Grid Week: Cyber-security concerns plague the grid

WASHINGTON, D.C. – As a rich, two-way communications network, the smart grid will be ripe for hacking by terrorists or even juvenile delinquents. The reason why they’ll do it? Because they can. Cyber-security experts speaking this week at Grid Week agreed that the industry will never see a system that cannot be compromised. Threats to the grid are bringing up new fears in utilities, but also causing them to figure out how to build security into the network, not tack it on in reaction to the first attack.

“Utilities take the security of the supply of electricity very, very seriously,” said US Department of Energy Secretary Steven Chu in his Grid Week keynote. “When you get a brownout or blackout or failure, there are lots of angry people out there and the suppliers of the energy bear the brunt of it.” Chu said there may be a government coordinator role to security, but since the utilities are customer-facing, they ultimately have to take responsibility. “The more automatic it comes, the more interconnected it becomes, the more vulnerabilities.”

The DOE has included a provision in its stimulus funding application program specifically requiring utilities to outline how they will address cyber-security. If a utility doesn’t have it as part of their funding application, the DOE reserves the right to reject that application, said Dave Dalva, director of security solutions at Cisco. Companies such as Cisco and Alcatel-Lucent, as well as telcos, are actively exploring the security space too. While fear that public networks are not secure enough has kept many utilities from relying on telcos, it is this history of exposure to network threats that gives the telcos knowledge – and potentially services – to share.

“The telecom industry can teach us a lot about raising the level of reliability and security as it relates to infrastructure,” said Enrique Santacana, president and CEO of power and automation vendor ABB.

The National Institute of Standards and Technology (NIST) and its member groups, including the the Institute of Electrical and Electronic Engineers (IEEE), are working to even the playing field by making all technology, devices and systems involved in the grid interoperable. A byproduct of interoperability on an open network, however, is vulnerability. There needs to be tight control over who has access to any in-home information, said Saifur Rahman, Fellow and vice president for new initiatives and outreach at IEEE. Rahman, also a professor at Virginia Tech University, has helped form a new Masters track on security at the University. Both Verizon and AT&T have representatives on the board deciding what to teach, he said.

“That is where utilities and telecom service providers, as well as people who provide end-use devices and wireless services need to be involved,” Rahman said. “That industry has not really been involved with the power industry in the past; this is new…It’s a platform that in the power industry, we are inviting people like Intel, IBM and Cisco and Verizon and AT&T to play and bring their expertise and make sure the end product has everyone’s contributions in the hardware and in maintaining it to make it work.”

Members of a cyber-security panel, including representatives from Homeland Security, Verizon, Cisco and NIST all stressed that security has to be built into the smart grid, not tacked on after the fact. Utilities can rely on security measures that have already been in place in other industry verticals, said Marcus Sachs, Executive Director of Government Affairs for National Security Policy at Verizon. The threats are the same as they have always been – adolescents, nation-states and organized crime groups, which are actually the grid’s biggest threat, he said, but public-private partnerships and the work of NIST will help.

“We are sitting on top of an awesome opportunity for the electric power and communications sectors to show the rest of the world how to do it right,” Sachs said. “There are lots of challenges – technical, political and cultural – that we need to overcome….We are the generation that can do it right.”