Will security issues stifle smart grid investment?

Will cyber security at last be the horse before the cart or just another after thought when building the smart grid? Larry Karisny, contributing writer for Government Technology Magazine and MuniWireless, weighs in with some industry heavy hitters.
By: Larry Karisny
 
Nov. 19, 2010 - PRLog -- With billions of dollars of public and private smart grid investment in place and billions more in forecasted network hardware and software shipments, will enthusiasm for the smart grid be dampened by security concerns? Current smart meter deployment trends and reported security breaches point towards that possibility. A recent Pike Research report entitled “Smart Grid: 10 Trends to Watch 2011 and Beyond” maintains that “security will become the top smart grid concern”.
Making the dumb grid smart

Power and utility companies made a difficult start when it came to securing the smart grid. Their basic network grid topology was built on stand-alone facilities offering limited interactive networked intelligence from the substation, distribution and transmission side, with even fewer capabilities on the user demand side. With limited network capabilities in place, power companies pushed to offer end user network intelligence for every user on the demand side of the grid.

This approach may seem backwards for most network and security people but it was necessary to show smart grid utility ROI and power generation savings quickly. The basic demand side theory was that if you could gather intelligence from the power grid demand side first, you could immediately reduce peak load consumption offering tremendous capital and raw material recurring savings. The problem was that these end network communication devices were rushed out without sufficient security in place, and over time, not surprisingly, security breaches occurred.

Consider this power grid communication infrastructure, and then try to securely deploy an interactive network to a real time database connected to every electricity user. Quite a daunting task.
Security breaches confirmed and the criminal element defined

Security breaches in power plants have now been documented and the recent Stuxnet attacks have been called “without precedent” and “a game changer” by Sean McGurk, head of the Department of Homeland Security’s Cybersecurity Center. Pike Research reported:

For every problem lies an opportunity and indeed these opportunities are outlined by Pike Research in their smart grid security revenue projections. With opportunities come different ideas on dealing with the security problem.

Grid Net has just released a white paper entitled “Assuring a Secure Smart Grid”. The white paper begins by stating “to build a secure, resilient, mission-critical Smart Grid network, utilities require technology that is secure, reliable, and self healing. The growth of the Smart Grid and the advanced security technology will necessarily go hand in hand. The electricity grid is the foundation infrastructure on which rests not only economic performance, but also public and personal health, safety and welfare. Without robust security in place, the Smart Grid-will not -and should-be built and deployed.”

By applying over 40 standards, Grid Net’s approach to the smart grid security is “multi-layer.” The core architecture delivers an end-to-end secure solution, which begins with PolicyNet SmartNOS and Smart Grid devices (smart meters, routers, inverters, and customer devices), proceeds to data encryption for both data storage and data transport on the network, and concludes with PolicyNet SmartGrid NMS at the Utility NOC. The PolicyNet software suite is based on three foundations – Architecture, Process, and Response-that take a “defense-in-depth” approach to security to provide robust end-to-end security.

SmartSynch came out with a hardware product called the GridRouter which is a smart grid solution that serves as an IP-addressable, external interface offering WAN, LAN and HAN connectivity to a variety of smart grid devices. The GridRouter acts as a wireless “pipe” capable of transmitting and receiving data over public wireless networks using Internet-based or other open standards. Through the GridRouter and its use of public wireless networks, utilities can quickly and affordably spot-deploy smart grid applications, including load profile and control, power quality monitoring, distribution automation, and standby generator control. The GridRouter also enables utilities to support homeowner-focused smart metering programs such as demand response, demand-side management and real-time pricing. It uses an IPsec Security Platform using Public Key Infrastructure (PKI) VPN Subtunnels to Connected IP end-devices with Digital Certificates and AES 256-bit Encryption connecting VPN Tunnels to Each GridRouter Port.

WirelessWall offers a standards based, FIPS 140-2 solution to securing at Layer 2 with a unique approach – implementing an IEEE Robust Secure Network for everything. According to CTO Phil Smith, “WirelessWall is elegance through simplicity. It can best be described as WPA2-Enterprise in software (AES 128-bit CCMP, 802.1x and EAP-TTLS mutual authentication).” Billed as a high-throughput and lightweight encrypting firewall, a central part of the WirelessWall advantage is providing uniform security across multiple domains which in the case of Smart Meters, would be HAN (Zigbee) and backhaul (WiFi, WiMax, broadband, Mesh, etc.).  Phil goes on to say, “without WirelessWall, it is like the Tower of Babel. Management complexity makes it operationally infeasible and cost prohibitive to use different security methods for each type of network. Inconsistency and complexity lead to vulnerabilities. Our strength is securing end-to-end at Layer 2 to provide cohesion, uniformity and interoperability. “

FYRM Associates offer a completely different approach in addressing need smart grid security needs. Tony Flick has worked for over eight years in the security industry and is currently a Principal with Tampa-based FYRM Associates. He has presented at Black Hat, DEF CON, ShmooCon and OWASP chapter meetings on Smart Grid and application security concepts related challenges in his book - Securing the Smart Grid. Tony sees a different approach needs to be taken in addressing smart grid security:

   “A secure smart grid can be implemented through effective security controls. By focusing on security controls, rather than individual vulnerabilities and threats, utility companies and smart grid technology vendors can remediate the root cause issues that lead to vulnerabilities. As history has shown, these security controls are much more difficult and some times impossible to be added on; they need to be integrated from the beginning to minimize implementation issues. Additionally, new threats and attacks will arise and thus, the operating effectiveness of the implemented security controls must be assessed on a regular basis to ensure smart grids are protected against the ever-evolving threat landscape.”

Conclusion

Every security approach has advantages and disadvantages. Some have complexities that will add to the cost of deployment, while others may put loads on the network that can affect recurring cost in bandwidth and potentially unacceptable network latency. Some may be simple but only be part of the required solution, while others will be continued upgraded.

Security solutions may differ, but the clear message in the smart grid is to get effective security deployed and get it deployed now. With billions of dollars in deployments on hold, there must be a concerted effort to fund immediate, short term and long term security solutions for the smart grid or the smart grid is not going to get smart anytime soon.

* * * * *

About the author

Larry Karisny is the Director of Project Safety.org and a consultant supporting local wireless broadband, smart grid, transportation and network security platforms. ProjectSafety Business and Technology Cluster researches and deploys leading-edge standards based technologies supporting secure migration paths to current and future wireless networks and network applications.

# # #

ProjectSafety Business and Technology Cluster researches and deploys leading edge standards based technologies supporting secure migration paths to future wireless networks and network applications.
End
Source:Larry Karisny
Email:***@gmail.com Email Verified
Tags:Smart Grid Security, Smart Grid Cyber Security, Larry Karisny, Wirelesswall
Location:United States
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse



Like PRLog?
9K2K1K
Click to Share