Unlike the traditional power grid, a "smart" grid is designed to accommodate a two-way flow of both electricity and data. This creates great promise, including lower energy prices, increased use of renewable resources and, it is hoped, fewer brownouts and blackouts. But a smart grid also poses several potential security problems—networked meter data, power companies' computers and those of customers could all be vulnerable to tampering.

A smart grid adds a layer of cybersecurity complexity to challenges that already existed with the traditional grid. In the past, a lot of cybersecurity efforts have focused on securing the bulk transmission system—from the utility company's generating plants to its substations—because those locations are where the worst-case scenario could happen: a large regional blackout, says Don Von Dollen, a program manager at the Electric Power Research Institute (EPRI), a Calif.-based non-profit research center. The bulk transmission system remains the top security priority, but with the dawn of the smart grid, power companies now have to think more about protecting the network connections they have with individual customers' homes, he adds.

If a customer has a home area network (HAN) that links computers, appliances and other electric appliances back to the power company for real-time monitoring, the company needs to make sure the network connection to that home is secure, "so as a prank the kid next door can't turn [the customers'] lights on and off," says Von Dollen, who coordinates EPRI's smart grid activities with the U.S. National Institute of Standards and Technology (NIST), the Department of Energy and other federal agencies.

Computer hackers who tamper with smart meters could do damage that spreads far beyond a few homes. At a Black Hat technical security conference (pdf) last year, Mike Davis, a senior consultant with Seattle computer security firm IOActive, used simulations to show how one smart-meter worm could infect a community and potentially shut off power to 15,000 homes within 24 hours.

NIST steps in with recommendations but few answers

With such scenarios in mind, NIST's Smart Grid Interoperability Panel–Cyber Security Working Group (SGIP–CSWG) in February released the second draft of its Smart Grid Cyber Security Strategy and Requirements, a 305-page document the agency expects to issue formally by July. It identifies potential vulnerabilities and outlines "recommended requirements" that the North American Electricity Reliability Corporation (NERC) can choose to add to its critical infrastructure protection standards. These measures to protect the grid from cyber-tampering would be enforced by the Federal Energy Regulatory Commission (FERC).

NIST's cybersecurity group draws its recommendations from a well-rounded core of more than 400 experts, including those from the Department of Homeland Security and the Department of Defense, as well as volunteers from academia, law firms, IT and telecommunication companies, and independent security specialists. Aerospace manufacturer Boeing and network technology provider Cisco Systems each have an employee serving as vice-chair of the group.

"To be so involved with the private sector on a task like this, it's very different for NIST," says Annabelle Lee, chair of the cybersecurity group (and senior cybersecurity strategist in the agency's computer security division). "Our intent was to get people from every group that's going to have to deal with the grid, because what we come up with is going to be important for the entire country."

The NIST document includes a section (Chapter 6), for example, that underscores the need for research and development to keep pace with evolving security needs. According to the section's introduction: "Cyber security is one of the key technical areas where the state of the art falls short of meeting the envisioned functional, reliability, and scalability requirements of the Smart Grid." NIST goes on to recommend improving the security of Intelligent Electronic Devices (or IEDs), which receive data from sensors and power equipment. If these devices are connected to a computer network, as they would be in the case of a smart grid, they are vulnerable to a cyber attack that could disrupt their control of circuit breakers (one of several functions of IEDs).

The document is short on answers regarding exactly how to solve these problems. “This is a starting point. It’s meant to give high-level requirements, not solutions,” says Lee. Rather, the intent is to get government agencies, utility companies and other businesses thinking more about security problems they may not previously have considered when components of the electrical grid were not hooked up to computer networks. NIST notes in this latest draft that without R&D advances to network security, local attacks can become distributed or cascading large-scale attack campaigns.

State of the smart grid
Most consumers are not connected to the smart grid today, but that is expected to change dramatically during the next three years, thanks in part to $3.4 billion in smart grid investment grants from the American Reinvestment and Recovery Act (aka, the 2009 Stimulus Act).

By the end of 2009, more than 13.6 million smart meters were already installed in the United States, and that number could reach 23 million by the end of 2010, according to research firm Parks Associates. Pacific Gas & Electric says it installs 15,000 smart meters each business day and has deployed 2.7 million electric smart meters so far. By mid-2012, the company expects to have 9.8 million smart meters installed, covering its entire customer base, says PG&E spokesman Paul Moreno. About 60 percent of those will be electric meters (the rest will be gas meters).

More data, more danger
Joshua Pennell, IOActive's president, has mixed feelings about the state of smart-grid security. He is encouraged by the work NIST and other groups have done to assess security issues, and he notes that some smart-meter manufacturers have stepped up their devices' security features when vulnerabilities are exposed. But in the race to use stimulus money for smart-grid projects, not all companies proceed with caution, Pennell says, adding, "It's like releasing autos onto freeways without clear safety guidance."

Part of the problem is that connecting different parts of the electrical grid together over a network will lead to a massive influx of data. "We're collecting more data at more parts of the grid, in real time," says Gal Shpantzer, an information security consultant in the Washington, D.C., metro area who is part of NIST's working group. He serves on the privacy subgroup—one of eight subgroups within SGIP–CSWG. "It becomes more complicated to secure."

To illustrate the potential problem: data from synchrophasors (which measure voltage, current, and other data that indicate grid stability) will stream information about power supplies into central data centers at approximately 30 times per second. That is significantly more data than conventional sensors provide by tapping information from the grid every four seconds.

This constant flow of information to and from the grid could also help smart-grid hackers more easily monitor their attacks and determine whether they are successful. "If I'm able to see that stream and understand what's going on, then I'm able to remotely monitor how my attack is performing, essentially," Shpantzer says. "It gives attackers the ability to see in real time what's going on, and how their attack is working, and then optimize it."

Anyone who thinks federal agencies are immune to such concerns, that they have some special power plant that they are hooked up to, should think again, Shpantzer adds. "Certainly they have more disaster recovery capacity than the average small business, because they have generators…but there is no government power grid. So the feds are also dependent on that same power grid that you and I are."