The Smart Grid needs to get smart about security

While following the Connectivity Show in Santa Clara California, I thought I should follow-up on the at Greentech Media’s annual Smart Grid conference in Palm Springs last week.  I wanted to focus this article on Smart Grid security so I thought I should find some clear explanation of where we are now and then add my thoughts on where we need to be in smart grid security.  To get an indication of where we are I couldn’t pass up this simultaneously humorous and cautionary anecdote opening panel discussion from Smart Grid security guru, Massoud Amin of University of Minnesota, drawn from his most recent whitepaper:

Consider the following “sanitized” conversation showing the lack of awareness of inadvertent connection to the Internet for a power plant (200–250MW, gas-fired turbine, combined cycle, five years old, two operators, and typical multi-screen layout).

M.A.: Do you worry about cyber threats?

Operator: No, we are completely disconnected from the net.

M.A.: That’s great! This is a peaking unit, how do you know how much power to make?

Operator: The office receives an order from the ISO, then sends it over to us. We get the message here on this screen.

M.A.: Is that message coming in over the Internet?

Operator: Yes, we can see all the ISO to company traffic. Oh, that’s not good, is it?

Now with all due respect to the power companies, why should they even know how to spell IP? Their history in communications was to build stand alone power facilities and substations connected with point to point microwave communication links (many times upgraded to their own dark fiber point to points).  With this kind of money and private network capabilities, why would you ever worry about security?  You lived on you own island with your own power and communications grid and every thing was just fine.  Then came the smart grid.  By definition, the smart grid requires a two-way digital technology to control appliances at consumers’ homes to save energy, reduce cost and increase reliability and transparency.  A big change for power companies and admittedly a whole new learning curve with many power companies like PG&E setting up their own test labs begin learning this who knew an complex smart grid system (See: Inside PGE’s Smart Grid Lab Chris Knudsen, director of the technology innovation center at PG&E, shows us what they’re tinkering with).

utility meter

It didn’t take long for problem to occur.  Again, you need to understand that even smart meters were just dusted off 20 year old designs that were lying around waiting for someone to push the power companies into the 21 century. These designs were never meant to securely send a store data real time. It wasn’t long before serious security issues were found and were reported by respected security form like InGuardian and IOactive.  And we are not talking about someone hacking you PC.  When it comes to the power grid, the costs of remote hack attacks are potentially more dramatic. “The cost factor here is what’s turned on its head. We lose control of our grid, that’s far worse than a botnet taking over my home PC,” said Matthew Carpenter, senior security analyst of InGuardian, speaking at a panel at the RSA Security Conference in San Francisco .  So now with little knowledge of the Internet and security the power companies have billions of dollars of grant in hand with one big problem.  The grants mandate an iron clad security platform.

To add to the smart grid security problems some people think the power grid is the main target in the new battle in cyber wars.  Richard Clarke, the former anti-terrorism czar, has now turned his attention to a new national security threat, putting an attack of the power grid on the front lines.  In a recent NewsWeek article Clarke was quoted as saying, “I think the average American would understand it if they suddenly had no electricity. The U.S. government, [National Security Administration], and military have tried to access the power grid’s control systems from the public Internet. They’ve been able to do it every time they have tried. They have even tried to issue commands to see if they could get generators to explode. That’s the famous Aurora experiment in Idaho. Well, it worked. And we know there are other real cases, like the power grid taken out in Brazil as part of a blackmail scheme. So the government knows it can be done, the government admits it can be done, the government intends to do it to other countries. Even the Chinese military has talked publicly about how they would attack the U.S. power grid in a war and cause cascading failures.”

So what can we do to secure the grid now while upgrading it to smart grid capabilities?

Ed Smith, CEO of WirelessWall has one word, “Attack.” Having a military background he understands that you begin an attack by crippling an enemy’s communication and critical infrastructure. His civilian background has a long history of Situational Crisis Management, using Rapid Response Teams to facilitate the successful conclusion to crisis situations.  Armed with security that exceeds the DoD 8100.2 (DoD Directive on wireless security) and FIPS 140-2 End-to-End Security that was developed for the U.S. Navy to provide secure, mobile shipboard networks, Smith knows he has an immediately implementable data security solution that is simply not being recognized.

“People in the civilian sector are not upgrading their security for business reasons, basically to save money, not for security reasons. That can be tolerated if you are protecting data that involves a loss of money, but it is inexcusable when the lack of protection of data involves the loss of life. Let there be no doubt that an attack on critical infrastructure is an act of war and it is absolutely appropriate to use an available military solution to protect civilian lives.”

