The panel "Cyber Security: Dealing with Your Smart Grid Insecurities” was very interesting because several people discussed security for smart grid from different perspectives.
The panel consisted of:
Moderator:
- Jeffrey Katz, chief technology officer, Electric and Utility Industry, IBM
Panelists:
- Tim Roxey, manager of critical infrastructure protection, North American Electric Reliability Corp. (NERC)
- Erfan Ibrahim, technical executive in the Intelligrid program area of the Power Delivery and Utilization Sector, Electric Power Research Institute (EPRI)
- Joe Weiss, managing partner of Applied Control Solutions
From left: Jeffrey Katz, Tim Roxey, Erfan Ibrahim, and Joe Weiss
Katz opened the discussion by presenting his view on security. The point that sticks in my mind is that security in the IT industry is not the same as security in smart grid. One of his slides showed the consequences of breach. Other speakers also mentioned that the big difference between the IT industry and the power industry is that malfunctions of the power system can cause the loss of human lives. Two other points that caught my attention:
- There is no federal or state agency to certify security of the power system.
- Source-code-level security is important, and code should be designed and implemented as such.
Although smart grid security is in its infancy, there should be some organization to certify security for smart grid components and systems. In my previous life, I dealt with source-code-level security and can relate to Katz’s statement.
Roxey discussed security from NERC’s perspective. NERC is an organization that stands between the government and utilities and ensures the reliability of the bulk power system in North America. Actually, his perspective is quite interesting because NERC deals with the huge transmission area as a grid operator. The statistics he presented were one or two orders of magnitude larger than I can comprehend. He pointed out a large number of complexly interconnected (via legacy and new interfaces) components that are controlled and defined by many organizations and security for those components. Also, for many components, security is an afterthought and is not easy to incorporate.
I had heard Ibrahim talk before and found him quite entertaining as well as informative. He did not betray my expectations. His point was that security for smart grid should support legacy systems as well as newly created systems because we cannot replace all the systems overnight. Security for smart grid is not security for each component but should be applied across the board. Yet the current security problem of smart grid lies in the silo of security management. He presented a wealth of information and pointed out lots of resources for security in smart grid. One of them is NIST’s effort on cybersecurity.
Ibrahim also mentioned EPRI’s site for further information, including use cases at here.
Weiss said that until 2000 or so, security was not the issue for the power grid. These days, technology advances (like wireless devices) increase cyber-vulnerabilities. Weiss is an expert in ICS (industrial control system). ICS operates the infrastructure of such things as power, water, chemical, and pipelines. ICS touches important components of smart grid, such as SCADA (supervisory control and data acquisition) and AMI (advanced metering infrastructure). Currently, ICSs are not designed or implemented with security in mind. Another problem is that a large system like a power grid is a set of functional silos without an overall view of security.
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
 |
Energy Impact of Increased Server Inlet Temperature | |
| - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | ||
Moreover, as many people indicated, smart grid is an application of ICT (information and communication technology) to power grids. But this does not mean we can apply ICT blindly to a power grid without paying attention to domain-specific knowledge. What Weiss said towards the end of this session was very interesting. In the following rather obscure picture, the intersection (in red) between IT security (a subset of IT knowledge) and the ICS space is ICS security expertise. There are few experts in this intersection, which makes smart grid security even more difficult to implement.
Tags: Smart Grid
|
- UI: The Ultimate Muscle
I guess you could call the iPhone the beginning of...
10-6-2011UI: The Ultimate Muscle
We're still very much in the Web 2.0 era and you'r...
10-6-2011Security In the Golden Age Of The Internet
George is an amazing man with some deep understand...
9-13-2011Security In the Golden Age Of The Internet
Sometimes what you learn in high school is not onl...
9-13-2011Looking Forward: The Great American Red Herring
I would say that at least half of those who regist...
9-13-2011
