Smart Grid Security: Is Trouble Coming?

WASHINGTON DC – The U.S. Department of Energy released an alarming report in January 2017, saying that the U.S. electric grid is in imminent danger from a cyberattack. So where have we been, where are we now, and where are we going regarding smart grid security?

In the department’s landmark Quadrennial Energy Review, it warned that a widespread power outage caused by a cyberattack could undermine ‘critical defense infrastructure’ as well as much of the economy and place at risk the health and safety of millions of citizens. The report comes amid increased concern over cybersecurity risks as U.S. intelligence agencies say Russian hacking was aimed at influencing the 2016 presidential election.”

The U.S. Energy Department’s 494-page report was released during the final days of the Obama administration, and it offered this clear warning for 2017 and beyond: “Cyber threats to the electricity system are increasing in sophistication, magnitude, and frequency. The current cybersecurity landscape is characterized by rapidly evolving threats and vulnerabilities, juxtaposed against the slower-moving deployment of defense measures.”

The new report offered a long list of key findings for policymakers, and here are a few:

•Advanced metering infrastructure has had a significant impact on the nature of interactions between the electricity consumer and the electric system, allowing two-way flow of both electricity and information and enabling the integration of assets behind the meter into the larger electric grid.

•Interconnection standards and interoperability are critical requirements for seamless integration of grid connected devices, appliances, and building energy management systems, without which grid modernization and further energy efficiency gains may be hindered.

•Evolving consumer preferences for electricity services are creating new opportunities.

•The convergence of the electric grid with information and communications technology creates a platform for value creation and the provision of new services beyond energy.

•There is enormous potential for electric end-use efficiency improvement based on (1) technical analyses, and (2) the differences in energy efficiency performance between states and utilities with and without ambitious electric end-use efficiency policies and programs.

•There are no commonly used metrics for measuring grid resilience. Several resilience metrics and measures have been proposed; however, there has been no coordinated industry or government initiative to develop a consensus on or implement standardized resilience metrics.

•Low-income and minority communities are disproportionately impacted by disaster-related damage to critical infrastructure. These communities with fewer resources may not have the means to mitigate or adapt to natural disasters and disproportionately rely on public services, including community shelters, during disasters.

How Did We Get Here? A Short Smart Grid History Lesson

Back in 2010, Scientific American, in an article on Securing the Smart Grid, articulated the new cybersecurity challenges posed by our 21st-century power distribution: “Unlike the traditional power grid, a ‘smart’ grid is designed to accommodate a two-way flow of both electricity and data. This creates great promise, including lower energy prices, increased use of renewable resources and, it is hoped, fewer brownouts and blackouts. But a smart grid also poses several potential security problems — networked meter data, power companies’ computers and those of customers could all be vulnerable to tampering.”

Maintaining resilient electrical power generation and distribution are essential elements in protecting every critical infrastructure area. The Department of Homeland Security houses the national response plans for critical infrastructure protection, and all of the sector-specific plans are inter-related in some way with the use of electrical power.

I wrote a CSO Magazine blog on how the federal government promised smart grid security back in 2009, and the key questions still remain the same in 2017 — even if the hacker scope of challenges have evolved.

Eight years ago I wrote: “One central question remains: Will the ‘smart grid’ be smart enough to stop hackers? Or in pragmatic layman’s terms, can those ‘smart customer meters’ conserve energy, eliminate the need for the ‘meter man’ to keep running around our neighborhoods, allow us to turn down the home air conditioning from work and allow us to remotely start our ovens to get casseroles ready for dinner — without creating any ‘back doors’ for the inevitable bad guys?”

While there are tremendous global opportunities for smart grid advances and smart city innovations, the hackers could derail progress very quickly causing a major setback in smart grid technology adoption.