An Eerie and Early Visualization of the Internet of Things (IoT)

I've got a short story to recommend to you. It's cerebral without being overly literary. It's got action, though no cyber-physical grid attacks. There's no shooting. No lives lost. No outages. But is there ever a lot going on! In fact, I'm pretty sure it's a parody of sorts of what may be coming our way in the not-very-distant future.

Titled "Water,' it was published last year by author and futurist, Ramez Naam.

Here's what the ad-free, neural-implanted main character experiences walking down a street in NYC:

Civic systems chattered away. The sidewalk slabs beneath his feet fed a steady stream of counts of passers-by, estimates of weight and height and gender, plots of probabilistic walking paths, data collected for the city planners. Embedded biosensors monitored the trees lining the street, the hydration of their soils, the condition of their limbs. Health monitors watched for runny noses, sneezing, coughing, any signs of an outbreak of disease. New York City’s nervous system kept constant vigil, keeping the city healthy, looking for ways to improve it.

A Social Summary of SANS ICS Security Summit 2014

Since I went solo there's been less time for blogging but I hope to catch up a little with this mega post on the just-concluded, 9th annual SANS ICS Security Summit which took place in the Contemporary Hotel at Disney.

Where I can I'll include Twitter IDs, as for many of us, Twitter is how we stay abreast of what we find interesting and what we're thinking about in between real world meet-ups. (Note: I only include these when they're unique to the individual and not shared by a company or org.)

I won't cover all the talks because I didn't attend all of them, and I apologize to those presenters I don't cover here. Nor was I at "Game Night" (though I wish I was) which from what I heard later was a fantastic and grueling hack-fest that extended into the wee hours before champions finally emerged.

Putting all our Cybersecurity Eggs in Technology Baskets

Attackers perform discovery, surveillance, intrusion, denial of service and exfiltration with software tools. Defenders defend with tools of their own in the domains of network security, system security, application security, data security. The "good guys" also:

• Encrypt data in hopes it will remain secret in transit and at rest
• Patch and patch and patch and patch applications ond OSs
• Pen test to see if they can find and fix weaknesses before the attackers do
• Monitor and inspect network traffic and analyze logs for abnormalities
• And oh so much more ...

Organizations spend millions on defensive technologies, purchasing and/or subscribing, deploying, integrating, updating and yet CISOs still have no dependable process for demonstrating to senior utility leadership the amount of cyber protection they're adding, or put another way, the amount of business risk accepted.

Recently we've seen the DoE and NRECA announce seed grants to help suppliers perform R&D for new technological solutions to cybersecurity challenges facing utilities. Some of these may prove useful to utilities, suppliers, and their services organizations.

Now I almost never use bold, italics or underlining for emphasis. Prefer to let the right words do the work.

But none are likely to substantially address the fundamental issue that cybersecurity threats are a hard-to-quantify risk to business, have human origins, and that improved human awareness and behavior can drive better outcomes in ways everyone can see and understand.

NERC CIP-004: "Cybersecurity - Personnel and Training" calls for humans who have access to critical cyber assets (CCAs) to have appropriate security training and awareness. But the CIPS cover only a very small part of the grid, and as we've seen, it's not just the folks who touch CCAs who can cause significant damage to an organization through their wrong actions ... or wrong inactions.

There are technology products that aim to effect improvements in human behavior (e.g. PhishMe). And there are universities and training organizations galore, some of them even beginning to add industry-specific operational technology (OT) content to their cybersecurity instruction.

And yet many utilities and the government organizations that seek to guide them continue to look almost exclusively to technology to save the day.  Here are two things you can do to begin to flesh out the people pieces:

1) Look at the org chart.  Look at how involved and cyber-aware are the board, the CEO, CFO, GC, etc. You could certainly argue they have bigger (or at least other) fish to fry, but if they knew a little more they might well move cyber threats a bit higher up on their ladder of strategic risks to reliability.

2) See how the CISO is empowered, where he/she sits in the organization, how often he/she briefs the board and corporate officers, and whether he/she has authority to set and enforce security policy enterprise-wide.

There's a lot more of course, but the closing pedantic message of this post, before it sprawls too long, is: don't short the human part of the cybersecurity equation. Humans are the problem, and humans can and should be a  much bigger part of the solution.

Photo credit: JS @ Flickr.com

It's Hard for Utilities to Improve Security when Their Business Models are Increasingly Insecure

This one's not about security, unless you consider the well-being of the utilities who own and operate most of the grid to be security related.  In which case this post is completely about security!

Greentech Media (GTM) has just written a short piece highlighting some of the take-aways of a new Edison Electric Institute (EEI) report called "Can the Utility Industry Survive the Energy Transition?" and I'd say both the GTM article and the full EEI report are well worth your attention.

