NERC’s reliability oversight is bogged down on two fronts—standard-setting and compliance oversight. Progress depends on improving unwieldy process.
Securing Tomorrow's Grid (Part I)
Protecting smart systems against cyber threats.
highly resource constrained and are expected to perform for many years without significant upgrades, unlike such consumer electronics as personal computers. Plus the broadcast range of neighboring HANs might overlap, making it difficult to bind electronic devices to a specific customer. The potential for neighbors to see or control each other’s smart energy devices must be prevented by appropriate cyber security measures.
The low equipment and investment threshold required to maliciously access HANs encourages the nuisance hacker—looking for fame, entertainment, or merely a challenge—to attempt to observe or manipulate a network. Figure 2 outlines the potential impacts of a successful hack attempt.
Securing the Home Network
By applying best practices for cyber security, utilities and other companies in the electricity industry can protect against many current attack vectors. At present these mitigations aren’t uniformly adopted, or in some cases not adopted at all, often because of cost or resource constraints associated with incorporating them into the technology or network:
• Validate that all HAN input data is within expected numeric ranges, character sets, and field lengths at the earliest possible point in the communications chain, such as HAN gateways and AMI meters.
• Drop all communications that don’t conform to behavior as specified in the UCAIug HAN System Requirement Specification v2.0. 3
• Require that all remote access requests to a HAN device ( i.e., from outside the home) be authenticated against a list of homeowner-approved service providers and validated against a list of homeowner-approved access and actions for explicitly defined data.
• Audit all remote access requests that come through the energy service interface.
• Require all service providers offering energy pricing information or load control commands to register with the state public service commission (PSC).
• Require independent security review by a PSC-approved entity of all service provider methods for presentation of energy pricing information or load control commands.
A complete list of recommendations appears in the UCAIug HAN System Requirement Specification v2.0.
Utilities providing an interface from the AMI into the HAN must consider system architectural issues, such as who owns what device and where specific communication protocols are used. As Figure 3 illustrates, the ownership boundary for the utility includes the advanced meter and the interface to the customer-owned EMS. In this example, the EMS serves as a proxy for the smart energy devices in the home. The utility might choose to limit the depth of interactions to the EMS and delegate responsibility for secure communications with endpoints, or it might choose to require a secure channel all the way to the endpoints as might be the case for functions like direct load control. Additionally, third-party service providers might interact with devices in the HAN, creating the need for clear delineation of homeowner choices with respect to binding of device behavior to pricing and control signals.
Distribution Domain: Metering
The distribution-level AMI provides for advanced bi-directional communications between the home and the utility that enable many of the smart grid’s flagship capabilities, such as remote meter reading, demand response programs, and load control. This infrastructure includes an