as such.

Although smart grid security is in its infancy, there should be some organization to certify security for smart grid components and systems. In my previous life, I dealt with source-code-level security and can relate to Katz’s statement.

Roxey discussed security from NERC’s perspective. NERC is an organization that stands between the government and utilities and ensures the reliability of the bulk power system in North America. Actually, his perspective is quite interesting because NERC deals with the huge transmission area as a grid operator. The statistics he presented were one or two orders of magnitude larger than I can comprehend. He pointed out a large number of complexly interconnected (via legacy and new interfaces) components that are controlled and defined by many organizations and security for those components. Also, for many components, security is an afterthought and is not easy to incorporate.

I had heard Ibrahim talk before and found him quite entertaining as well as informative. He did not betray my expectations. His point was that security for smart grid should support legacy systems as well as newly created systems because we cannot replace all the systems overnight. Security for smart grid is not security for each component but should be applied across the board. Yet the current security problem of smart grid lies in the silo of security management. He presented a wealth of information and pointed out lots of resources for security in smart grid. One of them is NIST’s effort on cybersecurity.

Ibrahim also mentioned EPRI’s site for further information, including use cases at here.

Weiss said that until 2000 or so, security was not the issue for the power grid. These days, technology advances (like wireless devices) increase cyber-vulnerabilities. Weiss is an expert in ICS (industrial control system). ICS operates the infrastructure of such things as power, water, chemical, and pipelines. ICS touches important components of smart grid, such as SCADA (supervisory control and data acquisition) and AMI (advanced metering infrastructure). Currently, ICSs are not designed or implemented with security in mind. Another problem is that a large system like a power grid is a set of functional silos without an overall view of security.

  - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -
Energy Impact of Increased Server Inlet Temperature
- – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - – - -

Moreover, as many people indicated, smart grid is an application of ICT (information and communication technology) to power grids. But this does not mean we can apply ICT blindly to a power grid without paying attention to domain-specific knowledge. What Weiss said towards the end of this session was very interesting. In the following rather obscure picture, the intersection (in red) between IT security (a subset of IT knowledge) and the ICS space is ICS security expertise. There are few experts in this intersection, which makes smart grid security even more difficult to implement.

Zen Kishimoto

About Zen Kishimoto

Seasoned research and technology executive with various functional expertise, including roles in analyst, writer, CTO, VP Engineering, general management, sales, and marketing in diverse high-tech and cleantech industry segments, including software, mobile embedded systems, Web technologies, and networking. Current focus and expertise are in the area of the IT application to energy, such as smart grid, green IT, building/data center energy efficiency, and cloud computing.

2 Responses to What is the Deal with Security in Smart Grid?

  1. David Allen Ellis February 12, 2010 at 6:07 pm #

    Mr. Kishimoto,

    Clear, concise and on mark. Great analysis and commentary.

  2. Zen Kishimoto
    Zen Kishimoto February 13, 2010 at 5:27 pm #

    Thanks for the kind words. Smart Grid is a great area for ICT to apply. But we need domain knowledge in doing so.

Leave a Reply


*