MIT Palantir Reveals Future Views of Grid and Grid Security

And as in the Lord of the Rings, few can look into a palantir and walk away unscathed. That's true for this recently released grid forecast from MIT, and especially for the sections on cyber security, which have served as the justification for many alarmist articles since, including:

• Electric Grid's Future: Increased Risk of Attack
• Smart Grid: There will be a Successful Attack
• US Power Grid is a Big, Soft Target for Cyberattack, MIT Study Shows
• Is Smart Grid Security a Losing Game?

What the hell does that last title even mean?  I read the article and still don't get the point.

It's funny but I just went through the security section of the MIT document and couldn't find anything faintly, and nothing that would strike the regular readers of this blog as in any way surprising.

The part that seemed to stir the press pot the most was in the conclusions and recommendations section - it began by stating that no one organization today makes and enforces grid security rules for the entire (US) grid, not FERC or NERC since they only have authority to regulate the bulk grid. Not other groups in DOE. Not DHS. Nor NIST, as its cyber security working groups as they can only recommend, not mandate, protective actions.

So this prompts the MIT report team to conclude:

This lack of a single operational entity with responsibility for grid cybersecurity preparedness as well as response and recovery creates a security vulnerability in a highly interconnected electric power system comprising generation, transmission, and distribution.

And recommend:

The federal government should designate a single agency to have responsibility for working with industry and to have appropriate regulatory authority to enhance cybersecurity preparedness, response, and recovery across the electric power sector, including bulk power and distribution systems.

This sounds right on one level (single source of truth and control) and yet wrong on many others, particularly, as the authors themselves point out, that they are hard pressed to imagine which government organization is equipped or ever could be equipped to take on so monumental a task.

But seriously folks, the MIT report is well worth a look, not so much for its cyber security content, as for its informed prognostications on other aspects of the future grid. There's no need to worry about the Eye of Sauron, or anything else unusually alarming, in this quest for knowledge.

You'll find the full report and some supplementary materials HERE, and the security section begins on page 208.

Image credit: Wikia

Conference Alert: Heads-Up on First Asian Smart Grid Security Conference

I may (or may not) have mentioned this previously, but Asia is finally getting in on the act. The Smart Grid Cyber Security - APAC conference is coming together rapidly. If you live and work on that side of the Pacific, or enjoy  really long flights, this may be for you.

Here are basic details:

• Where: Singapore (Venue is TBD)
• When: July 11 and 12, 2011
• Sample of  confirmed attendees so far: CSIRO Australia, CLP Power Hong Kong, Japan Science and Technology Agency
• Conference web site

As you'll see, the call for topics/papers is still open, so if you have something you'd like to say or show, better hurry up and submit it to the organizers.

And while we're at it, pondering the emergence of the Smart Grid in Asian markets, HERE's a brand new report from Pike Research on the subject.

Pike's New Smart Grid Security Report Available

Boulder, Colorado-based Clean Tech research firm Pike Research recently released a comprehensive report on the current state and market size of the security business related to global Smart Grid initiatives. This is such a nascent market, you've got to give them credit for even attempting this project. And having seen it, I can say it's a darn good piece of work. You can see Pike's own description and the table of contents HERE as well as register to pay and get a copy (yes, it costs significant money).

If you want to get a better feel for the experience of the lead author, Bob Lockhart, THIS detailed Q&A on Smart Grid security was just posted yesterday, 8 December 2010. There's a lot of goodness in the interview, and I like this comment here on getting employees on the right (and same) page:

One area of security that gets too little attention in smart grids is employee awareness. It is critical for employees of utilities, systems integrators and other involved entities to understand what security is implemented, why it is there, and their responsibilities to support it. This requires a proactive education program. Whether we’re talking e-mails, Web courses, or stand-up instruction matters less than that the points are gotten across to the workforce.

In light of this year's biggest attacks: the one targeting IP theft at Google and dozens of other large co's, Stuxnet, and Wikileaks, it's clear that employee awareness (and it's lack) and behavior played a major role in all of them. In his big report, Bob tackles standards, business drivers and technology challenges too, and I think he describes it all with a substantial amount of mastery. Might be worth your while to check it out.

Photo credit: krytofr on flickr.com