Cybersecurity, Reliability & CIP

The case backlog of unprocessed electric reliability violations is growing out of control, threatening to “swamp” the industry — a sign, perhaps, that when Congress and FERC modernized the electric reliability regime to serve a more market-based industry structure, and for the first time gave enforcement authority to North American Reliability Corp. (NERC) as the nation’s official electric reliability czar, no one gave much thought, apparently, as to whether NERC’s very idea of what constitutes reliability might have needed modernizing as well.

Now that wireless carriers are promoting their networks as a cost-effective communications platform for smart grid data, they face legitimate questions about fundamental performance issues. But if public networks turn out to be the better choice in many cases, utilities might have some explaining to do before state commissions.

In the new world of the smart grid, security isn’t a destination. It’s a sustained effort with ongoing investments across core areas of the utility enterprise.

An increased reliance on renewable energy could threaten reliability of the nation’s electric transmission grids by reducing the rotational mass and rotational inertia of on-line turbine generators, thus, reducing the capability of generators to respond to drops in voltage frequency. In fact, data collected from 1994 to 2009 for the Eastern Interconnection already reveals a drop in the grid’s capability (as measured in megawatts) to stop a very rapid drop in frequency — such as a drop of a tenth of a cycle per second.

Utilities are using automation and back-office systems to improve their performance on outage management and service restoration. The next generation of smart-grid technologies promises a revolution in self-healing systems. But first the industry must gain confidence in the technology—and the business case for investment.

Who will oversee the industry’s cyber standards? Effective security calls for a single organization to set standards that will protect the smart grid. The industry is struggling to reach consensus over authority, scope and funding for its new security apparatus.

Bad news from the front lines in the cyber-security war: Little meaningful progress has been made toward safeguarding the nation’s electric grid from malicious attacks. Initial cyber-security assessments and audits suggest few companies really are ready to implement the first wave of NERC critical infrastructure protection (CIP) standards, despite the fact the utility industry drafted the regulations.

Structural and regulatory factors have allowed utilities in some countries to leapfrog America’s utility industry in terms of technology leadership. But U.S. utilities are learning valuable lessons from international advancements.

In a world where streetlights can be used as a weapon, controlling local utility networks becomes more than just a matter of public convenience and necessity. It becomes a matter of public safety and even national security. And in that world, the idea of an inter-networked, automated distribution grid poses troubling questions about cybersecurity vulnerabilities.

A simulated attack, named the Aurora Generator Test, took place in March 2007 by researchers investigating supervisory control and data acquisition (SCADA) system vulnerabilities at utility companies. The experiment involved hackers invading the plant’s control system to change the operating cycle of the generator.