Thursday, August 12, 2010

Car Companies and Utilities at the Dawn of the Smart Grid: Twins Separated at Birth?

Like fraternal twins separated at birth, these two seemingly unrelated and elderly sectors of the US economy have more in common than you might think. Both are poised for immense change as “Smart” technologies are completely re-writing the workflows and even the business models of these formerly static industries. One way to know they’ve haven’t changed much over the last century: their 2010 products would be instantly recognizable to their inventors (though this Shelby SuperCar might induce Henry Ford to do a double, or maybe a triple) take. Another thing they have in common is that they have viewed their customers’ usage data as primarily their own.

Some More Similarities

While both car companies and utilities manage their business functions with modern data centers and IT, it’s the OT that makes them their money. That’s operational technology, and for utilities OT refers to the infrastructure control system components that make the grid go: generators, power lines, transformers, substations, etc. The Smart Meters, currently being deployed and networked in the millions by many large-market utilities to enable remote trouble detection and billing, can also considered OT systems.

Internal Smart car systems behave less like data centers and more like control systems. On board performance monitoring and diagnostic computers and sensors, coupled with wireless communications systems, are beginning to allow car companies to detect and sometimes resolve problems without requiring that the car be brought into a garage for repair.

Similarly Siloed: Meter Rolls vs. Rolling Meters

Looking at the two platforms from a customer data perspective, the similarities are even stronger. Electricity usage data was the reason utility trucks ventured to homes and businesses across the country. Utilities had no other way of knowing how much electricity was used at a given address, and they needed that data to calculate how much they were owed. You could make a case that this usage data belonged to the utilities, or to the customers themselves, or both. And today, different states have different rules on this issue.

Prior to the advent of wireless car communications networks (e.g. GM’s OnStar, Ford’s Sync, Bluetooth, Wifi, etc.), automotive performance and diagnostic data remained in on board computers until technicians accessed them during visits to the repair shop. In-between regularly scheduled oil changes or check-ups, or without a break-down or crack-up, this data was out of reach. Now with communications enabled, daily access to this data is a new possibility. And as data on total electricity consumption and usage patterns in homes, the car companies clearly have rights, but the owner/drivers also have a stake as they own and operate the cars (especially if their identity is connected to the data).

But in both industries, there hasn’t previously been much thought given to the ownership or role of data in these scenarios. Or how that data might have value for new business lines or 3rd parties. Or how to protect that data in scenarios where multiple 3rd parties are allowed access.


What cars and utilities shared in the past, even as they came to rely more and more on electronics, was that these systems were relatively simple, understandable, and isolated from the networks bad guys are known to frequent. The hardware and software in most OT systems are not familiar to most of us, as their functions are not related to web apps, productivity or back office management, but to control sensors, actuators and other types of real-time devices.

Trends over the past few years, however, indicate complexity and connectedness will soon rule both of these worlds. Note that current cars of the standard combustion engine variety now depend upon 200+ million lines of software code in applications from a variety of sources with dozens of interfaces. Once “dumb” disconnected meters are being replaced by Smart Meters - networked computers on the side of homes and buildings which communicate with utility systems as well as systems on the inside, like Home Area networks (HANs) and Smart appliances. And all over, IT and OT systems are increasingly being interconnected.

That’s only going to increase as we enter the Vehicle to Grid (V2G) and Smart Grid worlds, with individuals and new companies clamoring for ways to gain access to and open up these systems, access their data, and re-invigorate these previously stagnant sectors with innovative new technologies, capabilities and business models. Open standards (and advocacy campaigns like OpenOtto) will hasten the arrival of all of the above, but in both the power and the car worlds, the impulse to open up has been largely absent, at least until recently.


Ah, we’ve saved the best for last. It’s been said before on this blog but it bears repeating: connecting systems that were once protected, in large part, by their isolation, creates many new vectors for attackers, and in general, many new ways to be insecure.

Designers of both Smart cars and Smart Meters share the objective that upgrades to software and firmware can be performed remotely, prolonging the lives, and increasing the flexibility, of these systems.
There are also use cases where the ability to remotely shut down meters or cars is highly desirable, and include, for utilities when they don’t get paid, or when a residence is changing owners or occupants; and for car companies, the ability to team with the police to stop car thieves and other criminals. These capabilities, like so much related to the Smart Grid, Smart Meters and Smart cars, open new pathways for attackers.

And the temptation to share customer usage data complicates both car and utilities’ thinking about their own data security measures. Ensuring proper data protections are in place in every entity that eventually has access, even with customer permission, is going to be a tough challenge. So let's get on it!

Photo credit: Bill Jacobus on

No comments: