Monday, April 26, 2010

Expectations, Communications, and Change

The introduction of the Smart Grid is about so much more than technology. The technology may make the data more accessible, the power more efficient, and the ecological impact more manageable, but the technology is only the catalyst or the capstone of a much more powerful underlying phenomenon. The Smart Grid represents a change to our earliest and most consistent and dependent relationship with technology, our consumption of electrical power.

In his April 9, 2010 remarks at the Brookings Institute, Author Peter Fox-Penner captured the essence of this very well when he said,
"...a technological revolution known as the smart grid will give all of us much more control over our own power use, enable the greater use of prices that vary by application and time, and allow the integration of dispersed generators in storage units. For the first time in the industry’s history, you and I will soon be able to see how much power we are using for each of our own applications and change our use in response to price signals and other grid controls."
This describes more than a means of improving the Grid's efficiency or reliability, it evokes a sea change in its approachability, in the intimacy and interactivity of our relationship with power, and this is really the make-it or break-it criteria for the Smart Grid as an evolutionary shift in our lives with electricity.

Some of us have probably had the experience of a similar change in a relationship: That individual for whom we have privately pined finally returns our interest. That car, so long a dream, can finally be owned, driven, and shown off. We finally put our names on the reservation list of a restaurant that we have only read about. Each of these represents a change in a relationship, like our changing relationship to electricity through the Smart Grid, and that change is not automatically smooth, because change is about expectation, distraction, disappointment, realization, and then hopefully, satisfaction.

Understanding the Cycle
There is a diagram that does a fine job of representing these various stages of a change in relationship, and it is called "Schneider's Classic Change Curve". It describes the path that our emotions run along as we finally achieve or acquire some end result that we have long hoped for. It is helpful, as we begin to see exuberance for the Smart Grid evolve into some cynicism or disappointment, to know these stages, and to understand the key role that communication will play in decreasing the depth and duration of the dips.

Schneider's Classic Change Curve
  • Great Expectations for the Smart Grid
    When the Government forks over $3.4B in grant money to produce the very first steps in a new generation of infrastructure, it is natural to expect Bigger, and Better. Or Faster and Cheaper. Or More Open and Safer. These expectations have been building among the various constituents that have been on the receiving ends of the promotion and prototyping of the Smart Grid. Many other communities watch enviously, as dollars pour into making electricity more responsive, less expensive, and just as reliable. There is even a certain amount of panache that accompanies residency in a truly Smart City. Things are going to be great.

  • Next Stop: Disappointment, Distrust, Despair
    The base element of such an enormous change is confusion. Motion and turbulence can create a very wide shadow, and the natural optimism of advocates makes some level of disappointment almost inevitable. When the first effort is smart metering, focused on optimizing time/capacity based rates, it is hard to see the actualization of the interactive dream. The realization that markedly more data and control is passing through the meter creates worries about the nature of the consumer's actual participation in the network. When bills go up, which they will naturally do without a dedicated campaign to change consumption behavior, all of those expectations and hopes are squandered against a backdrop of negative impacts, published risks, and rising costs.

  • And Finally the Light at the End of the Tunnel
    Rational expectations, created through the painful collision of what is possible and what is happening, finally allow for an understanding of what is realistic to expect from the new grid. Pricing becomes comprehensible, delivery is understood, and people are much more capable of determining how they will participate: As simple Consumers or as Producers as well. There are no longer expectations based on communications: The survivors know what to expect because they have witnessed what is, and if it is sufficiently balanced, they will accept it.

In the Schneider diagram, there are two different paths through these changes, one "Typical", and one "Effective". It is obvious that "Effective" is less disruptive, drops less deeply into the pit of despair, and achieves a higher steady state. The difference between the two is communication. Clear communication is needed up front about timelines, functionality, tradeoffs, and priorities. By setting realistic expectations for outcomes, the risk of disappointment to the audience is very much reduced, because they know more clearly what they will be getting. During the course of actual deployments, more communication is needed on what is happening, what is changing, and what the resulting impacts will be on the consumer. This decreases both the depth and the duration of any dissatisfaction that might occur, and consistently level-sets the audience to a new family of expectations. During execution and roll-out, communication helps everyone to understand what activities are left, and what other activities might occur during the resolution of the project. By maintaining this open channel throughout the process, the path is much smoother, and there are many less surprises.

And Security?
Security requires perhaps the most attention of all. Unlike the roller coaster of experience that may typify the adoption of the general base of Smart Grid enablers, violations of security are often simply one-way tickets to the Pit of Despair regardless of the timing of their appearance. Communications on the various security concerns and new requirements must span customers, implementors, legislators, and enforcers, to achieve the common level of knowledge necessary to preclude a backlash. Recommended areas for clear communication and early exposure include:
  • Full disclosure of all customer information to be collected, with rationales for collection
  • Definition and assurances of protection for personal or private data and attributes
  • Plans for incident response and communication in the event of a breach
  • Opportunities for consumers to tailor or limit the information that they share, with any impact on services or pricing that they may receive.
In other industries, a lack of this type of transparency has led to long delays in adoption of more integrated technologies such as the federation of patient records in health care, or the broad adoption of electronic voting infrastructure. Understanding what will be shared, with whom, and with what protections, can alleviate both up front concerns and any sense of distrust or betrayal if accidental disclosure does occur. It can also surface, very early, when the public requires more protection or information in order to confidently participate.

We are already hearing voices of protest in the very young Smart Grid consumer community. Off-peak rates and AMI are seen as tools for increasing utility profits with little consumer value. The lion's share of grant money has gone to implementing technologies beneficial to running the Grid, and not to deploying cutting edge user-visible improvements. These early expectations for the grid were mis-set through the natural propensity of evangelists to expect the best and communicate that vision. There is still plenty of time to improve the honesty and realism of those communications, and utilities must be diligent in their efforts to present the reality of the solutions, the risks, and the benefits, and to dedicate themselves to educating their customers, and not simply to convincing them.

Schneider's Curve Image courtesy of

Other Images courtesy of flickr / CC BY 2.0

Saturday, April 24, 2010

Registration Now Open for the Smart Grid Security Blog (SGSB) Monthly Webcast Series Kickoff

We want to alert you of an upcoming series centered around topics from the Smart Grid Security Blog related to the roll-out of new Smart Grid and microgrid capabilities, particularly from a security point of view.

Brought to you courtesy of IBM, the 2010 Smart Grid Security Webcast Series is for anyone interested or involved in making the Smart Grid successful and secure. Our goal is to make actionable information available that will lead to better security, privacy & compliance decision making, and to do so in a way that entertains while it educates.

Webcast 1: Intro to Smart Grid Security and the SGSB webcast series (Apr 28, noon EST)


-- Intro to webcast series
-- Current state description of the grid and the organizations who run and maintain it
-- Smart Grid Security intro:
  • What is the smart grid and what are the compelling drivers for deploying it?
  • What makes it smart?
  • What new concerns arrive with smartness?
  • How to plan to deal with these threats
Register to get Login and Dial-in information

Only your name and email are required to participate. REGISTER HERE

If clicking a link above does not work, please copy the entire link and paste it into your Web browser. For questions about this event, contact the host at:

Hope to see you there!

Andy & Jack

Tuesday, April 20, 2010

Pushmi-pullyu: Utilities and Regulators Tussle over Forward-looking Projections vs. Backward-looking Reporting

What matters more for forecasting: imagining where you're going or describing where you've been?

We've had talks with utilities who, facing looming, life-altering technology, regulatory and business model changes, are trying to do more than merely recount the budgetary planning steps they've taken in previous years. We've also spoken with ones who aren't ready for this kind of change and don't want to hear about "future test years," for example.

But as the Washington Utilities and Transportation Commission (UTC) noted several years ago:
"... as imprecise as forecasting may be, projected test year data based on reasonable forecasts should consistently come closer to expressing future conditions than purely historic data will."
I'd say that's doubly and maybe triple-y true given the current and foreseeable state of major flux the industry is going to be in for the next bunch of years.

What has set this in motion, at least in part, is the Energy Independence and Security Act (EISA) of 2007, that lays out the requirement for utilities to get more future oriented in their thinking and planning. Here's the applicable part (Section 1307) that's causing some contention:

(a) Section 111(d) of the Public Utility Regulatory Policies Act of
1978 (16 U.S.C. 2621(d)) is amended by adding at the end the


A) IN GENERAL- Each State shall consider
requiring that, prior to undertaking investments in
non-advanced grid technologies, an electric utility of
the State demonstrate to the State that the electric
utility considered an investment in a qualified smart
grid system based on appropriate factors, including:

(i) total costs;
(ii) cost-effectiveness;
(iii) improved reliability;
(iv) security;
(v) system performance; and
(vi) societal benefit.

Sounds like a great idea to me, but of course I'm far removed from the operational trenches, not to mention the politics involved in these activities. As other language in the act stipulates, states don't have to play along with this guidance, and as this GTM article points out, North Carolina is just saying no. In the ensuing policy vaccuum, that leaves the state regulatory org, the NCUC, battling it out over what its utilities (Progress, Duke, Dominion) should be reporting on.

Fortunately, security reporting has survived in both the proposed NCUC guidance as well as in the counter proposals of two of the three utilities involved. But seems to me that in an industry where many of the constituents are embracing new information and energy technologies, new relationships with its customers and partners, and new ways of defining and monetizing its capabilities, stalling on EISA is a short-sighted rear-guard action.

In any sector, little, including security posture, is enhanced by clinging to outmoded planning and reporting practices. In battles between the past and the future, the future (almost) always wins. It'll be a great thing for all involved when the entire industry is moving in the same direction.

Imaginary animal credit:

Wednesday, April 14, 2010

UPDATE on Gartner View: Thoughts from Author Earl Perkins

UPDATE: April 14, 2010. Earl Perkins has posted his thoughts on yesterday's post and on our conversation as well. It can be found on his Gartner blog. Definitely give it a read for a view from the author himself.

Tuesday, April 13, 2010

Gartner Weighs in on Smart Grid Security

When I saw the title of the Gartner Group's recent short analysis of our space, titled "The Myth of Smart Grid Security", I was taken aback, mainly because there is so much written in the press about the worries of Grid insecurity. How could smart grid security be a myth, when there is little or no consensus that such a thing even exists in the first place? Andy and I spend much of our time here on the blog simply working with folks to realize that there are changes brewing that require something new and unique that one can call "Smart Grid Security", and we almost never encounter anyone who is implementing a trial, or researching new interfaces, or driving policy change, that doesn't already consider the Smart Grid to be in pretty desperate need of some shoring up. With that in mind, I was naturally curious about what Gartner had to say about the space.

For those of you who may not be familiar, large analyst firms, like Gartner, do much to pull the followers in the market along, taking information from the market, from their clients, and from vendors, and synthesizing projections about where a technology or trend is likely to go. They create lessons from the leaders that will help to drive less painful and better informed decisions by those who will come after. Their involvement in this space, Smart Grid Security, is a good indicator for all of us, because it means that people are becoming aware enough, and concerned enough, to spend their time and money asking questions of Gartner about what Smart Grid security means.

As I mentioned, I was uncomfortable with some parts of the report, starting with the title, so I had a conversation with one of the study's authors, Earl Perkins. Earl and Paul Proctor had created this report as an interim and limited view of the space to raise awareness as they continue to perform research for a more complete analysis to be delivered in the future.

For those of you who have not yet seen the report, it breaks up into two fairly distinct parts. The first section is directed at organizational responsibility, changes, and concerns. Who in a utility organization cares about security? Where should security direction come from? What behaviors could be setting utilities up for failure? The second section of the report drills down on issues related to AMI, ( which Gartner insists on referring to as "Automated" Metering Infrastructure, in spite of its importance to many issues beyond automation ). This section talks about a variety of threats, steps to take and avoid on the path to implementing advanced metering, and how to deal with generic concerns like acquisition, incident response, and authentication and control of meter functions.

