Smart Grid Blog

This is an interview with Mike Ahmadi, cyber security consultant and conference chairman of the Cyber Security Conference and Expo that took place last week in San Jose, California.

Issues to be addressed in smart grid security

Q: You opened the conference recognizing that smart grid security is only as strong as the  weakest link, with more endpoints and more interconnected networks, meaning more ways for security problems to arise. With this in mind, what is your objective for the Smart Grid Security Summit?

via Smart Grid Cyber Security: No Hype Allowed | MuniWireless.

While Smart Grid brings electricity distribution and transmission into modern digital age, its security is becoming a big concern. Cyber security experts have warned that hackers can break into the system and create a massive blackout across the country.

via Securing Smart Grid from Cyber Attacks.

IEEE, the world's largest professional association for the advancement of technology, today announced that John McDonald, IEEE Fellow and Director of Technical Strategy and Policy Development for GE’s Digital Energy business; gave testimony on the progress of standards for Smart Grid interoperability and cyber security before the U.S. House of Representatives’ Subcommittee on Technology and Innovation, House Committee on Science and Technology. Held July 01, 2010, the hearing was entitled Smart Grid Architecture and Standards: Assessing Coordination and Progress.

via Your Industry News – IEEE Fellow John McDonald Gives Testimony on Progress of Standards Development and Cyber Security for Smart Grid.

Cyber security spending will represent approximately 15% of total smart grid capital investment between now and 2015, according to a recent report from Pike Research.

As governments and utilities invest in smart grid deployments, the need for robust security measures has become increasingly apparent.

via 15% of Smart Grid Spending Will Be On Cyber Security.

Is the power grid safe? And even more challenging, if the Smart Grid rolls out as everybody expects, will it continue to be safe?

On Capitol Hill, the House has approved (and sent to the Senate) HR-5026.

The measure would beef up federal efforts to protect the nation’s electrical grid from possible cyber attacks.

via Federal News Radio 1500 AM: U.S. electrical grid faces cybersecurity challenges.

Vulnerable passwords, financial records or personal data are likely what first comes to mind when thinking of cyber-privacy and cyber-security. But if recent reports are to be believed, the newest and most pervasive threat to personal privacy could be the smart meter that public utilities departments are increasingly using to measure electricity consumption.

The U.S. Energy Independence and Security Act of 2007 supercharged a movement that’s developing a power grid that gives power to users via digital technology. But some say this smart grid might be too smart for everyone's own good.

via States Ponder Privacy Concerns as Smart Grid Deployment Takes Shape.

Leading Asia Pacific-based provider of network equipment and Smart Grid solutions, Billion Electric Co., Ltd. (Taiex: 3027, trading as Billion), will unveil a full range of Smart Grid solutions, including BPL AMI modules, MV/LV concentrators, energy management solutions like PLC adapter and ZigBee gateway, Cyber Security solutions and industrial smart metering solutions at COMPUTEX TAIPEI 2010 to be held June 1-5 in Taipei, Taiwan.

via Billion Unveils Smart Grid, Energy Management, and Cyber Security Solutions for a Green Planet.

What is a Smart Grid?

The electric grid is almost like a living organism. Electricity flows through the grid as controllers work to keep things working properly — bringing power plants online, estimating load, balancing the peaks and valleys of demand, and so on.

You can think of today’s existing grid as a “broadcast” system intended to get electricity from central power plants to the houses and businesses where it is needed. The idea behind smart grid is to do a much better job routing power so that it is available where it is needed when it is needed with much more efficient transmission (think superconducting wires, better substation routing, better load estimation, and so on).

via InformIT: Software [In]security: The Smart (Electric) Grid and Dumb Cybersecurity > Why the Rush to Embrace Technology Always Makes Security Harder.

As utilities around the world have initiated major smart grid infrastructure upgrades over the past several years, cyber security has become a critical priority. Security measures are designed to protect the electrical grid from attacks by terrorists and hackers, as well as strengthening its resilience against natural disasters and inadvertent threats such as equipment failures and user errors. The focus on cyber security has increased in recent months, spurred in large part by the U.S. Department of Energy’s smart grid stimulus programs, the standards initiatives of the National Institute of Standards and Technology (NIST), and key priorities promoted by the Federal Energy Regulatory Commission (FERC).

via Smart Grid Cyber Security Applications | My Efficient Planet.

As cyber security becomes increasingly important in the fabric of American culture and government, more money and research is being put towards securing the smart grid. This so-called smart grid refers to the system that delivers electricity from suppliers to consumers using two-way digital technology. This is modernized electrical system being used to address problems of energy independence, global warming, and emergency resilience issues. Cyber attacks on such a system could cause massive damage and could possibly bring an entire community or nation to its knees. Pike Research recently stated that annual spending on smart grid cybersecurity will more than triple from $1.2 billion to $3.7 billion in 2015.

via Possible Hack Leads to Increased Spending on Smart Grid Power Protection | BrickHouse Security Blog.

