Sandia and Hayden on Cybersecurity Strategies for Microgrids

First off, thanks to friend and colleague Ernie Hayden for writing a microgrid security post following his mini-immersion in the topic last week.  You can read his write-up HERE.

In particular, want you to see something he linked to: SNL's Microgrid Cybersecurity Reference Architecture.  That's Sandia National Labs, btw, not Saturday Night Live; talented though he is, Jimmy Fallon is not a contributor to this piece.

Major SPIDERS (DOD Secure Microgrid) Update

This post just in from Mr. Harold Sanborn, Program Manager at Construction Engineering Research Lab (CERL), US Army and technical manager for the SPIDERS Joint Capability Technology Demonstration (JCTD).  I've removed most of the defense industry speak from a longer version you can find on the DOD Energy Blog.  FYI SPIDERS = an ongoing DOD distributed energy program and the acronym stands for Smart Power Infrastructure Demonstration for Energy Reliability and Security. ab

Here's Harold:

SPIDERS Phase I has finished the "history tour" as we codify and publish the lessons learned.

SPIDERS results demonstrated additional capability for Joint Base Pear Harbor Hickam, including:

• Synchronizing with the utility service power signal while pushing electricity back on to the base distribution system
• Operational viewing of other circuits in the substation in addition to the one controlled by the micro-grid, and
• Power factor improvements and the opportunity to test generators at load

The Future of Naval Installation Energy

Posting this one for SGSB readers who might not otherwise see relevant content on the DOD Energy Blog. There's a lot to admire, and learn from what the Navy is doing in Washington DC and the surrounding region. Check it out ...
-----------------------
As projected several years ago in this great 5-minute video, paving the way for demand management, energy efficiency, microgrids, support for renewables and all manner of support-the-mission, energy security goals (with cybersecurity baked in).



From all accounts, the folks involved with this initiative are right on schedule and are meeting their objectives.  Recommend you keep an eye on this.

The 1st Smart Grid Cyber Security Summit is Toast - Selected Notes from Day 2

As good as the utility panel was at the end of Day 1 (see final bullet here), Day 2's vendor panel comprised mainly of meter guys was another clear standout. On the stage were:

• Robert Former, Itron, Principal Security Engineer
• Edward Beroset, Elster, Director of Technology and Standards
• Stan Chan, Verisign/Symantec, Director of Strategic Initiatives

Here are some of what this panel conveyed, sans attribution:

• We've gotten much more serious about security in the past year and we're making changes at a rapid pace
• All products go through rigorous security tests by reputable third parties pre-release, and security testing is continuous throughout the lifecycle
• Plans to share vulnerabilities ID'd in these 3rd party tests with PUCs and other regulators and stakeholders
• Additional attention to security driven by huge push for more security from customers: utilities
• A question was raised on whether Smart Meters could trust smart toasters. There was no answer to this question as it was rhetorical I believe. Certainly thought provoking
• Meters must withstand extreme weather conditions and consume no more than 5 watts. Think about it - a one watt difference per meter x 1 million meters = a megawatt

Later, a question from the back row to the microgrid panel caused a stir. What was that question? Something like: "Are utilities aware of the possible disruptive nature of microgrids to their well established business models?"

Murmuring and agitation ensued ... along with very many words flowing high rates of speed. To sum it up, I believe the response was along the lines of "hell yes and they're using lawyers and all other means at their disposal to slow microgrid deployments down." Personally, I don't believe that response captures what I see as a range of microgrid thinking by utilities. Some of them, I'm sure we'll see, want to get out in front of this movement and will make it another part of their offerings.

In marked contrast, the final panel, which included Elinor Mills of CNET, was a thoughtful and somber meditation on the near-perfect relationship between the media and Smart Grid utilities and vendors. NOT!!! It was fairly raucous and included a course mixture of literal and figurative finger pointing. In the end, neither side was completely innocent of wrong doing and neither side was completely guilty. Both sides agreed to keep talking with hopes that better understanding and communications would follow in the fullness of time.

As for the conference itself, I spoke with a couple dozen folks before we disbanded and all were well pleased with what they'd experienced and all pledged to attend the next Smart Grid Cyber Security Summit event. I have it on good faith that videos and other useful artifacts from the conference will soon appear on the summit site. When they do, I'll be sure to send out a heads-up here on the SGSB.

That's a wrap for now. I've got a red eye back to Beantown to catch. Go Sox!

