Before the hearings started, I felt the number of critical cyber assets for a medium size utility would be on the order of several thousand, not 20 as some major utilities are identifying under...
A holistic approach to smart-grid security.
The smart grid has gained solid traction in many respects, and it encompasses a broad and interrelated ecosystem of technology, processes, information and concerns. While the smart grid has the potential to enable many desirable outcomes articulated by government, industry and consumers, it also presents significant potential risks to our power generation, transmission and distribution systems in ways perhaps not even imagined just a few years ago.
A number of smart-grid security concerns have been expressed in recent mainstream discussions. Many laypeople and experts believe the smart grid might be widely vulnerable to cyber attacks. For example, hackers or insiders could cause massive blackouts or other disruptions. There’s also significant concern and media attention around the idea that utilities, hackers or other entities could use new smart meters and other methods to spy on consumers or control their homes without consent. Underlying these concerns is a relative lack of perceived experience and predictability regarding how the smart grid will react to intrusions and compromise, coupled with newly evolving standards for smart-grid security from the National Institute of Standards and Technology (NIST) and other influencers. In light of the myriad security concerns, some experts even advocate that smart-grid deployment should slow down.
The presentation of these concerns is sometimes sensationalized, even to the point of being comical; however, the potential risks are very real. Industry stakeholders are starting to recognize the paradigm shifts engendered by smart grid, with security being a core concern for the future. Additionally, the relatively recent advent of smart-grid funding and the associated need for standards compliance around new critical cyber assets are driving utilities’ security diligence like never before relative to themselves, smart-grid solution vendors and other broad areas of infrastructure.
As smart-grid security continues to evolve, the critical areas of discussion should include the approaches by which utilities and solution vendors can help to mitigate security risks within smart-grid implementations. Smart-grid security isn’t a destination, it’s an ongoing process. Smart-grid security shouldn’t be about slowing down, but rather mitigating risk and limiting exposure as intelligently and as quickly as possible.
AMI: A Common First Step
As utilities evolve their smart-grid implementations, a common foothold is an advanced-metering infrastructure (AMI) solution. Although AMI systems are just one component of the smart-grid ecosystem, their functionality, characteristics and confluence with the larger grid impart an array of interesting security challenges.
AMI systems have evolved rapidly over the last several years to include a wide range of business and technical features that have served to differentiate AMI vendors and advance the state of the industry. Functionality such as remote connect and disconnect, segmenting endpoint populations for mass control, message buses for integration, remote firmware updates and many other functions embody the ways by which these systems are striving to meet, or create, customer and market needs.
Unfortunately, this rapid pace of product evolution often is driven by