Sunday, June 28, 2009

Senate Energy Bill Love or Hate

The National Journal recently put out a question asking how folks liked the recently approved Senate Energy bill (details here). Good responses from energy company execs and other senior leaders came back, but I particularly liked the balance and focus on realism in the one submitted by Econ professor Paul Sullivan of NDU:
In many ways the bill is a set of first steps toward something much better, or at least one would hope. It does read like it was written by powerful people who see the problems of climate change and energy security not as nearer term crises, but as slow roll issues that are looming somewhere in a future horizon. It also shows some of the difficult tradeoffs between energy security and environmental security being handled in tough-minded political ways.

Thursday, June 25, 2009

Challenge: Name a Company NOT Diving into Smart Grid Market

Ladies and Gentlemen, please welcome AT&T to the party. InformationWeek has the announcement here.

Danahy: New Metaphors Needed for Cyber Threats

A new post is just in from colleague Jack Danahy re: the ill fit of the timeworn "Cyber Pearl Harbor" call to security arms. The Pearl Harbor analogy, like similar recollections of Cold War diplomacy, recalls a simpler time when you knew who the enemy was and what his capabilities were. Alas, 21st century threats, including cyber threats to internet, communicaitons and now, energy networks, have proven resistant to similarly neat classification:
If an attack comes, we will not find ourselves face to face with an attacker ready to do battle, but with a dark and gauzy space where we can only strike at shadows and hope by luck to hit something. Protection against these threats will come only with awareness and responsibility, and a sense among all of us, that we are responsible for our own protection.
You can read the whole post here.

Wednesday, June 24, 2009

Microsoft Joins the Smart Grid Fray

Only question I can think of is: what took them so long? As with Bing, the Redmond company's long awaited response to Google's dominant search platform, it seems Microsoft is late to the party. Still, it's not clear that Google's early mover status in the nascent Smart Grid market buys it all that much.

Here's Microsoft's smart grid approach described by PCWorld. I wonder how the "blue screen of death" translates in the energy world? Or if we'll be ctl-alt-deleting our homes a few times per week?

Smart Grid Learning Institute Posts Dr. Massoud Amin's 23 June 09 Presentation

Here's a link to the Smart Grid Learning Institute, an org with which I was unaware until they hosted a great webinar from Smart Grid guru Massoud Amin.  You'll see a link to Massoud's 80 slide powerpoint front and center. Security is touched upon lightly, and you might have to speak with Dr. Amin in person if you want to get a better feel for his Smart Grid security knowledge learned at EPRI and elsewhere ... which is extensive.

Sunday, June 21, 2009

Itron Pays for its own Smart Grid Security Tests

Here's smart meter maker Itron blazing a new trail others will soon be following, and perhaps in so doing, making a good name for itself as a proactive and responsible vendor:
Itron is paying for the security evaluation, but company officials have not said how much the tests will cost. "Our hope is we eventually will take the knowledge we gain by working with Itron and transition it out to third-party cyber-security firms," said Ethan Huffman, a spokesman at INL, which contracts with the U.S. Department of Energy.

Friday, June 19, 2009

Headline of the Future: ALERT! METERS IN FRESNO ARE UNDER THE CONTROL OF THE PIRATE BAY

Got your attention? Good. It's worth your while to read the rest of Katie Fehrenbacher's great current snapshot and short history of smart grid security. You'll find it here.

Thursday, June 18, 2009

Simple Security Questions

IT (and now Smart Grid) security can be a mind numbingly complex matter. But as with many undertakings, asking the right questions up front, prior to leaping for answers immediately, can be the key to success. Here are three to start with that form the basis of a recent article by Jack:
  1. Why are you doing this?
  2. What are you trying to secure?
  3. What will happen if you don't do this right?
Pretty simple, right? Notice: there's Nothing about firewalls, intrusion detection or advanced encryption algorithms? It gets there of course, but it shouldn't start there. Here's the article.

Wednesday, June 17, 2009

100 Million Smart Meters

That's research group ON World's prediction for what will be deployed in the next few years. All I can say is if ON is right, it looks like we're moving pretty fast. I hope they come with hardware and software flexible enough to be updated when it turns out they conform to the wrong standards post installation. Can you imagine the price (monetary and PR) to replace them shortly after funding a roll-out of this magnitude?

Tuesday, June 16, 2009

Perceptions of Insecurity a Drag on Smart Grid Deployment

Whether it's secure or not, if the public (and Congress) fear it enough, development and deployment of the Smart Grid, coming on so fast today, will slow to a crawl. In a nice summary of this phenomenon, Rob Wilhite, a 24 year utility industry vet, recently noted:
As a result of [multiple cyber security] incidents and media attention, some groups are calling for reductions in the pace of smart grid advancement to protect the reliability of the nation's bulk power system. Some industry organizations are even suggesting that the Department of Energy not award any of the US $4.5 billion in stimulus funding until we develop acceptable standards.
Part of the reason NIST, EPRI and other pro's are working so hard on cyber standards has to due with ensuring greater security of this most complex of all systems. But behind that surface impulse lies the knowledge that this is also about the birth of the Smart Grid itself. It's part of the Smart Grid's early PR campaign, in which confidence in the security of the Smart Grid will foster a faster, broader, and much needed roll-out. Too much fear, uncertainty and doubt, however, and this baby may not make it out of the crib.