While there is some of the hyperbole that characterizes most early analysis of a new space, particularly a security space, there are some good points to take from this report. For readers of this blog they may seem like things you have heard before, but the credibility of a Gartner report may help to bring more attention and focus than your own research, or information you may find on our blog. Andy and I are always looking to inform you with good questions as much as answers in this early stage, and the Gartner guys ask some important ones, such as this:
"Have we established a cross-functional organization that knows the issues, requirements, priorities of smart grid security? Have we funded those organizational changes?"
This type of roll-out and investment may seem several steps away for early adopters of the Smart Grid, but this type of report is not approaching Smart Grid Security from the leading edge, but with a goal of informing those slightly later arrivals who will be trying to systematize all the advancements that we are seeing. Organizational and budget issues will, for those groups, be harder to unwind, and will require more lead time, than the technical choices and challenges of the early days.

In the end, though, I did come back to the title, and to some of the statements within the report that gave me pause. It wasn't until I spoke with Earl that I understood the fundamental disconnect. For us, and for most of you that read the Smart Grid Security blog, there is a clear understanding that we need to do something new and special to ensure that the Smart Grid is secure. From that perspective, any "Myth" about Smart Grid Security would be a reference to a false sense of confidence in all of the new effort that is being applied at utilities, NIST, NERC, and other places, in terms of impact on actually creating a Smart Grid. The eye-opener for me from this conversation was that for many of the utilities that speak to Gartner, the Smart Grid is expected to be secure, whatever that means. The report was geared to a Gartner audience that is just now entering into the Smart Grid space, and that first must take the lesson that we have been speaking together about all along, that the Smart Grid will only be secure if we make it that way.

While the report may be brief, and is not intended to cover the breadth of infrastructure and infrastructure risks that we are now already considering, it is a good first step. In the late 90's, the attention of Gartner and other major analyst firms brought internet security concerns and information to CIO's who were just starting to get involved. A Gartner report can be an important artifact for those who may be trying to get a slower-moving organization to progress, who need to ask for headcount or budget, or for those who have been looking for a sign that the mainstream is catching up to the Smart Grid Security message.

We welcome them to the party.

Photo Courtesy of flickr

Thursday, April 8, 2010

We Don't Need No Smart Grid Education

Wrong. If you've ever taken the time to read beneath the articles about Smart Meter vulnerabilities or other looming forms of grid insecurity, you'll suspect that the teaming masses, at least those who read these pieces and have the gumption to respond, are intensely opposed to the whole Smart Grid idea. Here's a couple of random selections for you culled from a recent article on Smart Meter "holes":

Random Comment #1:
We have a smart meter on our home. So far, the only thing that it has been able to do is let me monitor my weekly consumption and get weekly updates on my projected monthly bill. Any savings that I get for off-peak usage has been eaten up by rate increases by my electric utility. As far as I can see, the only thing these meters will do is enhance the profits of the utility companies by letting them sell their power more efficiently. In the long run, it's not really helping the consumer in the wallet.
Random Comment #2:
Wait a minute. Everyone here has missed the point. If I can hack your meter and shut off your power, there is nothing stopping me from shutting off your neighborhood, your town, city, etc. These things are all connected - to each other and to the mother-ship. A hacker isn't interested in turning off your coffee maker, he wants to own all the meters in the city.
Hacker: Give me $10m or I'm going to shut down Seattle
Seattle: Go jump in a lake
Hacker: brings down the city for 2 minutes
Hacker: Wire the money within 60 min or I'll shut down the city for 24 hours.
Seattle: Where would you like it?
Where's Jack Bauer when you need him, eh?

Is the Smart Grid a scheme dreamed up by utilities to rob us blind? No. Are steps being taken to ensure that Smart Meters and the Smart Grid are secure? Yes. But the average consumer, if he/she takes the time to read about the Smart Grid, sees ten negative messages for every positive one. Jack and I have been advocating for much more and better messaging and education to consumers on the who/what/why/when and how's of the Smart Meters that are landing on their houses, and the Smart Grid drivers that have set this all in motion. See: the Smart Grid Confidence Game.

In the "National Power Grid that Thinks" by Alex Kingsbury of US News and World Report, we get a concise statement demonstrating Kingsbury's spot-on situational awareness of the present state of the Smart Grid's image:

Smartening the public is as critical as smartening the grid itself.
We couldn't agree more. Too much is made of the technology and too little effort (by far) is spent educating and socializing the public re: the coming Smart Grid. To that end, we urge the recently formed Smart Grid Consumer Collaborative to pump up the volume asap.

Image Credit: Flickr Creative Commons