Photo credit: The Social Blog Network on Flickr.com

Military Planning For Prolongued Outages via Smart/Micro Grid Technologies

While the US Department of Defense has many unique tasks and requirements, many of its concerns and challenges re: the current grid, Smart Grid and Smart Grid security are common to all enterprises. Much of what motivates DOD motivates others, including:

• Desire for continuous operation and continuous service to customers by keeping core systems running during (possibly prolonged) power outages impacting local communities
• Energy efficiency savings via reduction in electricity and fossil fuel usage
• Demonstrating proactive/compliance measures vis-a-vis climate change and the increased use of renewable energy sources
• Maintaining confidentiality/privacy of data and doing all of the above is a safe and secure manner

So along those lines, here's an excerpt from a recent post on the DOD Energy Blog on the so-called "brittle grid" problem I believe you'll find interesting:

Eighteen months have now passed since the public release the "Defense Science Board Task Force Report on Energy" This is from the section called "Managing Risks to Installations":

For various reasons, the grid has far less margin today than in earlier years between capacity and demand. The level of spare parts kept in inventory has declined, and spare parts are often co-located with their operational counterparts putting both at risk from a single act. In some cases, industrial capacity to produce critical spares is extremely limited, available only from overseas sources and very slow and difficult to transport due to physical size.

In many cases, installations have not distinguished between critical and non-critical loads when configuring backup power systems, leaving critical missions competing with non-essential loads for power. The Task Force finds that separating critical from noncritical loads is an important first step toward improving the resilience of critical missions using existing backup sources in the event of commercial power outage. The confluence of these trends, namely increased critical load demand, decreased resilience of commercial power, inadequacy of backup generators, and lack of transformer spares in sufficient numbers to enable quick repair, create an unacceptably high risk to our national security from a long-term interruption of commercial power.

Granted, DOD's not the only organization with these concerns ... and the obligation to plan accordingly. Hospitals, police & fire, essential services, etc. all have to think this way. DOD is exploring campus microgrid strategies (including on-site power generation, energy management and energy storage systems, and more) to allow bases to "island" themselves away from commercial grid infrastructure.

The technology is getting to the point where this approach is becoming just as feasible for industry. We'll be investigating further and will post the results right here.

Photo Credit: Kristen Holden on Flickr

EMP, Asteroids and the Smart Grid

Re: the title of this post - there are some threats you just can't do anything about, so you try not to worry about them too much, and get on protecting yourself against the ones you can. To that end, I recently participated in a short article on Electro Magnetic Pulse (EMP) risks to the grid and Smart Grid on earth2tech. For background on this topic, here's the Wikipedia entry.

Basically, we should not let EMP concerns sidetrack the good work being done to rapidly advance the state of the Smart Grid. For example, I watched as an EMP discussion temporarily paralyzed a NIST Smart Grid standards working group session for almost half an hour. Don't get me wrong, EMP is a serious topic not to be taken lightly, but standards, no matter how thoughtful and excellent, aren't going to help us much there.

A trip to Kirkland Air Force Base's EMP simulator in New Mexico would have shown you we were working on protection measures, and training films from my early Air Force days showed EMP shielding on B-52s on their one-way mission to the USSR during our MAD mutually assured destruction days. Today, short of keeping nukes from exploding anywhere near CONUS, we should acknowledge that there are no good national-scale solutions to EMP out there. All proposed are way too expensive, way too impractical, and virtually impossible to implement without shutting down our government, economy and military for 10-20 years. Or longer.

With a well positioned high altitude nuclear explosion (200 miles up over the US midwest), the Smart Grid, if anything, seems to make us even more vulnerable by adding more devices with easily fry-able circuitry to the mix. But in scenarios where a nuke goes off on the ground or at low altitude, distant micro grids and remote sections of a national Smart Grid would miss out on the carnage, and by islanding, would not be taken down by a cascading failure of the national grid as regional systems likely would today. So the take away is keep on building the Smart Grid, and try not to let EMP, or civilization-ending asteroids, get in the way.

Alarming Doomsday Illustration: Wikimedia Commons

Security Thoughts on Microgrid Nation

It was pointed out that the recent SGS Blog post on microgrids as a potentially faster/cheaper/better way to get to a modernized, more efficient power system left out one key detail: security ramifications. Well, two come immediately to mind:

1. If all communities (define as you will) are on separate power network islands, a problem on any one of them will have a lesser chance of impacting the larger system of systems. And that's a good thing
2. Less good might come of reliance on the same application or infrastructure software across communities. Today, one of the things that gives Apple and Linux users a little more breathing room against viruses and common attacks is the fact that they are not Windows systems replete with a who's who list of easy attack vectors. This is security through diversity. While cost efficiency and systems integration drivers would impel us towards standard apps and systems, we might do well to remember the benefits of technology diversity 

Microgrid Nation

Have you ever read an opinion piece and been won over by the time you finished the second paragraph? Anya Kamenetz's recent Fast Company article, "Why the Microgrid Could Be the Answer to Our Energy Crisis" certainly had that effect on me, by making the intractable tractable. Along the way, it bursts the "energy superhighway" balloons of cleantech celebs Al Gore and Nevada Senator Harry Reid, and touts IBM and GE as large co's that get the microgrid vision.

See for yourself here, and when you're sufficienctly foaming at the mouth and ready to make it happen, here's Kamenetz's DIY micrgrid how-to manual for homeowners.