Safeguarding the Smart Grid: Cyber-terrorism Implications

Posted on July 23, 2009
Posted By: Garry Brown
 
Cyber security of the transmission and distribution grid has been top-of-mind across the board as utilities move to embrace smart grid upgrades to their systems. This article, from the NYSPSC's and NARUC's Garry Brown, addresses the concerns and questions arising from automating the grid, from generation to end user.

In the not too distant future, state and regional electric transmission and distribution grids will be integrated with two-way communications systems and sensors. This technology will enable utilities to optimize grid performance in real time and provide incentives to consumers to reduce energy consumption through demand response. This is the smart grid.

The federal government is playing a key role in stimulating development of the smart grid; and states, including New York, are turning the concept into a reality. However, with the development of the smart grid comes the possibility that international or domestic terrorists, or perhaps unfriendly foreign governments, could maliciously seize control of the electric utility grid, create economic havoc, and threaten life and property.

Although this is arguably a remote risk, state and federal regulators are keen to ensure that the anticipated investments in the smart grid over the next decade -- estimated in billions of dollars -- will not lead to a decrease in transmission and distribution system safety and reliability, and in turn make it easier for hackers, and even terrorists, to do harm.

Potential scenarios detailing such risks have been played out in fantasy, and in real life.

The 2007 movie Live Free or Die Hard had actor Bruce Willis' character John McClain again facing terrorists bent on destruction. In this case, they were domestic terrorists who were able to shut down power on the East Coast and seize control of natural gas pipelines by hacking into a computer. While thrilling, it was only a fictional story.

More terrifying than the movie, however, was a demonstration conducted by the U.S. Department of Homeland Security that same year whereby a 20,000-pound industrial turbine was made to self-destruct as a result of a simulated computer hack -- made more frightening than Willis' epic because it was real.

The Homeland Security test highlighted reasons to be concerned with security for the electric grid. What are we going to do as we move toward a smart grid environment? For example, how can we prevent unauthorized people from buying or otherwise having access to smart grid data? Marketing firms or competitors may wish to know how much energy a consumer is using, or what a customer's pattern of energy use is, or other energy-related information.

Can we be sure that smart grid communications networks won't allow unauthorized access to information between customers on the same network? Customer interfaces, such as through a customer's computer, must also be protected against undetected changes because they are conduits to critical customer equipment and systems. How can we address the vulnerability of customer systems and "gateways" to incoming tampering efforts?

Smart meters will be located in non-secure locations where they can easily be reached by the public. Therefore, physical security or "walls" around the meter are impractical. Because meters are on customer premises, attempts to tamper or vandalize might be unpreventable. Will there be technology to detect such attempts in real time?

How can we move forward in the development of the smart grid without compromising our security requirements? If we wait for security to be built-in, and not added-on, how much will that slow us down? Who will or should be the final arbiter of what security is sufficient security?

I am heartened to say that these issues are well recognized. Regulatory commissioners across the country, including New York, are intently focusing on smart grid security. In the months ahead, regulators will be asking stakeholders tough, pointed questions to help discern the threat, and identify how it could be isolated and minimized.

Cyber security issues are important considerations. The North American Electric Reliability Corporation Critical Infrastructure Protection Standards have specific requirements that electricity producers, system and transmission operators and other system users must meet in order to ensure the security of their systems and infrastructure, and this will likely serve as a model.

Meanwhile, the Control Systems Security Procurement Guidelines, which I am proud to note were started by New York state, will likely be expanded to include some new technologies, including some wireless applications and advanced metering infrastructure.

There are those who might take a Luddite approach and who say the technology is too dangerous, and not worth the risk; but that is not the proper response. The smart grid will be a reality because the efficiencies it will bring are compelling both in terms of cost savings and improving reliability and fuel diversity. Given these facts, we have to ensure that the billions of dollars in investment will be managed soundly, and we must work together to ensure that the smart grid attains its lofty promise.

Subscribe to EnergyBiz magazine today.
EnergyBiz magazine is the thought-leading, award-winning publication of the emerging power industry. This article originally appeared in the July/August 2009 issue.

 
 
Authored By:
Garry Brown is chairman of the New York State Public Service Commission and of the National Association of Regulatory Utility Commissioners' Committee on Electricity. He also serves on the NARUC-Federal Energy Regulatory Commission's Smart Grid Collaborative.
 

Related Posts

Smart Distribution Grids: Beyond AMI By Devendra Vishwakarma
 
 

Comments

July, 24 2009

Jon Nickles says

Ah, the Aurora test scam...i.e. the destructing "...20,000-pound industrial turbine." Naw, don't think so, a recycled diesel generator from Alaska is more like it. No one ever realizes that the test mentioned above required breakers that could function more than three to four times...main grid voltage breakers are not generally capable of operating more than four times with recharging their operating mechanisms. Never mind the fact that test was totally contrived for the purposes of obtaining funding.

Playing with the logic inside a sync-check relay falls under the rubric of unfair play, not cyber terrorism. It requires a level of access akin to getting access to the flight control systems of a major airliner…imagine the horror one could create if you mucked about in an Airbus’s flight control software. We need to be level headed about our control systems and let the SCADA engineers and communication/relay types deliberately secure their systems.

Any time someone says cyber attack you know what they are after…your money! One last point…care to describe how power systems “controlled” themselves between 1890 and about 1965 or so? If you can’t answer this question you aren’t competent to even talk about the subject of power systems and cyber security…

July, 29 2009

F.Allen Morgan says

Isn't it possible that developing a cyber attack resistant system may lead to a uniform applied set of controls and protocals that may make ALL systems vulnerable if a weakness or exploit is found? For example the "cross site scripting" weakness can be used to exploit secure sites....even thou the site themselves are using encryption.

Perhaps its better to have a diverse set of systems that exhibit and are tested to certian level rather than one all encompassing one. Secondarily, developing the standard gives the bad boys the model to test against.

August, 06 2009

Len Gould says

"Any year now your entire personal financial assets may be exposed to foreign terrorists who could, if they could hack into a bank or brokerage computer system and take over control of it by any of the new external ports now being installed, erase or steal all your bank deposits and brokerage account entries". -- That sounds about as scary, but would only have been news 20 years ago, since its long been the case. How to do this stuff is ancient history in business systems. Windows home installations are perhaps a little less secure ;<]

Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates






 

DEVELOPING THE SECURITY PLAN: Protecting the Grid with an Integrated Plan

Thursday Oct 23, 2014 - 12:00 PM Eastern - Virtual Event

POINTS FOR DISCUSSION: * How does a quality security plan provide strong value to the utility? * How can I leverage technologies across my operations, network/cybersecurity, and physical security as part of my security plan? * What are the steps more...

Preparing for the next big convergence: smart grids and smart cities

Wednesday Nov 5, 2014 - 12:00 PM Eastern - Virtual event

It's not a question of when it's coming; it's how fast, what it means to utilities and how to be ready. If you are interested in what the smart grid-enabled community of the future will look like, this is a more...

2014 Utility Analytics Week

Wednesday Oct 22, 2014 - Friday Oct 24, 2014 - Newport Beach, CA

Join us for our Third Annual Utility Analytics Week event where you will hear and learn about the hottest topics in analytics today. The analytics revolution is pushing utilities to respond to real time needs arising in the industry as more...

2014 Knowledge Executive Summit

Monday Nov 10, 2014 - Wednesday Nov 12, 2014 - NewPort Beach, CA

Connect with an exclusive gathering of over 100 elite CIOs, VP's of Customer Service and VP's of Operations to network and share knowledge around the most critical issues and opportunities facing utility executives. Enjoy a breathtaking resort setting along the more...



Sponsored Content