State of the smart grid
Most consumers are not connected to the smart grid today, but that is expected to change dramatically during the next three years, thanks in part to $3.4 billion in smart grid investment grants from the American Reinvestment and Recovery Act (aka, the 2009 Stimulus Act).
By the end of 2009, more than 13.6 million smart meters were already installed in the United States, and that number could reach 23 million by the end of 2010, according to research firm Parks Associates. Pacific Gas & Electric says it installs 15,000 smart meters each business day and has deployed 2.7 million electric smart meters so far. By mid-2012, the company expects to have 9.8 million smart meters installed, covering its entire customer base, says PG&E spokesman Paul Moreno. About 60 percent of those will be electric meters (the rest will be gas meters).
More data, more danger
Joshua Pennell, IOActive's president, has mixed feelings about the state of smart-grid security. He is encouraged by the work NIST and other groups have done to assess security issues, and he notes that some smart-meter manufacturers have stepped up their devices' security features when vulnerabilities are exposed. But in the race to use stimulus money for smart-grid projects, not all companies proceed with caution, Pennell says, adding, "It's like releasing autos onto freeways without clear safety guidance."
Part of the problem is that connecting different parts of the electrical grid together over a network will lead to a massive influx of data. "We're collecting more data at more parts of the grid, in real time," says Gal Shpantzer, an information security consultant in the Washington, D.C., metro area who is part of NIST's working group. He serves on the privacy subgroup—one of eight subgroups within SGIP–CSWG. "It becomes more complicated to secure."
To illustrate the potential problem: data from synchrophasors (which measure voltage, current, and other data that indicate grid stability) will stream information about power supplies into central data centers at approximately 30 times per second. That is significantly more data than conventional sensors provide by tapping information from the grid every four seconds.
This constant flow of information to and from the grid could also help smart-grid hackers more easily monitor their attacks and determine whether they are successful. "If I'm able to see that stream and understand what's going on, then I'm able to remotely monitor how my attack is performing, essentially," Shpantzer says. "It gives attackers the ability to see in real time what's going on, and how their attack is working, and then optimize it."
Anyone who thinks federal agencies are immune to such concerns, that they have some special power plant that they are hooked up to, should think again, Shpantzer adds. "Certainly they have more disaster recovery capacity than the average small business, because they have generators…but there is no government power grid. So the feds are also dependent on that same power grid that you and I are."
Subscription Center
See what we're tweeting about
7 Comments
Add CommentGreat article. I think the cyber-security of smart grid technology is one of the most under-examined issues as we move into this brave new world of self-healing, fully integrated T/D.
Reply | Report Abuse | Link to thisthe way to do this...i hate to say is like the telecommunications industry...private channels between nodes(command and control) and open/secured for viewing....ie run a fiber line along with the high voltage line for the private channel stuff and let the tail end(use point..homes..etc) be across public.....
Reply | Report Abuse | Link to thisHow come everyone but the utility companies can figure out how to protect their company and customers? I think these utility companies are just a bunch of whinny butts. Get with it utility companies, the smart grid is coming on-line; smack yourselves up beside the head and bring your smart grid on-line.
Reply | Report Abuse | Link to thisApparently some have absolutely no idea how insecure their personal information is, as evidenced by the increasing incidence of identity theft and resulting financial theft and destruction of credit standing. It seems as though ignorance truly is bliss...
Reply | Report Abuse | Link to thisThe problem is people have no outlet for their skills. Take the russians paid in rubles, they can make a shed load from hacking in USD than they would ever make in russia.
Reply | Report Abuse | Link to thisOnly Solution: New world where money no longer exists.
Chance of happening in our life-time: Zero.
The problem...the real problem is going to get worse in a way youd really not think about. Because pipes are getting bigger and bigger and bigger and detection is based on analysing trends, honey pots, layer3 conversation analysis and much more. Since no box in the known world can record all streaming traffic at duplex 100 gb on a single pipe all you are left with is intelligent analysis. Which is great if youre watching...
There is no chance devices are watching everything all the time so only a small percentage of the total security process will actually be working at any given time.
Many of yonder years hacking was done by people who knew more than the people managing the systems. I dont see this changing. Whens the last time the IT guy was paid twice the wage of the average Manager and sent on up-to-date courses and had ample reduncany in the position to cover all IT concerns. Yes the IT guy should be paid more than the manager... the manager is managing people....the IT guy is managing the money that is used to pay the manager...etc.
m - What is that - inspiration is 90% sweat, or something. The other n% is personal motivation...
Reply | Report Abuse | Link to thisIf a customer has a home area network (HAN) that links computers, appliances and other electric appliances back to the power company for real-time monitoring, the company needs to make sure the network connection to that home is secure, "so as a prank the kid next door can't turn [the customers'] lights on and off,"
Reply | Report Abuse | Link to this---------------------------------
Why should the power company be monitoring when and what is on? Yes they can get usage statistics, but they can get that from just looking at how many kw/hrs you are using. They will be able to tell when you normally go to work and come home just by usage spikes, Criminals can use this information to know when it is a good time to rob you. This information should remain private in order to protect the consumers rights.
Big brother is watching you...