Thursday, September 17, 2009

Found a Nugget at NETL!

As we have investigated the nature and definition of security within the Smart Grid context, we have had few definitive descriptions or declarations about what Smart Grid Security really means. This lack of concrete and common understanding is one of the reasons that Andy and I started writing, and now continue writing, the Smart Grid Security blog. Our goal is always to suggest the questions that should be asked, and the issues that will need to be addressed. We do not try to prescribe or promote a definition, it is our thought that the entire space is just too young.

While doing my usual late-night dive around the net, I found an excellent document that I would like to point our readers to, from the National Energy Technology Laboratory, developed for the U.S. Department of Energy. Published in January of 2007, it is an appendix to a much larger piece, which is entitled, A Systems View of the Modern Grid, which was initiated to describe (prior to the pervasive popularization of the term "Smart Grid"), a more informed view of the evolution of the existing grid into something more modern, efficient, reliable, and secure.

I encourage you who are interested in securing the Smart Grid to take a look at Appendix A3: Resists Attack, wherein the authors do a very respectable job of describing many of the likely risks, and the types of regulations/requirements that will be needed to manage/avoid them. As an example, here is a snapshot of a graphic and a fact that I have not seen broadly discussed regarding utility cyber attacks:

And given that these systems and networks have only become more open and accessible since 2003, I would expect that the trend has continued upwards since then.

Aside from good factual data throughout, there are also some concrete recommendations that I wish had been heeded as we jumped headlong into the Smart Grid Investment Grant Program, pilots, etc. Here is an example:
The systems approach to electric power security would identify key vulnerabilities, assess the likelihood of threats and determine consequences of an attack. The designers of the modern grid can draw on extensive experience developed by the Department of Defense in assessing threats and system vulnerabilities.
And there is much more. Please give it a read. This is a major Smart Grid Security Blog KUDOS to NETL and the authors for a prescient piece of work, that is still an excellent resource three years after publication. Note: Appendix 3 "Resists Attack" has been added to the SGS Blog library in the "Relevant Docs" section.

No comments: