Smart Grid Blog

As cyber security becomes increasingly important in the fabric of American culture and government, more money and research is being put towards securing the smart grid. This so-called smart grid refers to the system that delivers electricity from suppliers to consumers using two-way digital technology. This is modernized electrical system being used to address problems of energy independence, global warming, and emergency resilience issues. Cyber attacks on such a system could cause massive damage and could possibly bring an entire community or nation to its knees. Pike Research recently stated that annual spending on smart grid cybersecurity will more than triple from $1.2 billion to $3.7 billion in 2015.

via Possible Hack Leads to Increased Spending on Smart Grid Power Protection | BrickHouse Security Blog.

The report Smart Grid Cyber Security analyses smart grid cyber security market trends in terms of business drivers, technologies, standards, objectives, and business requirements. The report segments the cyber security market by five major smart grid application areas: transmission upgrades, substation automation, distribution automation, electric vehicle management systems, and advanced metering infrastructure (AMI).

via Security News – Smart Grid Cyber Security Market to Reach $3.7 billion by 2015 Says New Report.

Utility companies around the world will invest $21 billion in smart grid security efforts between 2010 and 2015, according to estimates released in a new report.

They’re being spurred on by the U.S. Department of Energy’s smart grid stimulus programs, and the need to secure smart grid deployments that are becoming more and more technology-reliant and vulnerable to infiltration and compromise.

via Feds Will Spur Smart Grid Cyber-Security Investment Growth to $21 Billion by 2015, Report Claims.

Utility companies will invest more than $21 billion on cybersecurity over the next five years to protect the world's electrical grids, according to a new report.

With cybersecurity a top priority for the United States and other governments, more money is going into protecting the so-called smart grid, according to Pike Research. The firm forecasts that annual spending on smart grid cybersecurity will more than triple from $1.2 billion last year to $3.7 billion in 2015.

via Utilities To Bolster Smart Grid Cybersecurity — Cybersecurity — InformationWeek.

The second draft of the Smart Grid Cyber Security Strategy and Requirements released last week provides more detail about the Herculean task of securing the nation’s modernized electrical infrastructure.

The draft looks at anything that could threaten the Smart Grid from terrorists to simple but potentially disastrous errors.

via Smart Grid cybersecurity vulnerabilities identified – SmartPlanet.

The Commerce Department’s National Institute of Standards and Technology (NIST) issued today the second draft of its Smart Grid Cyber Security Strategy and Requirements, which now identifies more than 120 interfaces that will link diverse devices, systems and organizations engaged in two-way flows of electricity and information and classifies these connections according to the level of damage that could result from a security breach.

Prepared by the NIST-led Cyber Security Working Group, which has more than 350 members, the new draft report expands upon an earlier preliminary version, which was released by Commerce Secretary Gary Locke last September and underwent 60 days of public review. It incorporates responses to the more than 350 individual comments received.

via NIST Issues Expanded Draft of Smart Grid Cyber Security Strategy For Public Review and Comment.

Security experts have raised an alarm that the two-way communication made possible by smart meters could make smart grids vulnerable to hackers or cyber terrorists. Communities could be at risk to power outages and individuals could have their personal information stolen.

via Security Concerns Still an Issue.

You know a topic has suddenly gone mainstream when 60 Minutes directs its in-depth lens on it. Last night the CBS News show aired a piece called Sabotaging the System, which takes a look at the very real threat that cyber hackers pose on the power grid. What struck me most from the show was that there are actually already quite a few documented cases of damage done to the power grid using IT networks.

One of the most famous, points out 60 Minutes, happened at the Department of Energy’s Idaho lab back in 2007. Dubbed the “Aurora” project, CNN released this video (shown above) that year and now thanks to YouTube we can watch it over and over again on the Internets.

via Smart Grid Security: Remembering Aurora.

In July, Joseph McClelland, director of the Office of Electric Reliability Federal Energy Regulatory Commission, testified on cybersecurity and the U.S. power gird before the U.S. House of Representatives’ Committee on Homeland Security.

His comments, which follow in italics, cut against the grain of common thinking about the so-called ’smart grid.’

“The need for vigilance may increase as new technologies are added to the bulk power system. For example, smart grid technology promises significant benefits in the use of electricity…”

via How ‘Smart’ Is the Smart Grid? | Solar Feeds News And Commentary Network.

Never will one mistake the complexities of the Smart Grid, and of undertaking the improvement of its protections, for a straightforward task in security and engineering. It presents an Augean stable of issues, and NIST has waded in with a legion of contributors, first to make sense of it all and then to start handing out shovels.

