One area of technology that most people give little thought to is the smart grid. The Department of Energy classifies a smart grid as:
“… A class of technology people are using to bring utility electricity delivery systems into the 21st Century, using computer-based remote control and automation. These systems are made possible by two-way communication technology and computer processing that has been used for decades in other industries. They are beginning to be used on electricity networks, from the power plants and wind farms all the way to the consumers of electricity in homes and businesses.”
In the digital age, even the electric grid is becoming reliant on interconnected devices and methods to gather information and assess and identify risks. For years, most of this work has been done manually by workers who gathered and compiled data. Now, the U.S. is working to set up automated systems that connect to the Internet and can send and receive data in almost real time.
The Information Technology Laboratory and the National Institute of Standards and Technology (NIST) have collaborated to produce a three-volume report that helps organizations that rely on smart grid technologies to develop and incorporate cybersecurity strategies into their systems.
This guide, “Guidelines for Smart Grid Cybersecurity,” can be downloaded for free from our IT Downloads area, and contains three separate PDF volumes of information.
The volumes cover the following topics:
- Volume 1: Smart Grid Cybersecurity Strategy, Architecture, and High-Level Requirements
- Volume 2: Privacy and the Smart Grid
- Volume 3: Supportive Analyses and References
In the first PDF, you learn that cybersecurity and reliability are the key challenges in setting up the nation’s smart grids. Chapter 1 explains:
Cybersecurity must address not only deliberate attacks launched by disgruntled employees, agents of industrial espionage, and terrorists, but also inadvertent compromises of the information infrastructure due to user errors, equipment failures, and natural disasters. Vulnerabilities might allow an attacker to penetrate a network, gain access to control software, and alter load conditions to destabilize the grid in unpredictable ways.
The volume goes on to describe physical attacks and other outage risks that must be considered and planned for to mitigate damage or loss of power to the grid. It delves into architecture and interfaces of smart grid technology and the high-level security requirements for the technology.
Volume two discusses privacy issues that may arise through communications technologies used within the infrastructure of the smart grid. It explains some of the privacy laws and issues that concern workers and consumers who both are involved in the smart grid.
The third volume explains the importance of training employees about security awareness and developing a security awareness plan. It discusses why it is imperative that smart grid workers receive identity validation and background checks prior to being placed in a position to help prevent espionage or other organizational risks. The PDF also presents information on patch management for systems along with potential issues that could arise from skipping or improperly patching computer systems within the grid.
Overall, the compilation provides a thorough look into smart grid technologies. The three volumes present both risks and security issues that could arise if proper management, training and development are not followed when setting up and using smart grids. IT workers and management involved in smart grid planning and usage would both benefit from reading this document.
For those who are intrigued about smart grid technology and would like to learn more about the basics of its development and standards, another IT Download, “Smart Grid: Beginner’s Guide,” might also be of interest.