Telecom to the Rescue

The need to reduce operating costs and improve reliability and energy efficiency makes the move towards smart grid technology inevitable. However, until a complete infrastructure is in place, I think that security problems are also inevitable. While the advantages of smart grid technology are impressive, the implications of a security breach are troubling. Without adequate security measures, utilities could be vulnerable to fraud, theft of service and process interruption. As a result, consumers could face unexpected service interruption and loss of data privacy. Utilities could be exposed to liability claims if they don’t comply with various laws to protect consumer privacy.

Rise of Smart Grid Cyber Security

The vulnerability of the smart grid infrastructure to cyber-attacks is expected to drive a boom in security spending for utilities. According to a February 2010 report from Pike Research, the smart grid cyber security sector will increase from $1.2 billion in 2009 to $3.7 billion by 2015. During the period from 2010 to 2015, the research firm anticipates that a total of approximately $21 billion will be invested in global smart grid cyber security deployments.

For smart grids to become viable, utility companies must collaborate through interconnected components, such as smart meters, fault sensors, switches, storage devices and energy management systems through an IP network?similar to the technology used by telecoms. Collaborative smart grids can be enabled by cloud computing technology, but cloud computing, if not implemented correctly, has security risks as well.

Potential Solutions to Anticipated Problems

As I see it, utilities seeking to reduce smart grid cyber security risks should apply the same best practices and industry standards currently used by proprietary data centers in hosted environments managed by third party solution providers. Where appropriate to collaborate with other utilities and to take advantage of gained efficiencies by utilizing shared resources, they should transition their servers to the cloud.  In addition to utilizing a world class Global Network Operations Center (GNOC) monitored by a trained staff, practices include:

  • malware filtering at the network perimeter,
  • intrusion detection/intrusion prevention systems,
  • data loss prevention and others.

Commercial hosted services are often more secure since they serve multiple customers and have to adhere to multiple evaluation standards.  As an additional incentive, the liabilities are much more significant.

According to Art Maria, the Chief Enterprise Architect here at AT&T, a solid security option for utilities is to collaborate with hosted service providers that have implemented datacenters in compliance with ISO standards and that meet SAS70 certification. Whether hosted by a utility or a solutions provider, smart grid security standards must be implemented and maintained by a team that can keep pace with the fast-evolving cyber security threats.

What other Smart Grid security concerns are particularly troubling to you?
The Networking Exchange Blog Team About NEB Team