NERC's Cyber Education Role

Online tech mag Ars Technica recently wrote up the results of two reports on US energy infrastructure, one from the North American Electrical Reliability Corporation (NERC), and the other from a small cyber security company named LogLogic. The sum, for me, was a reminder of how far we have to go on enterprise Smart Grid cyber protection policy and implementation, and how little time we have to get there.

Referenced within the Ars article, is NERC Chief Security Officer (CSO) Michael Assante's April 2009 memo to electrical industry players. His calls for increased attention to cyber risks are still at the basic education level, as many of the targets of his guidance are from operations, and are still relatively new to the IT and cyber security domains:

... as we consider cyber security, a host of new considerations arise. Rather than considering the unexpected failure of a digital protection and control device within a substation, for example, system planners and operators will need to consider the potential for the simultaneous manipulation of all devices in the substation or, worse yet, across multiple substations. I have intentionally used the word “manipulate” here, as it is very important to consider the misuse, not just loss or denial, of a cyber asset and the resulting consequences, to accurately identify CAs under this new “cyber security” paradigm.

Excellent here that Assante keys on manipulation, as cyber attackers oftentimes achieve greater effects through means that at first appear quite subtle ... or aren't visible at all. At some point he's going to have to point out that a precursor to manipulation or outright attack is monitoring, often done by placing apparently benign software agents on target systems to collect data and await further instructions.

Assante also attempts to update industry thinking on the current grid's design that can usually handle large single points of failure. Cyber threats are often targeted less like sniper rifles and more like shotguns:

One of the more significant elements of a cyber threat, contributing to the uniqueness of cyber risk, is the cross-cutting and horizontal nature of networked technology that provides the means for an intelligent cyber attacker to impact multiple assets at once, and from a distance. The majority of reliability risks that challenge the bulk power system today result in probabilistic failures that can be studied and accounted for in planning and operating assumptions. For cyber security, we must recognize the potential for simultaneous loss of assets and common modal failure in scale in identifying what needs to be protected. This is why protection planning requires additional, new thinking on top of sound operating and planning analysis.

Thinking? Excellent. New thinking ... even better !!!

Are We Ready for the -Next- Generation of Security Concerns for the Smart Grid?

Over the past several months, interest in security and the Smart Grid has been growing, and much of the focus has been on trying to raise some baseline interest in ensuring that the millions of meters and interconnection points are specified, deployed, and managed with some sense of urgency around their security.

In re-reading David Leeds' excellent piece on next wave venture investing in the Smart Grid, "Smart Grid 2.0: ‘The Soft Grid’" , I started to look up from our daily security quest to think about how much more complicated all of this is about to get. The article describes the next wave of investment in the Smart Grid, and how, with many of the infrastructure providers well-funded and moving forward, that the investment community is going to start to look for software firms that will build applications to capitalize on all of the new Smart Grid functionality.

I think that in some ways, there is some good news in this piece, mainly that IT-experienced people are beginning to become interested in the Utility space. Jeff St. John had written recently about the movement of Utility execs to Smart Grid startups, but this is more about bringing IT leaders into the Utility market. This is an evolution that Andy and I have been looking for and writing about for a while. Experienced IT and network security people have got to be brought to bear on the challenges of the Smart Grid, but as yet, according to our research, there have not been many folks who have made the jump. In David Leeds' comments, however, he notes that,

... this industry is now an attractive place to hang one's hat, and as such we anticipate that the electric power sector will be inundated with a wave of fresh talent in the next five years.

On the downside however, is the greenfield description of much of the new software that may soon infest the largely untested security byways of the Smart Grid. If Leeds is correct, and venture investing will soon begin to drive a wave of new functionality providers in the software market riding the Smart Grid, then the real impacts of any underlying insecurity within the Smart Grid infrastructure are shortly going to multiply manyfold.

Internet Co's will Embrace Smart Grid, but will Energy Co's Embrace Internet?

This piece in MIT's Technology Review describes a few of the economic incentives for Internet companies like Akamai to investigate and invest in energy market-aware hardware, software and networking gear.

The ability to throttle back energy consumption could have another benefit for massive Internet companies, the researchers say. If an energy company were struggling to meet demand, it could negotiate for computation to be moved elsewhere; the researchers say that the market mechanisms needed to make this possible are already in place.

Expect much more of this in the near future from companies well versed in rapid adaptation via flexible, well managed IT operations. But what to expect of utilities and other energy ecosystem players? One of the patterns that's emerged from conversations we've had with industry is that most utilities have succeeded until now by purposefully avoiding aggressive IT innovation. The logic being that energy generation and delivery need to be 99.99% reliable, whereas IT and the Internet have a not undeserved aura of instability (see "blue screen of death" and the "three fingered salute" as well as recent pervasive troubles in Twitter-dom.

