Security Remains a Big Issue for the Smart Grid

Carl Weinschenk
Slide Show

The Most Famous Advanced Persistent Threats in History

The Internet is increasingly involved in maintenance of power grids in general and smart grids in particular. This, of course, leads to great advances, and equally great security concerns.

Making energy management smarter is a work in progress. The good news is that great progress is being made. At GreenTech Media, James Newcomb and Bentham Paulos wrote about Distributed Energy Resources (DER), which appears to be an evolutionary step of smart grid. DER, the authors suggest, can be thought of as the Internet of electricity, and focuses on providing end users with a tremendous amount of control over their energy consumption:

DER is a package of customer-side technologies including energy efficiency, demand response, distributed generation and storage (both thermal and electric), and smart electric vehicle charging. These technologies can play a critical role in increasing the efficiency and reliability of the power system, reducing costs, and integrating increasing levels of variable renewables, like wind and solar. They can benefit both consumers and grid managers.

DER is a complete reversal of the standard model in which the decisions are made by the utility on behalf of all subscribers. Now, the power is in the customers’ hands. The story says that a DER ecosystem has emerged. The bottom line: This new model is transformative.

Advanced systems share a big challenge, according to a commentary at InformationWeek by Robert Hinden. He writes that smart grids are not well defended and that the consequences of not quickly rectifying the situation will be dire. The idea of protecting the smart grid via firewalls and virtual private networks (VPNs) is inadequate. Thumb drives, sloppy handling of passwords and other issues make this a half-solution. It simply is impossible to keep the bad guys completely out.

At the end, Hinden – who doesn’t tackle DERs, which clearly raise additional questions -- cites standards aimed at confronting the problems. Just before that, however, he writes something that is pretty frightening: 

Most enterprises standardize across a handful of operating systems. In the energy industry, it's not unheard of for Windows 95 machines to run critical systems.

More scariness is available in a post at SmartGridNews from Kristopher Ardis, the executive director of Energy Solutions for Maxim Integrated. In the third installment of a series, Ardis explores the link between the Internet of Things and the smart grid. He writes that the new world presents “an incredibly lucrative target for attack.” He points out that a good first step is the used of Advanced Encryption Standard 128 (AES-128). It is, however, not enough.

In response to emailed questions, Ardis lauded the Internet of Things – and sounded a warning:

The idea of connecting lots of remote endpoints to a larger network is powerful—if we get better data about the world around we can make better and faster decisions, and in many cases automate those decisions.  The danger lies directly in the middle of that benefit—a powerful and autonomous sensor network can be a huge target for attackers as well. If an attacker can influence the data or even take control of the network it could cripple access to whatever resource the network is intended to manage.  In the case of the smart grid the threat is more acute because we are talking about our access to and management of energy!

Ardis suggests that the first step is to abandon a business-as-usual approach to the creation of products and systems. The stakes simply are too high to bolt security on later:

Design in security from the beginning—too many times we see devices first built for functionality and security designed in as an afterthought.  Engineers and product definers should think about the security threats to the system (including the entire life cycle of a device) before architecting a solution.

Security issues notwithstanding, many smart people think that smart grid is pretty smart. For instance, GigaOm reports that Gridco, a startup, has closed a $10 million round of funding featuring VCs General Catalyst, North Bridge venture partners, Lux Capital and RockPort Capital.

The company is four years old and was founded by Sycamore Networks’ founder Naimish Patel. The goal is to use Internet principles on the grid to make networks self-healing and smarter, the story says.

Add Comment      Leave a comment on this blog post
Jan 31, 2014 12:59 AM bogdant bogdant  says:
Very interesting indeed. What about a Pareto based approach?... like in this paper: Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.