The report Smart Grid Cyber Security analyses smart grid cyber security market trends in terms of business drivers, technologies, standards, objectives, and business requirements. The report segments the cyber security market by five major smart grid application areas: transmission upgrades, substation automation, distribution automation, electric vehicle management systems, and advanced metering infrastructure (AMI).

via Security News – Smart Grid Cyber Security Market to Reach $3.7 billion by 2015 Says New Report.

Utility companies around the world will invest $21 billion in smart grid security efforts between 2010 and 2015, according to estimates released in a new report.

They’re being spurred on by the U.S. Department of Energy’s smart grid stimulus programs, and the need to secure smart grid deployments that are becoming more and more technology-reliant and vulnerable to infiltration and compromise.

via Feds Will Spur Smart Grid Cyber-Security Investment Growth to $21 Billion by 2015, Report Claims.

Utility companies will invest more than $21 billion on cybersecurity over the next five years to protect the world's electrical grids, according to a new report.

With cybersecurity a top priority for the United States and other governments, more money is going into protecting the so-called smart grid, according to Pike Research. The firm forecasts that annual spending on smart grid cybersecurity will more than triple from $1.2 billion last year to $3.7 billion in 2015.

via Utilities To Bolster Smart Grid Cybersecurity — Cybersecurity — InformationWeek.

The second draft of the Smart Grid Cyber Security Strategy and Requirements released last week provides more detail about the Herculean task of securing the nation’s modernized electrical infrastructure.

The draft looks at anything that could threaten the Smart Grid from terrorists to simple but potentially disastrous errors.

via Smart Grid cybersecurity vulnerabilities identified – SmartPlanet.

The Commerce Department’s National Institute of Standards and Technology (NIST) issued today the second draft of its Smart Grid Cyber Security Strategy and Requirements, which now identifies more than 120 interfaces that will link diverse devices, systems and organizations engaged in two-way flows of electricity and information and classifies these connections according to the level of damage that could result from a security breach.

Prepared by the NIST-led Cyber Security Working Group, which has more than 350 members, the new draft report expands upon an earlier preliminary version, which was released by Commerce Secretary Gary Locke last September and underwent 60 days of public review. It incorporates responses to the more than 350 individual comments received.

via NIST Issues Expanded Draft of Smart Grid Cyber Security Strategy For Public Review and Comment.

Security experts have raised an alarm that the two-way communication made possible by smart meters could make smart grids vulnerable to hackers or cyber terrorists. Communities could be at risk to power outages and individuals could have their personal information stolen.

via Security Concerns Still an Issue.

You know a topic has suddenly gone mainstream when 60 Minutes directs its in-depth lens on it. Last night the CBS News show aired a piece called Sabotaging the System, which takes a look at the very real threat that cyber hackers pose on the power grid. What struck me most from the show was that there are actually already quite a few documented cases of damage done to the power grid using IT networks.

One of the most famous, points out 60 Minutes, happened at the Department of Energy’s Idaho lab back in 2007. Dubbed the “Aurora” project, CNN released this video (shown above) that year and now thanks to YouTube we can watch it over and over again on the Internets.

via Smart Grid Security: Remembering Aurora.

In July, Joseph McClelland, director of the Office of Electric Reliability Federal Energy Regulatory Commission, testified on cybersecurity and the U.S. power gird before the U.S. House of Representatives’ Committee on Homeland Security.

His comments, which follow in italics, cut against the grain of common thinking about the so-called ’smart grid.’

“The need for vigilance may increase as new technologies are added to the bulk power system. For example, smart grid technology promises significant benefits in the use of electricity…”

via How ‘Smart’ Is the Smart Grid? | Solar Feeds News And Commentary Network.

Never will one mistake the complexities of the Smart Grid, and of undertaking the improvement of its protections, for a straightforward task in security and engineering. It presents an Augean stable of issues, and NIST has waded in with a legion of contributors, first to make sense of it all and then to start handing out shovels.

In the first draft of their analysis, announced during the recent GridWeek conference, Annabelle Lee and team have created a dense, but readable tome, numbering some 236 pages at present, entitled Smart Grid Cyber Security Strategy and Requirements. It serves as an adjunct to the more general draft of NIST’s Smart Grid guidance on interoperability (links below). For those interested in the higher level issues of focus and risk, I did a bit of data reduction and reached some pretty interesting, if unintended (and definitely scientifically questionable) conclusions.

via Smart Grid: What’s on First? New Insights in NIST’s First Draft.

A preliminary report by a task group led by NIST, the National Institute of Standards and Technology, makes recommendations for the security of the nation’s power grid, as the devices that control it become “smarter” and more networked.

A story in Dark Reading describes the Cyber Security Coordination Task Group as being “…made up of members of the government, industry, academia, and regulatory bodies.” This seems like a good combination, and the recommendations they seem to be focused on are relevant ones.

The idea of the smart grid is to place two-way data flow on the grid in order to facilitate monitoring of the network to optimize power usage. “Smart” meters are already in use, but early reports show them to be full of security problems that could lead to privacy violations and worse, including denial of service attacks on the grid.

via Plan For Smart Grid Attempts to Secure it – Security Watch.