Smart Grid Challenges

Cyber Security Concerns

Cyber security is the ability of electric networks to detect and respond to unwanted intrusions by hackers or terrorists into grid-connected software and hardware systems, including protections to prevent unauthorized access to data or system controls. DOE activities include development of standards and analysis tools, and assessment of lessons learned and best practices.

The terrorist attacks in the United States have broadened our view of the critical issues in homeland security. The smoldering fires of the attacks have since been put out, but the race to extinguish the threatening sparks on our nations' security is like an eternal torch that lives on. With eyes wide open, businesses and government agencies are now developing ways to make our country stronger and more secure.

Like other industries, the Power Industry has not been immunized against terrorist attacks, but has found itself on the front lines of the battle. Attacks could come in several different forms. We have all seen the effects of physical attacks, but what about the types of attack that can't readily be detected, such as in the air we breathe, or in the water we drink. There are also other silent types of attack involving cyberspace. No matter how you look at it, they all have devastating consequences. Our secure future depends on understanding the big picture and the viable solutions to all these potential security threats.

Facing the fact that another physical attack can and may happen, has pushed the power industry to categorize the power grid's security concerns into groups, ranging from high to low risk levels for various types of attacks. Among the defined groups, 'physical places' of high concern are nuclear power plants, large generation stations, the Trans-Alaska Pipeline System (TAPS), hydroelectric dams, and large waterways. Although the power grid works as a whole, there are several key pieces that affect the grid security puzzle. Each section or area of the grid has an overall obligation to ensure 'their portion of the puzzle' is safe and secure. To expose potential vulnerabilities, businesses must establish scenarios to be played out, before viable solutions can be obtained. There are so many what-ifs to consider that security measures are not simple. The example of the collapse of the Twin Towers was one scenario not expected, and security measures to avoid this possibility were not really considered prior to 9/11/2001.

An attack on key components of the power grid could quickly cripple the country with a domino affect. Power outages can affect every day supplies that we all depend on. The extra-high voltage transformers are particularly vulnerable, and backup transformers are generally in limited supply. While replacements could take many months, our power system would be operating less than the demand. Another threat is that of energy reserve capacity, which is also scarce. Solutions need to be developed that not only prevent terrorist attacks, but also help to recover from them. With several thousand miles of remote territory for energy transmission, the American Academy of Sciences (an independent panel that advises the government) has suggested using spy satellites to monitor the power grid. This strategy would also be considered for TAPS, since there are many miles of vulnerable pipeline too.

A crucial concern for the U.S. is the large percentage of fuels that are imported from foreign suppliers. Significant interest in renewable fuels, and ways of how best to implement their use are now seriously being considered. The threat of being cut-off from fuel supplies, or having a supply attacked while in route, could be devastating. Alternative ideas and security measures are now in motion to help ensure homeland security is effective.

Cyber Security - the weakest link! With today's' dependence on the Internet, the U.S. has become an open, but vulnerable society. A large majority of society is connected to the Internet in one way or another, whether it is at work or for personal use. Many people today are engaged in electronic communications, which introduces several levels of vulnerability. In addition, many businesses and individuals are not just connected via one connection, they are often connected through multiple connections; like home to work, or work to other outside businesses, which makes the need for security a number one priority.

A large volume of computer data is broadcast through the air, like TV signals or radio waves. Hackers have learned to listen and interpret the ones and zeros that are being transmitted, and are able to tune into your "business conversations" whether personal or not, just like tuning into a radio. Tracking hackers can be very difficult; they often use several different ways of communicating. The public Internet system used by many today, is just one of the ways hackers or terrorists avoid detection in planning their attacks.

A cyber attack could come in the form of interruptions to banking transactions, water supplies, access to 911 services, stock market exchanges, disruption of air traffic control, telephone services, or interruption to power supplies affecting millions of homes and businesses. Additionally, hackers can overwhelm Web sites with voluminous junk data, and render it useless, or cause the denial of services, which may cause temporary or long-term shut downs. Computer viruses, worms, or programs that contain self-extracting destruction routines that can erase large amounts of computer data, and are still very much in use today.

The Power Industry is not exempt from attacks. In regards to the electric grid, the entire system has become weak and vulnerable, i.e., small attacks that could have a much wider impact. If one plant or control system were to become damaged, it could put unlimited stress on other operating systems causing possible malfunctions or even a shutdown. Until key phases of the new system architecture are complete, the grid has the potential for rolling blackouts and domino affects. With knowledge of system weaknesses, attackers have a strategic means to attack. Since hackers prey on weaknesses, the Power Industry must do everything possible to keep up with the new security technologies in cyberspace.

Outdated software and limited security programs run a good percentage of the power grid today. These include; Distributed Control Systems (DCS), Programmable Logic Controllers (PLCs), and substation Supervisory Control and Data Acquisition (Scada) systems, which were designed as proprietary, and considered as stand-alone systems, which making them inherently more secure. However, these types of systems had lacked the necessary bandwidth to properly accommodate today's' communication requirements, and operational capabilities. With technologies and standards changing to support the Smart Grid iniatives, the urgency and need for security continues to increase as we make the transition to a "Smarter Grid" infrastructure.

Standardization and Interoperability

Need for standardization across the industry is imperative to support interoperability of software services, applications and systems. Interoperability has been defined by the Institute of Electrical and Electronics Engineers, IEEE Standard Computer Dictionary as "the ability of two or more systems or components to exchange information and to use the information that has been exchanged." The capability to understand and use the information being exchanged is crucial to support interoperability among differing services, applications and systems.

Throughout the Power Industry, the capability to exchange information among a large group of industry vendors, as well as the large variety of vendor's systems, services and applications that are involved with the various Smart Grid initiatives can pose significant challenges. The solution involves the development and adherence to rules (standards) for interacting (interoperability) between all components involved.

Government organizations are also increasingly promoting standardization to support interoperability. The rationale for supporting standardization, in particular open standards, is technical, economic, and political. The technical rationale is to promote maximum interoperability to enable the universal and efficient exchange of information among technologies, regardless of manufacturer or geographical region. The economic rationale is to foster an environment of competition among products based on the standard and provide fertile ground for national entrepreneurship and innovation. The political rationale for standardization is to contribute to efficient and accountable government functions.

Security has also made interoperability more of a challenge. No longer can someone just plug in a new component to interact with other components in a system. Rather, the new component must be authenticated before use of information that would be exchanged with the new component. This requires enhanced security measures be incorporated to ensure the real identity of a wide-range of components (e.g., devices, services, applications, etc.) within an environment in order to support secure interoperability across the components.

There are a number of financial considerations as well when it comes to standardization and interoperability. Utilities and other organizations involved with the Power Indsutry, who have invested heavily in their current IT infrastructure, cannot simply throw away their technology investments. There must be a migration path to support increasing interoperability of new services, applications and systems within an existing IT environment. Smart Grid device vendors and solution providers too, cannot readily adapt their existing solutions to be in compliance with new standards without incurring an additional financial burden due to new development, testing and updating of the particular solutions to support these standards.

Interoperability and the use of standards can increase cost savings over the long term by providing life-cycle maintenance savings. In addition, further savings can be realized with the upgrading and replacement of components through simple "plug-in" techniques. Long-term cost savings should be considered when deciding on technologies/solutions that support interoperability.

As the Power Industry and Smart Grid technology evolves, there is greater need for interoperability and the standardization that make the Smart Grid initiatives a reality.