Computer Security Giant Speaks Out on Current Sub-Optimal State of Affairs

Cybersecurity-oriented readers,

In case you didn't see it in the flurry of all the Sandy related news (or because you didn't have power for related reasons), wanted to make sure to acquaint you with one of the living legends in our field, Peter Neumann, who with DARPA's help, is still going strong.

In short, Dr. Neumann has been:

... a voice in the wilderness, tirelessly pointing out that the computer industry has a penchant for repeating the mistakes of the past. He has long been one of the nation’s leading specialists in computer security, and early on he predicted that the security flaws that have accompanied the pell-mell explosion of the computer and Internet industries would have disastrous consequences.

There's much more to say, but believe the NY Times' John Markoff will say it better than I would, so click HERE to go straight to the article.

Will We Attain a More Secure Energy Future with Lasers?

You might think this is an April Fools headline, but it's not. At least I don't think it is.

From SGSB's FutureWatch desk, we bring you tales of 1.9 Gigajoules, and the potential to power all the world's grids sans fossil fuels. Bring on better electricity storage, and we may get to worry about other things in the future besides energy. There's security in that.

You may call me a dreamer, but I'm not the only one. See the folks at the National Ignition Facility (NIF) at the Lawrence Livermore National Laboratory in California, and see what you think.

2011 (exceedingly short) Energy Security Book List

There are two new books out in the last few months I want you to know about. Whether you have time to read them, even if I am successful in getting you worked up about them, well, that's another story. So again, it's only two books, which is probably one or two more than you'll be able to get to given your current workload. But here's why you should give them a shot.

Neither addresses cyber security too much, but I consider all of this part of the broader "energy security" domain, and as such, this info is part of the foundation one needs to understand the full context of our cyber security, privacy and compliance landscape, where it's been and where it's going.

The first one is by former Austin Energy CIO Andres Carvallo, called The Advanced Smart Grid: Edge Power Driving Sustainability. Co-authored with frequent technology writer John Cooper, this book is relatively short at ~200 well illustrated pages, and is a pleasure to read. I'm going to re-use some of the laudatory words I recently posted in an Amazon review.

Before they invite you to travel with them into the future, Carvallo and Cooper do a solid job of orienting the reader with concise summaries of where the grid came from, how it's evolved over time, and as accurately as possible, how it's doing in its current state. For the many immigrants who've recently moved to energy from other sectors (like me), this is a great grounding.

The authors then look past the current climate of activity, much of it initially fueled with government grants, to a phase where business drivers alone dictate what gets deployed next. Ultimately, they begin to unveil for us a blurry but emerging vision of "the advanced Smart Grid", that's predicated on pervasive IP networking, tons and tons of data, microgrids, EVs, virtual power plants, new business models and more.

I particularly liked this point when the authors did pause for a moment on security:

As a foundational infrastructure, the Smart Grid cannot afford to get out in front of its ability to remain secure.

That's right ... what a concise way of saying so much. For me, it was well worth the time, and depending on your background and/or day job, it might be for you too.

Book number two is from one of the (if not, THE) true giants of global energy thinking over the past decades, Daniel Yergin. Best known (to me, anyway) for his biblical telling of the history and future of the oil industry in The Prize, his new book, The Quest: Energy, Security, and the Remaking of the Modern World, expands in scope to consider all energy sources. Recently reviewed in the NYT, this excerpt seems apropos:

When it comes to assessing the world’s energy future Mr. Yergin is a Churchillian. He argues that we should consider all possible energy sources, the way Winston Churchill considered oil when he spoke to the British Parliament  in 1913. “On no one quality, on no one process, on no one country, on no one route, and on no one field must we be dependent,” Churchill said. “Safety and security in oil lie in variety and variety alone.”

... and one more thing, for which the a smarter grid is the essential precursor:

One of Mr. Yergin’s closing arguments focuses on the importance of thinking seriously about one energy source that “has the potential to have the biggest impact of all.” That source is efficiency. It’s a simple idea, he points out, but one that is oddly “the hardest to wrap one’s mind around.” More efficient buildings, cars, airplanes, computers and other products have the potential to change our world.

Sounds great, right? Well, the bad news for you travelers is that, from a weight perspective, is that it tops 800 pages, though if you get the ebook version it's as light as can be. Now reading it, or the majority of it, that's another story. If it's too much for you to consider, maybe you can wait and hope for a movie version. But I wouldn't count on it.

Happy reading!

Photo credit: Miamism on Flickr.com

Energy Storage Tech Oozes Ahead

Sometimes I like to take a breather and set pure Smart Grid security to the side for a moment, and look at some of the new technologies being developed that may have a significant impact on what the grid of the future looks like.

