Tag Archives: smart grid

Connecting Two Networks: Electricity and the Internet

The engineers who built it proudly describe the electricity grid as man’s biggest machine.  And the Internet — well, it’s changing everything, or so it sometimes seems.

What happens when these two networks are brought together, say by putting in place a control system for the grid that can be accessed from the Internet?  We may be about to find out.

According to counter-terrorism expert Richard A. Clarke, we are conducting a huge experiment that could have huge consequences.  Earlier this year, Clarke released Cyber War: The Next Threat to National Security and What to Do About It that provoked quite a reaction.  Some loved it.  Glenn Harlan Reynolds wrote in the Wall Street Journal:

In some intelligence circles the threat of cyber attacks is scoffed at, but I think that Messrs. Clarke and Knake are right to sound the alarm. (Mr. Clarke, we should recall, was the head of counterterrorism security in the Clinton and George W. Bush administrations.) As Henry Fielding remarked long ago, those who lay the foundation of their own ruin find that others are apt to build upon it. By constructing, and then relying on, vulnerable systems that are now entwined with almost every aspect of American life, we have laid just such a foundation. The time has come to fix it or at least to refine the systems to avoid catastrophic failure.

Others hated it.  Ryan Singel wrote in Wired:

Clarke returns over and over to the security of the power grid, focusing on the systems known as SCADA that allow utilities to remotely monitor and control electric generation and transmission equipment. Here, he starts reasonably enough: Good security practices dictate that these systems should be unreachable from the public net, and, unfortunately, that’s not always the case. But from there, he quickly moves back to fantasy. He suggests darkly throughout the book that the nation’s power and chemical plants are all shot through with secret backdoors implanted by the Russian, North Korean and Chinese governments, even though there’s never been a single publicly documented case, outside of a vague and anonymously sourced article in the Wall Street Journal.

Singel’s criticism focuses on Clarke’s hyperbole and certain of his proposals for mandating security measures by Internet service providers.  Clarke himself acknowledges that Internet businesses, like most other businesses, are opposed to mandatory anything.

Singel seems to agree that the power grid is vulnerable.

More persuasively, Clarke argues the feds need to set some real, auditable and binding rules for companies that run critical infrastructure, such as the electrical grid. The current policy is driven by the rationale that private-sector companies have enough financial incentive to protect their network, and the government’s role should be limited to helping share information about threats among the stakeholders. That policy works well when it comes to companies like Google and Chase, which could lose customers if their networks are routinely hacked, but isn’t as effective for your energy company, which likely has no real competition.

As befits a long-time Washington insider, Clarke’s complaint boils down to a critique of the policy process.  His core prescription probably has wide support:

The only way to secure the grid is to require encryption of commands to the devices running the system, along with authentication of the sender, and a series of completely out-of-band channels that are not connected to the companies’ intranets or the public Internet. (See page 266.)

Why isn’t it happening?

The FERC has not required that, but it did finally issue some regulations in 2008.  It has not yet started to enforce them.  When it does, do not expect much. That commission completely lacks the skills and personnel needed to ensure that power companies disconnect their controls from any pathway that a hacker could use. (See page 266.)

Clarke proposes a “Cyber Defense Administration” that would be charged with securing critical portions of the civilian Internet, including power grid controls.

The mission of auditing the electric companies’ compliance should also be given to the Cyber Defense Administration, where the expertise could be built and where the overly chummy relationship with the industry exhibited by the FERC would not get in the way. (See page 266.)

Clarke’s critique of “grid governance” does not go past the FERC (for which he clearly has little respect.)  He would have become even grumpier had he discovered how balkanized the grid is, with important — and overlapping — roles played by NERC, state utility commissions, several federal entities (like TVA) and regional transmission organizations.  Clarke is a security guy — he wants to know the chain of command — who’s in charge of what and who’s responsible for which.

Smart Grid also comes under scrutiny.  The Obama Administration’s Smart Grid initiative promotes the installation of digitized and networked meters in homes and businesses to provide utilities and their customers with vastly more information about — and control over — energy use.  The promises of the Smart Grid are great — cost savings for consumers, reductions in power usage and more efficient use of existing transmission and distribution assets.

Clarke does not challenge these potential benefits but his concerned about proceeding with Smart Grid absent more effective cyber security.  Clarke asserts that, when it comes to Department of Energy cyber-security review of Smart Grid grant applications:

There are no publicly available standards. One idea for a standard might be that the taxpayers don’t give any of the $3.4 billion in Smart Grid money to companies that haven’t secured their current systems.

Clarke does not question the potential benefits of the Smart Grid.  What he worries about it is further digitization of grid controls without putting in place what he would consider to be adequate cyber security safeguards.  Gumming up the works with new federal regulations and telling businesses what to do hasn’t been the flavor of the month in Washington for quite a while, as the pessimistic Clarke acknowledges.

The author of Cyber War probably won’t take much comfort in the release of Smart Grid security guidelines by the National Institute of Standards and Technology.  Some critics have already panned it as closing the barn door after the horse has left.  And the question remains of who enforces any standards as well as how knowledgeably and aggressively they do so.


1 Comment

Filed under Uncategorized

Will Independent Audit Cool California Smart Meter Controversy?

The caution displayed by the Maryland Public Service Commission over BG&E’s smart meter proposal can be explained, in part, by the debate over Advanced Metering Infrastructure (AMI) installation in California.

Some Californians are even taking to the streets:

Thursday morning, about a dozen people launched a demonstration against the SmartMeters at a Pleasure Point vehicle yard where a contractor for PG&E has been staging for the installations. The demonstrators claimed success in keeping installation trucks from leaving the facility and vowed to return daily until the county’s SmartMeter moratorium becomes official.

Elected officials in Santa Cruz County have taken up the challenge and are confronting the state’s Public Utilities Commission:

“It’s hard to feel like we can wait and let the PUC do its job,” county Supervisor John Leopold told PUC supervisor Marzia Zafar. “We’re going to take any action we can to ensure citizens of this community have protection.”

Health concerns have grabbed the public’s attention.  The smart meters being installed by PG&E send data by emitting the same kind of radiation as cell phones do.

San Francisco petitioned the PUC to halt installations pending an independent review of the accuracy of the meters.  PG&E has installed over six million smart meters (both gas and electric) and is on target to install 10 million by 2012.  The utility is struggling to overcome a major lack of public trust.  The Mercury News continues:

But after months of insisting that there were no problems with the meters and that high bills could be traced to rate increases or air conditioning use during hot summer months, PG&E acknowledged some technical glitches with the program in April, including 23,000 gas meters that were installed improperly, 11,376 electric meters that failed to retain consumer usage information, and 9,000 electric meters that had trouble connecting with the wireless network.

The results of an independent review are now in and support the position of the utilities and the PUC.  The report can be found here.  USA Today reports:

The Structure Consulting Group of Houston, selected by the California Public Utilities Commission to review PG&E’s meters, found the meters more accurate than old ones. It also backed up PG&E’s claims that a 2009 heat wave and rate increases, one up to 23%, combined to radically boost bills.

According to the Mercury News, the reported noted the bad relations between the utility and its customers:

The 400-page report, released Thursday, blasted PG&E’s customer service culture, finding that customers were “consistently treated by PG&E as wrong, until the customer proved to PG&E that they were right.”

The dispute is centered in northern California — the state PUC has received many fewer complaints in the southern half of the state where a different utility operates.  The report did not address the health concerns about EMF radiation that is the latest topic to take off.

Smart meter deployment across the country is fueled by federal funding and involves major corporate players:

The SmartMeters are made by General Electric and the Swiss company Landis+Gyr. Redwood City-based Silver Spring Networks, a venture-backed company that counts several of the nation’s leading utility companies as clients, provides the communications software.

One can only hope that Maryland’s utilities will take advantage of the opportunity to learn from California’s mistakes.

Leave a comment

Filed under Uncategorized

Smart Meters for Everybody

Are you tired of waiting for your local utility to install smart meters to help you monitor your power usage?

Google got tired of waiting, too.  Now, for $200 you can buy a meter (TED 5000) that will track your power usage and send the data to your personal computer.  Google supplies the software at no cost.

If lots of people start to track their usage and then somehow combine their data using the Internet, interesting things may start to happen.

In the meantime, your household will benefit from the so-called Prius effect whereby the simple act of monitoring usage causes a reduction.  The TED 5000 will probably pay for itself in a year or two.

Then there’s the issue of who owns your electricity usage data.  That’s right, some utilities think they own your data.  We’ll let Google fight that one.

Leave a comment

Filed under Uncategorized