Smart Grids: Security Review

In the quest for cleaner and more efficient energy, smart grid technology has slowly been upgrading the world's power infrastructure, especially here in the United States. A smart grid is essentially a form of electricity networking that utilizes digital technology as a way of addressing energy independence, global warming, and emergency resilience issues. Using two-way digital communications, a smart grid can deliver electricity from a supplier to a consumer, and allows the control of appliances at consumers' homes. This saves energy, reduces costs, and increases reliability and transparency. What makes a smart grid so amazing is that it overlays an ordinary electrical grid, rather than replaces it. The smart grid supplies the original electrical grid with an information and net metering system. The communication of information about grid conditions makes it possible to have dynamic response to these conditions. For example, when power is least or most expensive, appliances and factory machines can be turned on or off respectively to cut costs. What really puts a smart grid over the top is that it is capable of integrating renewable energy, such as solar or wind, into the system.

The goal of such smart grids is to route power efficiently to respond to a wide variety of changing conditions. While smart grids appear to be a simple upgrade from old centralized power distribution, the technology behind them is extremely complex. A smart grid employs the use of integrated communications, intricate sensors and meters, and advanced components and controls supported by constantly improving standards and support groups. With all these highly technological components and the wide scope of a single smart grid's influence, protecting theses smart grids is not only of utmost importance, but a difficult challenge as well. The most important security goal when dealing with a smart grid is keeping communications operating. The communication process between the power supplier and the consumer is at risk of having the confidentiality, integrity, or availability of that data being compromised. If terrorists or any enemies of the state were to gain access to the communications in a smart gird, they could potentially shut off power to massive portions of the nation. Someone with malicious intentions could even gain access to smart grid communications and overload power to one specific area causing serious overloads. If communications were to be interrupted in any way, a lot of people could be out of power. On a less sever note, anyone with malicious intent could tamper with meters and cause power to be redirected in such a way that they essentially receive free power.

Unfortunately for these great systems, smart grids have been found to be frighteningly vulnerable to security attacks. During a 2009 Black Hat security conference in Las Vegas, it was revealed that these smart grids have some weaknesses in their smart meters. This problem was brought to light after reports of attackers targeting U.S. power grids. The problem lies within more and more companies electing to use the remote control features on the meters and switches provided by smart grids. This gives companies the ability to shut off utilities when bills aren't paid and turn them back on when bills are paid. While this provides rapid reaction, it makes these meters and switches high level target. A potential attack on these smart meters could lead to significant harm of the infrastructure of our nation. If power were to be shut off to military areas, it would be difficult to get back up and running fast. Of course these risks are inherent in any smart system such as the smart grid. No matter how much security is provided hackers and attackers alike with malicious intent will find new ways to exploit a system that is meant to better the country and the world. With smart grids starting to run more and more power throughout the country and the world, they will become larger targets for those intending to do evil and attempts to compromise its security is inevitable.

Thankfully, countries such as the U.S. have been developing security protocols to protect this great technological asset. For example, the National Institute of Standards and Technology has already released a three-phase plan for developing standards for the technology. While this is a good first step, some believe the standards will face some of the same security concerns that surround PCI DSS. In the pursuit to secure smart grids, reports predict that between 2010 and 2015 the U.S. will spend about 15% of all smart grid investments on cybersecurity. That's close to $1.5 billion. The rest of the world is looking to do the same and is predicted to spend a combined $20 billion in smart grid cybersecurity. I would recommend that countries continue to invest in smart grid technology, and to also continue investment in securing these smart grids. While smart grid technology provides a great improvement to any nation's infrastructure, it is important that the technology is well protected and understood. Any standards that are developed should be carefully drawn out and vigilantly enforced. If my company we to employ the use of a smart grid, I would recommend trained teams for emergency response and strict adherence to any guideline. By keeping security a top priority, smart grid technology can be a great thing for the world.

http://www.eweek.com/c/a/Security/Smart-Grid-Security-in-the-Spotlight-at-Black-Hat-252301/
http://news.cnet.com/8301-11128_3-20008552-54.html
http://en.wikipedia.org/wiki/Smart_grid