“We can’t afford not to put good enough security in our power grids. My company has offered our platform of higher security to VISA and others in the financial industry and made it clear that the retail industry POS terminals Data Security Standard (PCI DSS) has already been hacked, but nothing will be changed unless there are more attacks that cause greater losses. The PCI DSS standard will have to be raised, and ultimately will, but the Smart Power Grid protection has to be implemented now.”

“If you are a Smart Grid Integrator offering a solution, someone that has been breached, or better yet, don’t want to be breached, you have to be proactive.  Where are the power companies?  What are they waiting for?  PG&E, Duke Power, Florida Power and Light, Progress Energy, Sacramento Municipal Utility District (SMUD), we are right here in Silicon Valley California, WirelessWall can even be installed remotely and proven in a matter of hours so there is really no excuse for not putting this in their labs and testing it. After about 10 years of real-life military testing and the only wireless protection allowed by the DoE to secure nuclear sensors for the last 6 years, there is not a lab test that can come close to disputing the protection capabilities of WirelessWall. It is a time and situation proven solution and our Rapid Response Team approach is designed to install protection immediately”.

Like the old David and Goliath story, the power companies need to start embracing smaller company expertise and leverage their learning curve.  Like the security story of WirelessWall, the expertise of how to build these wireless network platforms resides in the companies that have had their products tested in real world municipal, public safety and military environments.  Companies like Tropos Networks, Trillium (SkyPilot), Mesh Dynamics, Strix Systems and Proxim, just to name of few, they were the trail blazers that learned along the way and can now bringing tested wireless network expertise to the smart grid.  With secure wireless solutions out there, power companies need to leverage the expertise of these wireless pioneers that have been there, done that and are ready to support a secure a wireless smart grid network with their tested solutions.

* * * * *

About the author

Larry Karisny is the Director of Project Safety.org and a consultant supporting local wireless broadband, smart grid, transportation and security platforms. ProjectSafety Business and Technology Cluster researches and deploys leading edge standards based technologies supporting secure migration paths to current and future wireless networks and network applications.

Comments

  1. Larry – you correctly highlight the broader security issue associated with the grid, not just the issue of personal privacy but the concern about a coordinated attack designed to bring down the grid. The first thing to note here is that the capability for such an attack already exists today as evidenced by the examples you quote in your article.

    Clearly we need to improve security around the grid to try to ward off such attacks but we should also recognize that we will never reach the point where the grid is secured.

    As in other fields, security is a game between the system operators and the hackers with each constantly trying to stay ahead of the other and no way to completely lock down a system and protect it from all possible attacks.

    This is why we need to start the process of re-architecting the grid into smaller, localized microgrids that are loosely coupled in a federation to help balance supply and demand across wider geographic areas but which can also island from the macrogrid to prevent the propagation of faults. In this way we move from a single large target that can be attacked and that will then propagate the fault throughout the network to a large number of much smaller targets.

    This is the most effective way to secure the grid from the types of attacks that you are highlighting.

  2. Larry Karisny says

    Good observation Niall. Just like we built separate enterprise networks for security, so can we build secure microgrids networks for the smart grid. The difference is that these networks need to interoperate much like a mesh networks design with out dropping the IP or encryption security.

    This makes security and carrying that same IP a little more difficult but you’re on the right path. People need to understand what private local IP networks are vs. public cell networks and the Internet. We can build these local IP networks for security but the network and the security platforms need to be built together.

    Check out some of the companies at the end of the article and their network designs. This should give you a good idea of what the a microgrid network actually looks like. Once networks like this are built, high end security encryption like WirelessWall can lock up each microgrid to the next.

    Even Vint Cerf in the opening of Connectivity Week said TCP/IP was never meant for security. Local IP microgrids though can be secured.

  3. Niall is right. There are some areas where no amount of cyber security can protect a system. Don’t forget most security breaches are physical. At the end of the day, the systems must be loosely coupled. Interconnection between systems must be done using carefully policed firewalling at the application layer. So I don’t agree with ‘meshing’ these systems, at least in the way I understand meshing, i.e. layer 3 networking.

    The problem with information security, like any security, is that it is ancillary, i.e. you don’t actually need it to function. I don’t need locks on my doors to be able to live in my house but I will get a nasty surprise when I find my life is disrupted by an intruder. Often, I will only add protection having been breached. Therefore, security always comes as an afterthought and, as Niall says, is a constant game, although I would prefer to call it a battle.