Smart Grid Vendor Universe Charted

Thanks to David Leeds and his Smart Grid team at GreenTech Media (GTM) for building this novel and helpful view of the Smart Grid vendor world. In this end-to-end view, some companies are listed once; others have entries in multiple offerings categories.. (Click on image above for larger view) or follow THIS LINK to get more info on the report and see a larger, hi rez version of the map.)

I note the listing of primarily boutique outfits in the security column. I've had experience with all of them and can report that all are solid. It's been my experience that the bigger outfits with significant, more scalable security capabilities in other sectors are working on tuning their offerings to the energy space and are at varying stages of maturity in this effort. In coming weeks will try to ferret out more info from GTM and the other analysis firms covering Smart Grid security to get a more comprehensive view for you.

(Updated) Stuxnet Update IV: Targeted OT Attacks Risk Collateral Damage

Sep 30 Update: Stuxnet takes out an Indian Satellite? See Jeff Carr's article in Forbes.com

------------------------------------------

Hat tip to IBM cyber defenders and watchdogs Scott Warfield, Brooks La Gree and others for pointing out these several articles. All followed Ralph Langner's revelations that he and his small cyber forensics team in Germany seem to have found the smoking gun ... the code that tells you what Stuxnet is really after.

I won't ruin the surprise; you'll get your answer when you click on any of the following links. But I'll give you a clue: it's the SCADA/ICS (OT/Operational Technology) in a system that's bigger than a breadbasket. And sometimes it glows.

In ascending order of technical sophistication, here are some links to get you educated right quick:

CNET
PC World
DIGITAL BOND
LANGNER

One of the hundred questions I have is whether the folks who built this beast intended (or realized) that it would have impacts far beyond its initial target. And whether that mattered. Or if it was intentional and the scope is larger than it might at first appear. And what's next. And and and ....

And then there's this, from another Langner dispatch just in:

The analysis that Langner has conducted shows that it is not technically difficult to inject rogue ladder logic into PLC programs. It is important to understand that this vulnerability cannot be considered a bug, either technically or legally, so it should not be expected that vendors would be able to release a “patch”. 

Nice, huh? Stay tuned.

Photo credit: ViZZZual.com on Flickr.com

Blazing EV and V2G Trails at the Texas State Fair 2010

You know we try to keep it calm here, but what an incredible experience I just had !!!  Just returned from a week in the Lone Star State speaking in Dallas and Houston, then back to Dallas again, the second time for the Electric Vehicle (EV) Showcase just around the corner from Big Tex. Man, was it worth the flight back to Love Field, and not just for the fried butter and fried beer.

On the first day I got to meet spokes-model (and true product expert) Alicia, then take the Volt (they had three on hand) for a spin on a curvy test track. I loved the way it looked, sounded and handled. A well-informed Chevrolet-rep named Brian gave me plenty of good details before during and after the drive, and I felt that many others like me will feel comfortable welcoming this car, that on most days will consume no gasoline, into their lives.

Now's here's a few details from the Executive Panel on day two to give you a broader look at what's going on behind the scenes to pave the way for this (plug-in hybrid) electric car and others like it. A panel moderated by Texas Public Utility Commission (PUC) chairman Barry Smitherman included leadership from GM, IBM, Texas transmission and distribution utility Oncor, the Electric Power Research Institute (EPRI) and construction firm Beck. Here are some highlights of what they discussed:

• EPRI is working three main focus areas at present: 1) understanding consumer attitudes and expectations re: EV's, 2) early preparation of EV charging infrastructure, and 3) ensuring adequate utility infrastructure, particularly distribution transformers
• Texas is one of the initial wave of seven states for Volt deliveries in late 2010, starting in Austin then fanning out from there. In 2011, expect to see Volts available for sale in all 50 states
• Oncor sees two critical EV roll-out success factors: 1) the practice of off-peak (night-time) charging, and 2) early (and I do mean early) notice to utility co's when an individual is considering the purchase of an EV
• IBM is all about the information layer surrounding EVs and vehicle-to-grid (V2G) infrastructure and is looking at it 3 ways: 1) knowing how much energy from renewable sources is available at any time, 2) how utilities can have access to enough right info to know how much they need to spend on infrastructure, and 3) market and business-related IT that helps consumers as much as possible, particularly enabling ease of use, as well as providing national standards running from the charging points to the cars to the utilities themselves
• To help move 18 Gigawatts of clean wind energy, the moderator noted that Texas is spending $5 billion to run high voltage transmission lines hundreds of miles from windy west Texas to its cities
• Here's one I hadn't thought of before ... it's kind of subtle. According to EPRI, range anxiety is eased by the presence of charging stations outside the home and business, whether EV drivers use them or not
• The electricity required to go a full 40 miles in a Volt costs about $1.10
• Finally, the best part from national security security as well as environmental/climate points of view: most Americans drive 20 or fewer miles per day. The great majority drive fewer than 40 miles on work days as well as weekends. When these folks drive Volts, they are going to be using gasoline only rarely. Think about what that means when the number of Volts, Volt 2.0's and other EVs hit the roads in the millions and tens of millions

In keeping with this blog's security focus, are there going to be cyber security issues with these software-centric, wireless-enabled cars running on rapidly assembled IT and OT networks?  You bet, and we'll get to those soon. But for the time being, just wanted to note that it's a privilege to be alive at this moment, watching so many talented, creative, energetic and caring people pull out all the stops to help change our world in ways it sorely needs.

