Government Technology

Smart Grid Security, Ground Zero for Cyber Security




Vint Cerf

June 2, 2010 By

"One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid. We did not do that with the Internet." Vint Cerf (pictured) Photo by Terence Brown. Story reprinted with permission of MuniWireless.

It was pretty amazing to see the amount of people involved in Conductivity Week in Santa Clara California last week. They were all there positioning their expertise on how to build and secure the smart grid.  With NIST, WiFi Alliance, Zigbee Alliance, and the IEEE and hundreds of vendors and speakers attending, it was like a wireless IP Mecca of intellectuals all contributing to this global energy network requirement.

 

The Godfather of the Internet, Vint Cerf, opened the meeting and ended his keynote speech with a daunting announcement, "One of things incumbent on all of us is to introduce strong authentication into the fabric of the smart grid," Cerf said. "We did not do that with the Internet.

"My excuse is public key cryptography [was] not even publically written about until 1977 which is just about when TCP/IP was getting standardized, Cerf said."But today we don't want devices to respond to control from something that's not authenticated."

     

So what is the smart grid anyway?  Wikipedia defines it rather well: "A smart grid delivers electricity from suppliers to consumers using two-way digital technology to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. It overlays the electricity distribution grid with an information and net metering system." With this definition, why is the smart grid such a security issue?

We need to first look at how our power grid operates today.  Power distribution and monitoring today is in its initial stages of becoming a smart grid with some substation network intelligence often connected by microwave, power line and/or fiber-optic point-to-points.  Although these core network infrastructures are very basic, they may prove useful in operating the needed private IP backbone of the smart grid.  These network backbones were not meant to securely connect two-way digital connections from every home, every building every factory and every energy-using appliance throughout the power companies service area.  In fact, adding millions of these connections to the power grid distribution system is no easy task in network or network security. 

 

Power companies are in the precarious position of having to do something now while preparing for the future. In my earlier article, grid security firms and even past cyber-security czars clearly explained today's power grid vulnerabilities.  With $3.375 billion kicked in by the federal government and even more funds added by power and utility companies, they need to produce now but only if a smart grid security plan can be demonstrated.  This leaves the power companies in a tough position of needing to do something today while being prepared to migrate smart grid security platforms to newer standards.  The bottom line is there is no hurry up and wait when it comes to deploying and securing smart grid networks.  There is only hurry up and be prepared to hurry up again.

So what were are the security problems and how can they be immediately addressed? The smart grid network, smart grid operating center and back office are pretty much secure.  The problem is when you start connecting smart-grid devices to homes, business building and factories.  You now have opened up the potential of accessing the smart-grid distribution network though millions of smart-grid end user access points.  This network


| More

Comments

Add Your Comment

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies
Cybersecurity in an "All-IP World" Are You Prepared?
In a recent survey conducted by Public CIO, over 125 respondents shared how they protect their environments from cyber threats and the challenges they see in an all-IP world. Read how your cybersecurity strategies and attitudes compare with your peers.
Maintain Your IT Budget with Consistent Compliance Practices
Between the demands of meeting federal IT compliance mandates, increasing cybersecurity threats, and ever-shrinking budgets, it’s not uncommon for routine maintenance tasks to slip among state and local government IT departments. If it’s been months, or even only days, since you have maintained your systems, your agency may not be prepared for a compliance audit—and that could have severe financial consequences. Regardless of your mission, consistent systems keep your data secure, your age
Best Practice Guide for Cloud and As-A-Service Procurements
While technology service options for government continue to evolve, procurement processes and policies have remained firmly rooted in practices that are no longer effective. This guide, built upon the collaborative work of state and local government and industry executives, outlines and explains the changes needed for more flexible and agile procurement processes.
View All

Featured Papers