- 1. Smart Grid for the CSO Jack Danahy Co-Author : The Smart
Grid Security Blog October, 2009
2.
- Drivers for an Evolution in Grid infrastructure
- Introducing the Smart Grid
- Common Smart Grid Elements and Implications
- Growing Resources for Smart Grid Content
- A Simple Smart Grid Checklist
Agenda 3. Who would recognize their brainchild? Alexander Graham
Bell Father of the Telephone Network Thomas Alva Edison Father of
the Grid ( and snappy dresser ) ? 4. Would todays phone system ring
a bell?
- Independent providers of services to individual consumers
-
- International, regional, national, and local carriers
-
- Multiple devices/lines/types per household/business
- Configurable value-added services
-
- Cell phone as multimedia content-delivery platform
- Heterogeneous transmission media
- Market-based competition on rates/services/satisfaction
Img courtesy mgraves.org then now 5. Grid changes would be much
less shocking
- Major Generation Platforms
- Transmission and Distribution Networks and Infrastructure
-
- Load balancing and predicting
-
- Outage and fail-over protections
- Regional Regulated Utilities
-
- Power to homes/businesses
img courtesywww.blackhillsenergy.com /customers/lingo/ then now
same 6. While the usage profile has changed completely
- Consumption has risen drastically
- Power quality has become a big issue
- Power pricing has stabilized
- A majority of new technologies require substantial additional
power
- There is no slackening of consumption in sight
7. Whats wrong with that?
-
- Grid element Interdependence produces cascading failures
-
- Costs vary widely for generation fuels
-
- Regional conflicts impact fuel price and supply
-
- Political pressure to decrease reliance on foreign sources
- Growing Environmental Impacts
-
- Carbon emissions facing public scrutiny and
federal/international regulation
-
- Increases in traditional generation facilities face local
resistance
-
- Seeking information and flexibility
-
- Creating opportunities for new services, revenue, and
products
img courtesy NOAA Northeast Blackout 2003 8. Who wants what? A
Bidirectional Network A Smarter Infrastructure creates a new
generation ofProsumers , producing and consuming energy in a
balanced and equitable system to the benefit of customers and
utilities alike Customers
- Demand more information about use and efficiency
- Are more environmentally sensitized to energy use
- Want more control over usage rates and schedule
- Will generate power to sell back to the grid
- Demand involvement in the evolution of the grid
Utilities
- Must reduce the cost to serve and support customers
- Are driven to adapt to new technologies
- Must meet new expectations for services
- Seek to monetize deployment of new energy services
- Experiencing massive operations transformation
9. A Smarter GridIScoming : market forces demand it Expectations
of Financials Markets Regulatory &Policy ChangesTechnological
Advancements CustomerExpectations Aging Assets &Workforce
Dynamics Volatile Energy / Fuel Costs Security Environment &
Climate 10. So what is a Smart Grid?
- A future power delivery grid that meets the needs of the next
generation of Americans:
- Enableactive participationby consumers
- Accommodateall generation and storage options
- Enablenew products, services and markets
- Provide power qualityfor the range of needs in a digital
economy
- Optimizeasset utilization and operating efficiency
- Anticipate and respondto system disturbances in
aself-healingmanner
- Operate resilientlyagainst physical and cyber attacks, and
natural disasters
11. What does a Smart Grid look like? Img courtesy:
www.smartgrid.epri.com 12. The Smart Grid isNOTwithout risks Risk
to Critical Infrastructure Inconsistent information sharing and
collaboration among stakeholders Private sector controls over 90%
of critical infrastructures High degree of social, economic
dependence on digital systems Deperimeterizationand new customer
touch points into networks Uneven application of security
engineering to increasingly complex systems Growing capability of
adversaries and growing number of exploits 13. Security challenges
from/for the new Smart Grid
- Complexity : As systems are added and increase functionality,
security is more difficult to address
- Connectivity : Increasing connection to previously isolated
systems and networks expands the threat surface
- Internetworking:Connections between networks permit more rapid
spread of any corruption or breach
- Communications Dependency : Reliance on networking technologies
introduces new risk based on network stability
- Confidentiality : Critical and sometimes private data drives
the smart in Smart Grid, creating a new area of concern
14. Where are specific areas of concern? Img courtesy:
www.smartgrid.epri.com
- Mis-configuration of options
- Insufficient tamper protection
o o o o o o o o o o o 15. Thus there are multiple scenarios to
plan for External Threat Insider Threat Accidental Event
Intentional Event Malware Denial of service Sophisticated,
organized attacks Natural disasters Economic upheaval Changing
Political Climate Unpatched systems Code vulnerability Lack of
change control Human error or carelessness Undiscovered back doors
Information theft Insider fraud 16. Issues and Items to Understand
Terms, Technologies, and Tough Questions 17. Smart Meters
- Legacy power meters were simple
-
- Displayed a rolling record of usage
-
- Read by roaming utility personnel
- Smart meters are more functional
-
- Additional sensors monitor for outages, power quality,
temperature, etc. notification
-
- Tag readings with time/date/location
-
- Can communicate wirelessly to aggregation pts or to remote
readers
-
- Ordinarily one-way communication outbound
- You should know where and how Smart Meters will be
deployed
18. Advanced Metering Infrastructure (AMI)
- Advanced Metering Infrastructure (AMI) includes hardware,
software, communications, customer associated systems and meter
data management(MDM) software
- AMI Meters support two-way communications and conforms to AMI
standards
-
- Where and how are you using AMI meters?
-
- What kinds of data and/or control are you passing to and
receiving from the utilities?