Friday, June 12, 2009

All Want to be the Cisco of the Smart Grid

By which they mean the dominant provider of essential, ubiquitous and lucrative hardware and software to build out the massive beast called the Smart Grid, the power distribution network analog of the ever expanding Internet. Here's how Investor's Business Daily describes the tussle to become the Smart Grid's 800 pound gorilla:
Leading the way among startups is Silver Spring. It's raised close to $200 million from venture capitalists and other investors and been dubbed by some in the green movement "the Cisco of smart grid." The catch: Cisco also aims to be the Cisco of smart grid. Networking gear leader Cisco Systems has proclaimed smart grid as its next billion-dollar business. But also looking to be the Cisco of smart grids are IBM,General Electric, AT&T and Silver Spring investor Google, among others.
Sounds like it could become the mother of all VHS vs. Betamax wars. Hope the winning vendors and formats  arrive with significant security baked in, else you-know-what will ensue.

Wednesday, June 10, 2009

Utilities Consider their Demand for Smart Grid Data

While many smart grid start ups are counting on access to a wealth of energy use new data, utilities are counting the costs of acquiring, maintaining and securing data that doesn't help them do their job better or make money. This Greentech Media post gets at pats of this tension:
The problem, says Andrew Tang of Pacific Gas and Electric, is that utilities need to make money from data if they're going to spend money on handling it. "More granular data... if I don't need it for system reliability and I can't monetize it, why would I want to buy it?" he said.
Read further down, however, and you'll see a few very solid comments in response, including this one:
Consumers and utilities don’t necessarily need more data. They don’t do anything with the rich data they already have (i.e. their electric bill). The role for start-ups, in my opinion, is to translate that data into something useful for both consumers and utilities. And I believe there is a lot of money to be made for companies that can figure out how to do that well.
Translating data into something useful, allowing it to reach those who can use it, and keeping it secure all the while ... that's the job.

Monday, June 8, 2009

The Very Accessible, Very Familiar Google PowerMeter

The web has upset many industries' apple carts; is Google now set to outflank some of the utilities as they move to provide real-time info to their customers? See here from the EU Energy Policy blog.

Friday, June 5, 2009

Dueling Smart Grid Cyber Bills

First, here's the line-up:
  • H.R. 2165
  • H.R. 2195
  • S. 946
And a brief overview of who's involved:
Officials at the Federal Regulatory Commission, which has the responsibility of regulating the power grid, have complained that current laws do not allow timely, flexible security standards and leaves the grid vulnerable to cyberattack in a quickly evolving, increasingly networked environment. H.R. 2165, the Bulk Power System Protection Act of 2009 , was introduced April 29 by Rep. John Barrow (D-Ga.). H.R. 2195 was introduced April 30 by House Homeland Security Committee chairman Rep. Bennie Thompson (D-Miss). A companion bill to Thompson's legislation,  was introduced in the Senate April 30 by Sen. Joseph Lieberman (I-Conn.).
Click here for GCN's details of the tussle between DHS, FERC and others over who owns which parts of the smart grid cyber security domain.

The Minute Opera for Energy: ACES Short and Sweet

Ted Click of Chesapeake Climate Action does you the favor of boiling the massive, 946-page American Clean Energy and Security Act (ACES) down into one concise summary post. Smart Grid has but one tiny mention, but you'll note that in order to hit many of the efficiency and renewable energy targets (e.g., states @ 20% by 2020), smart grid technologies will have to be widely deployed by then.

RE: smart grid security - ACES calls out a requirement for grid cyber security only once, on page 139. But other legislation is growing in the House and Senate to bring much greater grid and smart grid security to bear via amendments to the Federal Power Act. More on that in subsequent posts.

Wednesday, June 3, 2009

Put Yourself in FERC's Shoes Thinking Smart Grid Security

This article demonstrates well the dilemma facing NERC CTO Michael Assante and others trying to bring comprehensive, practical security measures to bear in the early days of the smart grid. Vendors of various security capabilities each get their two cents in creating a sense of a void in planning, and making it seem like NERC and the government will never get a handle on the complexities of smart grid security. But before you buy and deploy security products, you have to know what you're trying to accomplish: what you're protecting and from which types threats you're defending. Assante seems to understand the requirements building process:
The approval of [NERC's revised cyber security standards] is evidence that NERC's industry-driven standards development process is producing results, with the aim of developing a strong foundation for the cybersecurity of the electric grid," said Michael Assante, vice president and chief security officer at the NERC. However, he cautioned that these standards are not designed to address specific, imminent cybersecurity threats. For that, direct legislative action is needed.
Be glad you're not in NERC's position of separating the security technology wheat from the chaff on a daily basis. And keep a close watch on what they do next. I'd say so far, so good.

Tuesday, June 2, 2009

Smart Grids Growing in Colorado

I'm sure you've heard of "Smart Grid City" by now; it's being built by Xcel Energy in Boulder. But that's just the tip of the mountain. Informed sources have told me of work underway up in Fort Collins at CSU (aka FortZED ), at the Air Force Academy in Colorado Springs, and elsewhere. Will keep you posted as more info rolls in from the Front Range.

Monday, June 1, 2009

Forrester and other Analyst Firms on Smart Grid and Smart Grid Security

More IT security specialists will begin to understand smart grid security as analysis firms like Forrester Research join the bandwagon. Recent post here from Forrester's "Security & Risk" Professionals blog. An IT-based analysis firm that's much larger than Forrester and with more smart (they say, "intelligent") grid coverage, is found in Gartner Group. Lastly, Cambridge Energy Research Associates (CERA) is an energy focused analysis firm, though as with Forrester and Gartner, Smart Grid seems to be a relatively new topic for them. Note: most of these co's only give you a taste of what they know and hold most of the potentially helpful detail behind their paid subscription firewalls. Repeat: potentially helpful.