And I'll leave you with this nugget from a sign you pass upon entering the incredible Cowtown Diner in downtown Forth Worth:

     Never ask a man if he's from Texas.
     If he is, he's most likely already told you.
     If he's not, there's no use in embarrassing him

Photo: Volt dashboard power display

The Smart Grid for Intellectuals: Replay of Webinar for the American Intellectual Property Law Association (AIPLA)

Just did the intro piece on the Smart Grid for an audience of mainly patent attorneys interested in Smart Grid-related intellectual property (IP)  issues and litigation trends.

Titled, "Intellectual Grid: Intellectual Property Issues in Smart Grid Innovations" this 60-minute presentation won't be everyone's cup of tea, but for folks on either side of the Smart Grid IP technology (and maybe new business process) table, this may be quite helpful.

If you're game, click HERE to register and view.

Photo credit: "Brain Coral" by Laszlo Ilyes on Flickr.com

The Pulse Quickens as the Plot Thickens: FERC/NERC continue to Skirmish re: Grid Security Standards

Industry sonar and radar detect nothing but collision ahead as these orgs plow ahead on their respective vectors: FERC wants more security faster for utilities; NERC wants to hold steady with slow, incremental changes. There's some method to each approach, though they're clearly not compatible. I summarized thusly in this week's HuffPo article:

The case for going faster rests on a couple of basic facts and observations. Here are just a few:

• Attacks on energy systems are increasing in tempo and sophistication (for those who haven't heard of it yet, the recently emerging Stuxnet virus has provided a real wake up call for industry in terms of attackers' advanced capabilities
• Other industries/sectors have much more substantial security controls and governance already in place and have only benefitted from them
• Emphasizing security early in the Smart Grid window will yield benefits including cost savings and much better efficacy
• Oh yeah, and one more little thing: and our entire economy and the well being of our nation depend on secure and reliable power infrastructure

Nevertheless, there's a strong case for going slower:

• Cultural challenges inside utility co's will hinder attempts to make them change too much too quickly
• Regulatory impediments need to be resolved before the whole system can be secured. For example, the fact that the Feds only have jurisdiction over generation and high-voltage transmission assets, while policy for low-voltage distribution is left to the states, and there's little/no standardization of state policy at present) Security standards are still taking shape. NERC's CIP standards are still in their infancy, and NIST just released the 1.0 version of its "Smart Grid Cyber Security Strategy and Requirements"
• Lastly, it costs money to significantly ratchet up the security posture of any complex system, not to mention the one that's been called the greatest engineering achievement of the 20th Century

People are pretty fired up by this (and IMHO: they should be). Be sure to check out the comments at the bottom of the article if you get a chance.

Photo credit: Rosmary on Flickr.com

Smart Grid and V2G Weather Advisory: IBM Twitterstorm Coming

Many SGSB readers, though well versed and skilled in the ways of technology, might nevertheless say, "what the hell is a Twitterstorm?"

It's a fair question, and my simple answer is it's an online conversation and Q&A session between a bunch of folks, conducted 140 characters at a time. Maybe by haiku. This is no place for the verbose, and maybe because of that, it should be information dense and entertaining.

As the title of this post indicates, the central focus is on EVs, PHEVs and their interaction with today's grid and the emerging Smart Grid. The Smarter Planet folks at IBM are hosting it this coming Monday, September 20th, and you can see details HERE on how to join in on the fun.

Please make it if you can. No umbrella necessary.

Photo credit: LISgirl / Emily on Flickr.com

(BTW, for those of you unfamiliar with Twitter and Tweets, prior to this BTW note, this post consumed 651 characters not counting spaces. Twitter counts spaces. That's brevity.)

SGSB Origin Story: Why Focus on Smart Grid Security

I got a chance this week to explain how I got fixated on Smart Grid security, which ultimately led to the formation of this blog. Took a few words (some might say too few, others too many) to connect the dots from an early environmental impulse when I was still in the Air Force, to a fixation, decades later, on this sprawling, ill-defined, complicated, still emerging yet nevertheless absolutely critical concept.

Either way, HERE's the piece ... and while you're at it, see if it in any way explains what you're doing here.