12 Comments

Summary:

Imagine if the damage caused by Internet viruses and worms — such as downed web sites and snatched credit card info — were unleashed on the critical infrastructure of the power grid. The results could include targeted blackouts, tampering with power generation (nuclear!), or using energy […]

Imagine if the damage caused by Internet viruses and worms — such as downed web sites and snatched credit card info — were unleashed on the critical infrastructure of the power grid. The results could include targeted blackouts, tampering with power generation (nuclear!), or using energy consumption data for malicious intent. While a smart power grid, which leverages information technology to add more intelligence to the electricity network, will give consumers and utilities more control over energy consumption, along with that transformation from analog to digital will come a threat that already plagues the Internet: hacking.

According to a report in The National Journal last year, Chinese hackers may have already used what little infotech intelligence there is on the current power grid to cause two major blackouts. So, with a smart grid moving closer to becoming a reality, utilities and federal regulators alike are trying to ready themselves for the potential dangers that it will bring. As representatives from the Federal Energy Regulatory Commission said at a smart grid policy meeting last week, maintaining security is of the highest priority.

Why is a smarter power grid so vulnerable? Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman who has spent his career representing the energy industry (including working extensively with FERC), explained that transforming a largely one-way distribution network like the power grid into a two-way system delivers that many more points of contact with the network. And if the power grid will be run by networks based on Internet Protocol, well, hackers have already spent years developing the tools needed to take such networks down.

In addition, Ben Schuman, an analyst with Pacific Crest Securities, notes that the smart meters being installed in homes are largely basic, low-cost — around $100 — consumer electronics that a hacker could easily purchase, take apart, and use to learn about the accompanying communication network.

The good news is that there are several steps that can be taken to build security into the smart grid from the ground up, and the stimulus package is allocating some $11 billion for smart grid-related technology. Fagan estimates that utilities would need to spend on the order of millions of dollars each to implement security controls.

Crucial to the maintenance of security will be the establishment of industry standards. At the smart grid policy meeting held last week, FERC Acting Chairman Jon Wellinghoff issued a statement calling for the development of “standards to ensure the reliability and security, both physical and cyber, of the electric system.” While FERC doesn’t itself develop standards, the agency will be asking for input from standards bodies that work on security in the Internet, engineering, and electronics industries. Over the next month and a half, companies and the public can offer their thoughts as to the direction such the standards will take.

The second factor necessary to securing the smart grid will be the use of an open platform. Yeah, we know, that sounds counterintuitive, but as Pacific Crest’s Schuman explains, the most robust security systems out there are largely based on already-established open standards. In order for third-party developers to be able to contribute their best solutions to a smart power grid, it needs to be based on an open platform as well.

Ultimately, the hurdles to securing the smart grid shouldn’t stand in the way of implementing it. The benefits of offering consumers and utilities more control over energy consumption, which can lead to a reduction in energy use and carbon reduction, far outweighs the security concerns.

This article also appeared on BusinessWeek.com.

  1. [...] looks at the hand-wringing over the smart grid and fears of hacker attacks: The benefits outweigh the risks, for starters, and using an open standard could paradoxically make [...]

    Share
  2. [...] How hackable would a smart grid be? (Earth2Tech) [...]

    Share
  3. [...] Written by Katie Fehrenbacher No Comments Posted March 23rd, 2009 at 8:57 am in Policy As we’ve pointed out recently, the power grid will increasingly be adding computing and intelligence, and will in turn be [...]

    Share
  4. [...] Staff | Monday, March 23, 2009 | 12:27 PM PT | 0 comments Many Insecurities of the smart grid. (Earth2Tech) Hulu grew 33% in February, now 4th largest video site. (NewTeeVee) Can Twitter help [...]

    Share
  5. [...] And there’s one more big hurdle to consider: security. It’s kind of the big gorilla in the room when it comes to the current analog, centralized electrical grid. But once the grid turns into this new, huge computer network with two-way communications, the issue of security is going to loom even larger. As Earth2Tech pointed out just last week, smart grid hacking may already be afoot. [...]

    Share
  6. [...] the smart grid. Better integration across different systems will help smooth security issues, and open standards can help provide robust security protocols. [...]

    Share
  7. [...] in cyberspace—the 1970s really were a more trusting era. But that doesn’t rule out open standards, as Earth2Tech has noted: The more developers there are speaking a given language, as it were, the likelier it is that the [...]

    Share
  8. [...] Written by Katie Fehrenbacher No Comments Posted April 8th, 2009 at 11:00 am in Energy When we asked you to imagine the damage Internet viruses and worms could do to the critical infrastructure of the power grid, it [...]

    Share
  9. [...] must have been reading all the articles about the security concerns of the smart grid because out of the 16 standards he announced, five focus on security. That includes: the [...]

    Share

Comments have been disabled for this post