In the first draft of their analysis, announced during the recent GridWeek conference, Annabelle Lee and team have created a dense, but readable tome, numbering some 236 pages at present, entitled Smart Grid Cyber Security Strategy and Requirements. It serves as an adjunct to the more general draft of NIST’s Smart Grid guidance on interoperability (links below). For those interested in the higher level issues of focus and risk, I did a bit of data reduction and reached some pretty interesting, if unintended (and definitely scientifically questionable) conclusions.

via Smart Grid: What’s on First? New Insights in NIST’s First Draft.

A preliminary report by a task group led by NIST, the National Institute of Standards and Technology, makes recommendations for the security of the nation’s power grid, as the devices that control it become “smarter” and more networked.

A story in Dark Reading describes the Cyber Security Coordination Task Group as being “…made up of members of the government, industry, academia, and regulatory bodies.” This seems like a good combination, and the recommendations they seem to be focused on are relevant ones.

The idea of the smart grid is to place two-way data flow on the grid in order to facilitate monitoring of the network to optimize power usage. “Smart” meters are already in use, but early reports show them to be full of security problems that could lead to privacy violations and worse, including denial of service attacks on the grid.

via Plan For Smart Grid Attempts to Secure it – Security Watch.

The 90-page draft lays out 77 proposed standards for smart grid, and 14 “priority” areas where it will rush standards development.

The federal government released its anxiously awaited draft of smart grid standards on Thursday, laying out a host of specific standards utilities and vendors will be expected to meet in smart grid deployments, as well as 14 “priority” areas and an ongoing cybersecurity standards-setting process it hopes to complete by 2010.

It’s the next stage in a process begun this spring to rush a standards development process that might otherwise take several years into a months-long timeframe.

“At stake is America’s energy future and the economic competitiveness of our nation,” Commerce Secretary Gary Locke said in introducing the report at the GridWeek conference in Washington, D.C.

via Greentech Media: Smart Grid Standards Roadmap Unveiled.

A 90-page document released by the National Institute of Standards and Technology (NIST) released on September 24 proposes 77 standards for smart grid development. The report also detailed 14 areas that the government agency will prioritize in order to facilitate development.

Utilities, regulators, and vendors have been waiting for this release from the NIST. The report details specific standards that utilities and developers will be expected to meet in their smart grid deployment. The institute will continue working on cybersecurity standards which should be released by the end of the year.

The NIST began working on a set of standards earlier this year in order to encourage cohesive smart grid development in the United States. A process that normally could take several years has been compressed into a few months.

“At stake is America’s energy future and the economic competitiveness of our nation,” said Commerce Secretary Gary Locke as he unveiled the NIST report at this week’s GridWeek conference in Washington D.C.

via US government releases smart grid framework.

The Smart Grid allows two-way communication between you and the power grid.

You can feed power back to the Grid, the Grid can tell you how much power you’re using throughout the day, and — if you want — it can control your appliances for you.

And that’s just way too tempting for hackers, thieves and other criminals.

Annabelle Lee doesn’t sleep much.

Lee is the Senior Cybersecurity Strategist in the Computer Security Division Information Technology Laboratory at NIST.

It is her mission to make sure the Smart Grid is secure.

She runs a task group of upwards of 200 people — all volunteers — from the public sector, academia, and private industry. She says there’s a lot to do, but they’re more ahead of the curve than you might think.

via Federal News Radio 1500 AM: Scientists Take an All-Hazards Approach to Smart Grid Security.

Despite reports earlier this year about spies penetrating the computers that help control America’s electrical grid, utility companies appear to be slow in clamping down on security, and that perception has led to a tongue-lashing from a House of Representatives committee.

U.S. Rep. Yvette Clarke (D, N.Y.) as accused the utilities of exploiting a loophole that allows them to avoid complying with Federal cybersecurity requirements.

Also, a security researcher’s revelations of flaws in the smart meters utilities are installing throughout the country added fuel to the fire.

Is the grid really as insecure as it seems?

The Security Issue

In April and June, news stories surfaced about foreign spies apparently hacking into the U.S. electrical grid. Reports that the North American Electric Reliability Corp. (NERC), an industry regulatory group, was negotiating with a defense contractor to search for breaches by cyberspies began making the rounds.

However, that may have been the tail end of a problem that is believed to be systemic to the modernization of the nation’s electricity infrastructure.

In March, application and smart grid security services provider IOActive announced it had verified significant security issues within multiple smart grid platforms.

Smart grids use digital technology to both deliver electricity and monitor equipment throughout the grid in order to make power delivery more efficient. They are being deployed by many utilities throughout the U.S.

“Research conducted throughout the industry has independently concluded these technologies are susceptible to common security vulnerabilities such as protocol tampering, buffer overflows, persistent and non-persistent rootkits and code propagation,” IOActive said.

via Technology News: Exploits & Vulnerabilities: Smart Meters and Security: Locking Up the Grid.