How a history and culture of IT skepticism will affect future energy co. adaptation to Smart Grid technologies remains to be seen ... but we'll be watching.

Empire State: Building with Smart Grid Grants, Hold the Security

There was a release today from Governor Patterson's office in Albany about the creation of a new Smart Grid Consortium in New York. Feel free to read the release, as it exhibits strong exothermic properties. Within it, however, is a reference to the new NY State Smart Grid Consortium Smart Grid Vision and and Technical Plan Report (Draft).

I would encourage you to use it as a resource, there are some nice charts, and it is truly a tutorial on merging real energy thinking with real politicking around grant dollars. Jobs, dollars, energy, etc., like political Prego, "It's in there."

As all of us in the Smart Grid community know, there is a double-edged sword in the hands of government these days, and it is called the Smart Grid Investment Grant Program, and we have written of it here before. A real boon, for all of the incentive it provides, and a recipe for long-term disaster as it drives substantial investment long before the community has matured in its understanding of need and security.

Most unfortunate in this report is its complete lack of focus on security, except for sprinkling the word into the document, hoping perhaps to ward off any real requirement of substantiated activity. I urge the NYS Consortium to remember that there are few areas of the country where blackouts have caused such chaos, and where potential blackouts would have such a devastating effect on the enormous financial, media, and technical communities that populate it. This graph, from page 44, says it all:


Someone in a New York utility has got to be doing something...

Lockheed Throws its Hat in the Smart Grid Ring

Looking for business ... and perhaps a handout. Like many other large co's who have recently made their intentions known re: Smart Grid stimulus monies, Lockheed brings modest energy credentials to the table, so partnering with an expert is the way to go. More importantly, though, from this blog's point of view, is Lockheed's comparatively deep background in cyber security. Let's see if they choose to play a leadership role or not.

Here's the announcement.

5 Years and How Many Devices?

We were working yesterday on some background for our continuing research on Smart Grid device security, and I found an absolutely prescient piece by an associate professor at CMU, in the Department of Electrical and Computer Engineering, named Philip Koopman. The article was carried in July, 2004 by Embedded Computing Magazine. You can find it here.

I'd recommend you give it a read, because it provides some non-Apocalyptic views of the dangers of insufficiently secured micro-controlling devices, just the kind that we have been worrying about as we watch Smart Grid pilots, roll-outs, and meter buys over the past year. The Smart Grid wasn't yet in vogue, and the interactive power management that empowers it was not evident, but Professor Koopman does an excellent job of painting some non-tragic but disturbing scenarios in an even less connected energy market.

We at the Smart Grid Security Blog continue to plead, on street corners, conferences, and on Capitol Hill, that people take a closer look at their new interactive power infrastructure before we find ourselves in too deep. Would that we knew Professor Koopman in 2004, because he shines a light years in advance of our current road to risk:

Many embedded systems are created by small development teams or even lone engineers. Organizations that write only a few kilobytes of code per year usually can’t afford a security specialist and often don’t realize they need one. However, even seemingly trivial programs may need to provide some level of security assurance. Until standard development practice includes rigorous security analysis, developers may overlook even the solutions already available.

You are a man ahead of your time, Koopman.

Temporarily Mismanaging Demand Management in Atlanta

We've been having a heat wave up in Boston this week, which makes us more empathetic about this recent snafu in Atlanta. With Smart Grid-like configurations, technology can be a force multiplier to achieve great new capabilities ... as well as amplify the negative consequences of human error. In this case, it was a relatively short loss of household AC. But I'm sure you get the point.

And how did folks happen to part of this demand management program in the first place? They responded to the following very reasonable Duke Energy entreaty to save some dough:

Why Sign Up - Depending on which Power Manager option you choose, you will receive a one-time credit of $25 or $35 on your bill just for signing up. You will receive a credit on your electric bill whenever we use the Power Manager device to turn your air conditioning unit off and then automatically back on. You are helping to preserve the environment and keep electric costs low by reducing the demand for electricity and delaying the need to build additional power plants in our region.

How the Program Works - Duke Energy will install a free load management switch next to your air conditioner on the outside of your home. This radio-controlled device will cycle your air conditioner off and on when demand is especially high. Depending upon the option you choose, your air conditioner is cycled off and then back on approximately one time each half hour, for the length of the cycling event. Cycling events will not normally exceed a four to six hour time frame and will not occur on weekends or holidays (except in a system emergency). To help keep you comfortable, the indoor fan continues to run to circulate air throughout your home.

Hopefully we'll get to make and learn from lots of small, relatively benign mistakes before the consequences become much greater. And become much greater they surely will ...