Security is a constant concern with the smart grid. As our technology grows more intelligent, it also grows more vulnerable. Every point of interconnection to another bit or byte of electronics is a possible intrusion point.
This week at the Grid-Interop conference in Phoenix, experts discussed practical implementations of cybersecurity in a session focused on solutions and practices.
In the session, Russ Silva from Telcordia Technologies noted that utilities are currently deploying millions of intelligent devices, some part of field area networks (FANS). While each intelligent device has a potential spot of vulnerability, the FANs, especially, tend to operate in open and vulnerable areas.
“There’s a lot of technology out there,” he said, adding that there aren’t a lot of vendor options available to keep an eye on FANs, or on the traffic flows and packet exchanges within.
Silva ran through a series of research areas that Telcordia is working on to address the FAN security issue.
Any bit of technology in the field is more vulnerable in all areas of security, including cyber, but the largest security issue at the moment centers around the largest number of implementations---namely smart meters.
Efrain Gonzalez with Southern California Edison---in fact, he’s their lead cybersecurity architect---joined Silva’s discussion with notes from SCE’s Smart Connect project.
“It’s been said that cybersecurity is more of a journey than a destination,” he opened with, detailing that SCE has surpassed 3.7 million meters installed at this point in the project. And, the utility did so by integrating system engineering principles and borrowing items from the defense industry in order to address security issues.
One of the biggest lessons SCE learned from this project was that security must be built into the technology, not “bolted on” as an extra.
In the end, there were a number of lessons involved in the process. Gonzalez revealed that the first meter the utility took to be tested for cybersecurity was broken into “in the first five minutes.”
But, they learned. A lot. And now, the utility has worked up specifications that they will share with utilities vendors and other associations (and require from vendors working with SCE). Based on open standards, the specifications will help promote cybersecurity interoperability, and Gonzalez said the utility hopes to have that set of specifications available for download in 2012.
Mike Ahmadi with consulting firm GraniteKey built on the journey analogy that Gonzalez brought up early in the session, pointing out that journeys can be inconsistent, as air travel is often these days: Security is different at different points in the travel process. Where will you have to remove shoes? At which airport do you have to empty your pockets or take off scarves? Which airport won’t require that?
The cybersecurity journey may be less consistent than air travel, at this point. The industry is juggling oppressive security issues.
“We moved into the idea of implementing the smart grid. Then, security issues snuck in, raining on this parade of ingenuity,” he said.
While focusing on the joys of a smart grid, the issues that those joys create, including cybersecurity, were latecomers. We brought in the smart grid for its positives and are now trying to keep the negatives at bay, but that’s a lag process.
“We’re in an active state of deployment,” Ahmadi added. “But we haven’t come up with any real standards---not just suggestions, but standards, things you have to have.”
Ahmadi noted that baseline standards are needed because some vendors do a better job than others with security issues, harkening back to that inconsistent journey concept.
Ahmadi pointed out that utilities carry a heavier burden with cybersecurity than vendors, as regulators and customers will come to them if something goes wrong, not to the vendor.
Gonzalez supported Ahmadi’s observation about the cybersecurity burden, adding that the industry has been “leveraging the utility” to press standards but that some of the onus needs to be placed with vendors.
In the end, the panelists are hoping to create a more consistent cybersecurity journey for utilities, vendors and customers.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment