The good news from this past week’s Smart Grid Security Summit was a consensus we now have the technology needed to enable the smart grid. It’s just the start, however.
The better news – because on the other side of problems lies opportunity – is the technology is not integrated, scaled, or secured enough. Also, in the quest to develop better connections with consumers, social media is coming to the forefront.
Integration is still a challenge. At the lowest layer, we have the basics of sensors and networking in place. I asked some folks about standards, and their not-so-in-jest response was: “Which ones?”. That will sort itself out soon, it always does as architects converge. At the next layer, there are folks asking vendors for interoperability testing, but until utilities line up around at least a baseline of common functionality plus some value add unique to their system, it’s hard to deliver that. As one person put it: “Nobody will pay for someone else’s functionality, but they won’t pay if they don’t get theirs, either.” The idea is folks have to converge on a set of stuff and stop asking for a complete whiteboard, full custom solution.
Scalability is a big issue – it’s the same issue people term “big data” elsewhere. Although the data from a single sensor on a device, be it a smart meter, or something in the distribution or generation network, isn’t a lot or very high bandwidth, there are millions of points each utility is dealing with. The in-vogue solution – the cloud – isn’t exactly a solution in some folks eyes. For instance, the compliance types are asking where, exactly, is the data stored? Do we know it’s there? Can we retrieve it, physically, in case of an audit or other need? If you build a private cloud using your own resources and understand the architecture, you might be able to answer that question. If you outsource cloud services to someone, that’s much tougher to answer.
Security is never absolute, as speakers at the conference have reinforced many times. We have the basic pieces of cryptography, although there are important efforts to get it on much lower power microcontrollers. One burning issue people are working on is key management. There are many aspects people are worried about: creating keys securely and being sure nobody can hack that and create their own is just the start. Getting keys on devices, then getting that device on the grid in the right location and verifying it and it’s configuration is next. Preventing unauthorized devices, maybe even ones with legitimate keys but showing up in unexpected spots, is another layer. There is no framework for key management right now – it’s totally ad-hoc. The standards bodies are gathering to try to put their arms around this one. This also brings items like new, much more sophisticated network mapping tools into play.
In parallel with those three issues, there are the continuing issues related to consumer privacy, which can’t just be mandated with policy but has to be put in place with people in the loop. People are starting to ask what “data on the move” – on mobile devices – really means. There’s also a sense that social media can really help. The recent SDGE outage, caused by a major glitch in a transmission line feeding San Diego from Arizona, was handled smoothly in part because information flowed from the utility to consumers and their mobile devices over Twitter and Facebook. I’d classify that as an important piece of the smart grid moving forward.
These were the major issues, and there were a lot of great security-specific ideas at the conference. This is actually a teaser for some exciting new content coming soon. You’ll be able to see many of these issues discussed in one-on-one videos we did at the conference with an array of guests from utilities, vendors, and agencies – for now, food for thought. What other opportunities do you see in developing the smart grid? Are these the right issues of concern that merit effort?