Electric Sector Security Observations from Distributech 2013

The show is over for me as I'm up in LA for some IBM training, but it was a very good 2 days. Here's a few of the highlights I took away:

• Saw a great new product with immediate applicability to AMI (and other wireless network) security with crossover applications in restoration, routing and reliability
• Patrica Hoffman, DOE's Assistant Secretary for the Office of Electricity Delivery and Energy Reliability (OE), following great, largely renewable-energy oriented keynotes from senior executives at SDG&E and Cal ISO, gave her perspective on the world and beat a drum loudly for improved cybersecurity awareness and action towards the end of her talk
• Speaking of DOE, after visiting several security vendor booths found a remote outpost DOE cybersecurity booth in the far corner of the big hall. Those folks seemed glad to have any human contact :)
• One industry security guru whose knowledge I implicitly trust said he would like to see a greater emphasis on security architectures this year. Too many point products are being bought and strung together with little consideration for the bigger, enterprise protection picture. And that's a recipe for weakness and inefficiency, and for the folks recommending or doing the buying, a formula for losing credibility and trust
• I couldn't make the conference's security focus panel but if someone did and has some impressions to share, please do and I'll post them here.
• Lastly, from my extended family at IBM flown in from all over the world, definitely detecting heightened security awareness and interest from utilities that until recently weren't all that active.

For those still in town and/or next time you're in town, highly recommend the new Blind Burro restaurant ... ate their twice and it's fantastic. So far, scores a ridiculously high 4.5 our of 5 stars on Yelp. Mmmm tasty.

Notes from Smart Grid Consumer Collaborative (SGCC) Privacy Panel at Distributech

Just a couple things for you here related to privacy. First, here's a link to the good organization that sponsored this event, the SGCC.

One of my co-panelists from a Texas utility brought up a great point I thought ... a challenge that's facing most utilities these days, when she said that a big challenge for her team is how they can know, with confidence, if a 3rd party really has been authorized (by the customer) to access their data. That's a part privacy, part security question, and I'm going to have to ponder that one a bit, and maybe bring in a larger brained colleague or two.

So why does the SGCC need to exist?  First, it funds the research that provides a wealth of great consumer and marketing data to utilities, regulators, and other interested stakeholders. You can click HERE to get their 2012 State of the Consumer report (brief registration required).

But here's another reason, and we talked about this a little on the panel.  It's because absent a sane and sensible, reality-based organization like SGCC getting the facts out, many consumers might be swayed by the fear, uncertainty and doubt (FUD) they're exposed to in the mainstream media as well as in newer channels like Youtube.

This video you're about to see has been watched 1.5 million times, and during its 4 minute run-time the narrator calls smart meters" "power company surveillance devices" and closes with what has to be one of the greatest pieces of alarmist hyperbole I've yet come across. I think you'll like it too:

Those friendly guys on the sidewalk (utility servicemen and women) told me they plan to put a smart meter on every house in America. If they do that, it will no longer be America.

Jeez Louise. Good night America. Good night and good luck. Here you GO.

-----------------------------

And just in, here's a great reader response to the smart meter scare video above:

You’d think there would be more of an outcry over the fact an ISP can see everything they do online, mobile phone carriers can see every incoming and outgoing call and SMS, triangulate their global positions, etc., traffic cameras and OnStar know where their car is at all times, and yet they are worried about someone being able to see their energy data? Maybe opponents should just build their own private power plants and take themselves off the grid completely.

The day may come to pass when that last suggestion is feasible for the mainstream. But for now, your local utility is still far and away your best bet for large quantities of reliable and reasonably priced electrons. Why not help them as they help you, by letting them upgrade equipment to improve their own operations, and serve you and your fellow customers better? I'm just saying ...