-
- Which products and services companies are involved in this AMI
implementation?
-
- Have the components been tested for security?
-
- Are you protected from eavesdropping and attack?
Img courtesy: http://seclab.uiuc.edu 19. Net Metering Img
courtesy cr.middlebury.edu
- Net Meteringrefers to the net result of considering the
production and consumption of electrical power by an organization
or a building
-
- Meaning "what remains after deductions" ... the deduction of
any energy outflows from metered energy inflows
-
- Under net metering, system owners receivecredit for the
electricity they generate
- Home or small business power generation generally includes:
solar, wind, fuel cell and micro co-generation (MCG) or Micro
combined heat and power (MCHP)
- You need to know whether your organization is going to invest
in power generation to create positive net metering
img courtesy of hilaroad.com Provided Generated $$ COST 20.
Demand Management
- Demand Managementrefers to the proactive reduction of power
demand during periods when energy-supply systems are
constrained
-
- This does not necessarily decrease total energy consumption, it
time shifts it
-
- Can reduce costs for participants
-
- Reduces the need for addition power generation
- Companies participate in order to achieve savings through
reduced consumption during mutually agreed periods
-
- How will the systems be configured to comply with the expected
reductions in service?
-
- How have the management systems been secured against corruption
or inadvertent reductions in power?
-
- Who will be empowered to reduce available power?
Peak period Off Peak Off Peak 21. Energy Storage
- Energy Storageis a critical enabler of the Smart Grid
capability to integrate renewable power
-
- Existing grid is a just in time/use it or lose it system
-
- Many renewables are variable (wind/no wind, sun/no sun) and
storage smoothes the cycle
- Energy storage technologies are arriving:
-
- Compressed air, flywheels, pumped water systems
-
- How much storage will be in place to support power
requirements?
-
- How is that storage managed and controlled?
-
- Who has access to the systems controlling and monitoring the
storage functions?
img courtesy upei.ca 22. Microgrids
- Microgridsare small-scale power supply and consumption
units
-
- Generating sufficient or nearly sufficient power for use in
served community
-
- Connected to traditional power infrastructure for back-up and
for surplus power trade
- Organizations, campuses, bases, and small communities can be
served via Microgrid
-
- The security of components and control systems that will manage
and monitor the microgrid
-
- The nature of data sharing/interconnect with other Microgrids,
Smart Grids, or traditional utility control elements
img courtesy of ieses.fsu.edu 23. Groups and resources to
know
- FERC : http://www.ferc.gov
-
- Federal Energy Regulatory Commission - Assist consumers in
obtaining reliable, efficient and sustainable energy services at a
reasonable cost through appropriate regulatory and market
means
- NERC : http://www.nerc.gov
-
- North American ElectricalReliabilityCorporation - Enforces
reliability standards with all U.S. users, owners, and operators of
the bulk power system.Owns responsibility for Smart Grid security
standards
- NIST : http://www.nist.gov/smartgrid
-
- National Institutes of Science and Technology Smart Grid
working group Responsible for creating recommendations for security
and interoperability of the Smart Grid
- DOE : http://www.oe.energy.gov/smartgrid.htm
-
- Department of Energy Office of Electricity and Reliability
Driving Smart Grid development and direction
- Gridwise Alliance : http://www.gridwise.org
-
- Gridwise Alliance Industry group working on cooperative
evolution of the Smart Grid
- National Demand Response Potential (FERC)
-
-
http://www.ferc.gov/legal/staff-reports/06-09-demand-response.pdf
- NIST Draft Smart Grid Interoperability Standards
-
- h
ttp://www.nist.gov/public_affairs/releases/smartgrid_interoperability.pdf
- 21 Steps to Improve Cyber Security of SCADA Networks
-
- http://www.oe.netl.doe.gov/docs/prepare/21stepsbooklet.pdf
- A Systems View of the Modern Grid, Appendix 3
-
-
http://www.netl.doe.gov/moderngrid/docs/ASystemsViewoftheModernGrid_Final_v2_0.pdf
- NERC Memo on Critical Cyber Asset Identification
-
-
http://online.wsj.com/public/resources/documents/CIP-002-Identification-Letter-040609.pdf
24. Where to begin, a checklist. Manage Identities and
Access:Create processes for ensuring appropriate access control to
planned strategic energy management and monitoring systems Protect
Data and Information:Ensure capability for granular protection
ofunstructured & structured data, data leak prevention and
acceptable use policy monitoring Control Software and Application
Releases:Process for assuring security, efficiency andintegrity of
any custom or contracted software development Manage Change and
Configuration:Mandate regular process for routine, emergency
andout-of-band changes that will minimize or prevent operational
outages Understand and Address Threats and
Vulnerabilities:Continually monitor systems and expert resources to
remain informed on protection for enterprise infrastructure for new
and emerging threats Implement Security Information and Event
Management:Automate the process of auditing, monitoring and
reporting on security and compliance posture across the enterprise
Manage Problems and Incidents:Designate responsibility and
ownership for any issues in security, reliability, or power
quality, and their investigation.Maintain trained event forensics
team or create relationship with expert provider Attain visibility
into organizational power strategy:Develop and maintain risk
profiles and lists of potential and planned partners and technology
acquisitions Provide Security Training & Ensure
Awareness:Ensure awareness of security issues in ppower and power
facilities by providing consistent training to end users and
operators 25. The Smart Grid IS coming Get Ready 26. Questions?
Jack Danahy Co-Author : The Smart Grid Security Blog
smartgridsecurity.blogspot.com [email_address]