Safeguarding the Smart Grid: Cyber-terrorism Implications

Posted on July 23, 2009
Posted By: Garry Brown
Cyber security of the transmission and distribution grid has been top-of-mind across the board as utilities move to embrace smart grid upgrades to their systems. This article, from the NYSPSC's and NARUC's Garry Brown, addresses the concerns and questions arising from automating the grid, from generation to end user.

In the not too distant future, state and regional electric transmission and distribution grids will be integrated with two-way communications systems and sensors. This technology will enable utilities to optimize grid performance in real time and provide incentives to consumers to reduce energy consumption through demand response. This is the smart grid.

The federal government is playing a key role in stimulating development of the smart grid; and states, including New York, are turning the concept into a reality. However, with the development of the smart grid comes the possibility that international or domestic terrorists, or perhaps unfriendly foreign governments, could maliciously seize control of the electric utility grid, create economic havoc, and threaten life and property.

Although this is arguably a remote risk, state and federal regulators are keen to ensure that the anticipated investments in the smart grid over the next decade -- estimated in billions of dollars -- will not lead to a decrease in transmission and distribution system safety and reliability, and in turn make it easier for hackers, and even terrorists, to do harm.

Potential scenarios detailing such risks have been played out in fantasy, and in real life.

The 2007 movie Live Free or Die Hard had actor Bruce Willis' character John McClain again facing terrorists bent on destruction. In this case, they were domestic terrorists who were able to shut down power on the East Coast and seize control of natural gas pipelines by hacking into a computer. While thrilling, it was only a fictional story.

More terrifying than the movie, however, was a demonstration conducted by the U.S. Department of Homeland Security that same year whereby a 20,000-pound industrial turbine was made to self-destruct as a result of a simulated computer hack -- made more frightening than Willis' epic because it was real.

The Homeland Security test highlighted reasons to be concerned with security for the electric grid. What are we going to do as we move toward a smart grid environment? For example, how can we prevent unauthorized people from buying or otherwise having access to smart grid data? Marketing firms or competitors may wish to know how much energy a consumer is using, or what a customer's pattern of energy use is, or other energy-related information.

Can we be sure that smart grid communications networks won't allow unauthorized access to information between customers on the same network? Customer interfaces, such as through a customer's computer, must also be protected against undetected changes because they are conduits to critical customer equipment and systems. How can we address the vulnerability of customer systems and "gateways" to incoming tampering efforts?

Smart meters will be located in non-secure locations where they can easily be reached by the public. Therefore, physical security or "walls" around the meter are impractical. Because meters are on customer premises, attempts to tamper or vandalize might be unpreventable. Will there be technology to detect such attempts in real time?

How can we move forward in the development of the smart grid without compromising our security requirements? If we wait for security to be built-in, and not added-on, how much will that slow us down? Who will or should be the final arbiter of what security is sufficient security?

I am heartened to say that these issues are well recognized. Regulatory commissioners across the country, including New York, are intently focusing on smart grid security. In the months ahead, regulators will be asking stakeholders tough, pointed questions to help discern the threat, and identify how it could be isolated and minimized.

Cyber security issues are important considerations. The North American Electric Reliability Corporation Critical Infrastructure Protection Standards have specific requirements that electricity producers, system and transmission operators and other system users must meet in order to ensure the security of their systems and infrastructure, and this will likely serve as a model.

Meanwhile, the Control Systems Security Procurement Guidelines, which I am proud to note were started by New York state, will likely be expanded to include some new technologies, including some wireless applications and advanced metering infrastructure.

There are those who might take a Luddite approach and who say the technology is too dangerous, and not worth the risk; but that is not the proper response. The smart grid will be a reality because the efficiencies it will bring are compelling both in terms of cost savings and improving reliability and fuel diversity. Given these facts, we have to ensure that the billions of dollars in investment will be managed soundly, and we must work together to ensure that the smart grid attains its lofty promise.

Subscribe to EnergyBiz magazine today.
EnergyBiz magazine is the thought-leading, award-winning publication of the emerging power industry. This article originally appeared in the July/August 2009 issue.

Authored By:
Garry Brown is chairman of the New York State Public Service Commission and of the National Association of Regulatory Utility Commissioners' Committee on Electricity. He also serves on the NARUC-Federal Energy Regulatory Commission's Smart Grid Collaborative.

