The old saying "one step forward, two steps back" seems to fit the state of smart grid security to a tee, at least according to a study released by MIT.
The study, according to the Christian Science Monitor, reports that the security features being added to the traditional power infrastructure are being overmatched by the vulnerabilities being introduced. The findings are aptly summed up in the story:
Top 10 Cyber Security Threats of 2011 and Beyond
The next decade portends new threats that surpass those of years past in both intensity and impact.
Every new "smart meter," as well as new sensors and major equipment at generating plants, will soon be connected to communications modules - resulting in millions of components from hundreds of manufacturers and software from many developers. The presence of "so many interfaced components increases system complexity as well as the number of potential cyber vulnerabilities," the study found.
The grid has long been a worry for cyber security experts. The MIT study reinforces those concerns and takes them a step further by indicating that ground is being lost despite the general acknowledgement of the problems and efforts by several federal departments to address the issues.
TechWeek, reporting on the same study, noted that more energy generation - such as solar and wind power - is occurring in sparsely populated areas that are far from where it will be used. Such a scenario could introduce significant security challenges, which, according to the story, has led the MIT researchers to recommend that the Federal Regulatory Commission be given more authority over that end of the power generation infrastructure.
MIT is not the organization paying attention. A particular area of concern is the supervisory control and data acquisition systems (SCADA), which were attacked by the infamous Stuxnet worm. ZDNet reports on a study that :
Now Pike Research isspecifically focused on industrial control systems. Between 2011 and 2018, more than $4.1 billion will be spent on related security projects, according to Pike Research's report, "Industrial Control Systems Security."
Security is deeply linked to privacy. Adam James, a special assistant for energy policy at the Center for American Progress, writes at Think Progress about how the two can conflict with each other. He offers a potential compromise:
Data could belong to the consumer, but be viewed by the utility "blind" and in aggregate. This would make the specific energy usage of each home (the inferences you can make from the energy signature') the property of the homeowner, but the data over the scope of a utilities territory readable. This way, third parties could work with utilities for access to aggregate data to improve their top-level technologies, and with individuals to craft the specific functions of their technologies.
Smart grid security is a huge issue, and one that won't go away soon. The most important realizations are that the infrastructure essentially is old and initially wasn't intended for the kind of communications networking that it increasingly relies upon today. The second part of that equation is that new things are being added every day. New often is good - but in this case might not be. An important goal is to simplify the current labyrinth of governmental agencies to consolidate and better organize efforts to keep the grid safe.