Living just across the Charles River from the MIT campus, I've been lucky to have great access to lots of early energy tech breakthroughs and announcements. While this most recent one, a radical revision to the flow battery concept, is still too early in its development to know whether it can ultimately prove commercial viability, it sure is thought provoking.

For me, electric vehicle adoption and grid-scale energy storage are two of the biggest drivers of the future Smart Grid that supports a higher percentage of renewables (centralized and distributed) in its generation portfolio. And of course, as we always say, the more we build it, the more 2-way comms, intelligent devices and sensors we add, the more we come to enjoy its many new capabilities, the more we've got to make sure it's secure.

Here's a nice light intro to the goo-based battery from Discovery Tech that focuses on the EV potential, while CNET gives you a bit more technical detail and points to grid applications as well.

Photo credit: Lunchbox Photography on Flickr.com

The Smart Grid for Intellectuals: Replay of Webinar for the American Intellectual Property Law Association (AIPLA)

Just did the intro piece on the Smart Grid for an audience of mainly patent attorneys interested in Smart Grid-related intellectual property (IP)  issues and litigation trends.

Titled, "Intellectual Grid: Intellectual Property Issues in Smart Grid Innovations" this 60-minute presentation won't be everyone's cup of tea, but for folks on either side of the Smart Grid IP technology (and maybe new business process) table, this may be quite helpful.

If you're game, click HERE to register and view.

Photo credit: "Brain Coral" by Laszlo Ilyes on Flickr.com

Smart Grid and V2G Weather Advisory: IBM Twitterstorm Coming

Many SGSB readers, though well versed and skilled in the ways of technology, might nevertheless say, "what the hell is a Twitterstorm?"

It's a fair question, and my simple answer is it's an online conversation and Q&A session between a bunch of folks, conducted 140 characters at a time. Maybe by haiku. This is no place for the verbose, and maybe because of that, it should be information dense and entertaining.

As the title of this post indicates, the central focus is on EVs, PHEVs and their interaction with today's grid and the emerging Smart Grid. The Smarter Planet folks at IBM are hosting it this coming Monday, September 20th, and you can see details HERE on how to join in on the fun.

Please make it if you can. No umbrella necessary.

Photo credit: LISgirl / Emily on Flickr.com

(BTW, for those of you unfamiliar with Twitter and Tweets, prior to this BTW note, this post consumed 651 characters not counting spaces. Twitter counts spaces. That's brevity.)

Calling the Next Generation of US Energy Rock Stars

Some folks are suspicious of anything the government tries to do beyond defending our borders and protecting national interests abroad. Others believe that government can do much more. I'm kind of in between, generally valuing a small footprint Federal government, but every once in a while applauding innovation in government when it shows up.

Such is the case with a new DOE organization, the Advanced Research Projects Agency-Energy (ARPA-E), which came to life just this year and has been given a $400 million boost to get itself and its first bunch of projects off the ground. ARPA-E is not about incremental improvements in energy science; no, it focuses exclusively on high risk, bet the farm, swing for the fences, change the world energy technologies.

-----------------------

Update: here's a list of recent ARPA-E awards for transformational energy technologies.

-----------------------

A couple of weeks ago I had the privilege of being in the first row when new ARPA-E director, Dr. Arun Majumdar, introduced the ARPA-E Fellows Program to a capacity audience at MIT. Saying the goal of his org is to boost US competitiveness in Energy Tech (ET) by helping to find and nurture the "Next generation of "Energy Rock Stars", Majumdar noted his own existence was thanks to the pioneering artificial fertilizer breakthroughs of American scientist Norman Borlaug. He went on to show how many energy technologies first discovered in the US like photo-voltaic solar and lithium ion storage now have little-to-no market leadership nor manufacturing presence in the country. This trend he plainly aims to turn around.

One thing you can say for sure: whether ARPA-E advances technologies that benefit the grid directly or finds ways to greatly increase the capabilities of renewable power generation or storage, it all grows the Smart Grid one way or another. By the way, Majumdar came across as warm, brilliant, determined and 100% sincere. I for one am rooting big time for him and his world changers.

Photo Credit: Lawrence Berkeley National Lab

Smart Grid Communications: It's about More than Wires ...

... it's about wireless, including how today there's not nearly enough wireless coverage to go around:

Coverage is indeed one of the challenges as some utilities have up to 50% of their service area not covered by their existing networks. Utilities often operate in a mix of dense urban to extreme rural areas and need to flexibility of operating in both.

2-way comms and robust security will likely require far more bandwidth than this offering can provide, but it's a start towards a solution we didn't even know we needed a few years ago. See more: here.