Related Posts



July, 24 2009

Jon Nickles says

Ah, the Aurora test scam...i.e. the destructing "...20,000-pound industrial turbine." Naw, don't think so, a recycled diesel generator from Alaska is more like it. No one ever realizes that the test mentioned above required breakers that could function more than three to four times...main grid voltage breakers are not generally capable of operating more than four times with recharging their operating mechanisms. Never mind the fact that test was totally contrived for the purposes of obtaining funding.

Playing with the logic inside a sync-check relay falls under the rubric of unfair play, not cyber terrorism. It requires a level of access akin to getting access to the flight control systems of a major airliner…imagine the horror one could create if you mucked about in an Airbus’s flight control software. We need to be level headed about our control systems and let the SCADA engineers and communication/relay types deliberately secure their systems.

Any time someone says cyber attack you know what they are after…your money! One last point…care to describe how power systems “controlled” themselves between 1890 and about 1965 or so? If you can’t answer this question you aren’t competent to even talk about the subject of power systems and cyber security…

July, 29 2009

F.Allen Morgan says

Isn't it possible that developing a cyber attack resistant system may lead to a uniform applied set of controls and protocals that may make ALL systems vulnerable if a weakness or exploit is found? For example the "cross site scripting" weakness can be used to exploit secure sites....even thou the site themselves are using encryption.

Perhaps its better to have a diverse set of systems that exhibit and are tested to certian level rather than one all encompassing one. Secondarily, developing the standard gives the bad boys the model to test against.

August, 06 2009

Len Gould says

"Any year now your entire personal financial assets may be exposed to foreign terrorists who could, if they could hack into a bank or brokerage computer system and take over control of it by any of the new external ports now being installed, erase or steal all your bank deposits and brokerage account entries". -- That sounds about as scary, but would only have been news 20 years ago, since its long been the case. How to do this stuff is ancient history in business systems. Windows home installations are perhaps a little less secure ;<]

Add your comments:

Please log in to leave a comment!
back to top

Receive Energy Central eNews & Updates


Defining the Value of the Grid

Wednesday Apr 29, 2015 - 2:00 PM Eastern - Virtrual Event

Our legacy grid has value and deserves continued investment. As we transition toward a more integrated grid that can accommodate new distributed energy sources, utility-scale renewables and energy storage, we need to keep the best of the old while embracing more...

Evolving Beyond AMI to the Utility/Customer Nexus

Thursday Apr 30, 2015 - 12:00 PM Eastern - Virtual Event

Enabled by two-way communications between the utility customer and the utility, smart grid technologies like Advanced Metering Infrastructure (AMI) have fundamentally changed the energy landscape. And with a future sure to be characterized by a growth in distributed generation and more...

From Forecast to Discovery: Applying Business Intelligence to Power Market Simulations

Tuesday May 12, 2015 - 12:00 PM Eastern - Virtual Event

Power market participants, investors, project developers and industry stakeholders routinely rely on forecasts of market economics and operations to support their decision processes. The most accurate and comprehensive forecasts are developed with the use of power market simulators that provide more...

FERC Order 1000: Understanding Transmission Planning In a New Paradigm

Wednesday May 13, 2015 - 12:00 PM Eastern - Virtual Event

Are you struggling to understand how FERC Order 1000 has changed the way RTOs plan their transmission systems? The introduction of competitive solicitation/bidding processes for transmission projects stands to dramatically change the transmission landscape in years to come. However, there more...

Improving Strategic Planning in The Energy Industry

Wednesday May 20, 2015 - 12:00 PM Eastern - Virtual Event

To be successful, energy companies across the globe need to make sound long-term strategic decisions around future investments and projects. However, the ability to act and plan freely is limited by many factors including high capital costs and limited budgets. more...

National Electric Safety Code® (NESC®) Summit: Past, Present and Future

Tuesday Apr 28, 2015 - Wednesday Apr 29, 2015 - Alexandria, Virginia - USA


Energy Central's SmartCities

Tuesday May 12, 2015 - Wednesday May 13, 2015 - Charlotte, NC

SmartCities is an Energy Central event established to educate utilities on the steps and paths to collaboratively develop smart cites in their region. At this event attendees will establish early relationships with key stakeholders; discover collaboration strategies that have been more...

Sponsored Content