Can a smarter grid outwit cyber attacks?
ibm-page-tools
Smarter grids build in cyber security measures
One of the most significant technology evolutions of our time—the transformation of our electricity infrastructure into a smart grid—could soon be happening right in your own home, starting with your meter.
The United States already has some 8.3 million smart meters1, or more than six percent of its total number of residential electricity meters. To accelerate this transformation, the Obama Administration's American Recovery and Reinvestment Act of 2009 earmarks US$4.5 billion2 in spending for Smart Grid technology, and there is a major push among governmental agencies to finalize interoperability and security standards.
The idea of the smart grid is to modernize the electricity industry, whose distribution grid was built almost 40 years ago, by overlaying it with digital technologies. This will give it a "nervous system" to sense and respond to events anywhere along the network. However, as the grid transforms from a one-way distribution network to a more two-way system based on modern computer protocols, it can increase the exposure to cyber attacks by hackers who have spent years refining new ways to shut down Internet networks. And the stakes are enormous.
The good news
IBM has helped to evolve Internet security technologies, architectural frameworks and secure networks for high-risk industries such as banking and government, to the point where they can contribute much to keeping a smart grid secure.
Securing the smart grid is about "managing a continuum of risk" across all of the components of the grid, from the central power station through the network of substations down to the house meter. "It's about more than locking down data or access behind a firewall, which is simplistic," says Jeffrey Katz, chief technology officer for IBM's energy and utilities business. "It's important to understand the complex systems involved and build in controls within that context." And any security strategy must incorporate ongoing testing.
"Just the fact that the grid is smarter means that we can have more visibility into what's happening where," points out Katz. "We can detect outages and respond more quickly, redirecting power or shutting down a substation. Pick up abnormal incidents out in the network. Set parameters so that small events won't trigger bigger problems. Greater visibility into the grid in itself ultimately leads to better security."
Air gaps prevent network penetration
Even if a grid uses Internet protocol, (the type of messaging that occurs on the Internet) this does not mean there is a direct pathway from the external Internet to any point within the grid network, including meters. This is because "air gaps" physically separate critical control networks from public networks. Other techniques, including defensive application programming, firewalls and proxies, can set up a "moat" or separation between the private assets of the grid and the public Internet.
Software that defends against anomalies
A key consideration in securing a smart grid is the amount of software in the system. A critical best practice is defensive programming. This means that software should be written to be as predictable as possible in the wake of all unexpected data; this could be as simple as a data input that exceeds character count and produces an error message—and potential vulnerability to hackers. Source code must be as bug free as possible and comprehensible enough to perform well in all audits.
Analytics: patrolling the grid
Analytics software, such as IBM provides through its Solution Architecture for Energy and Utilities Framework (SAFE), provides the capability to monitor all of the inputs coming in through the smart grid network and can be programmed to flag events that indicate security breaches, such as suspicious patterns of usage or cessation of hourly readings. Beyond security analytics, operational analytics can even predict events, based on recognizing certain indicators, and automatically trigger preventive actions. "It's like putting more patrolmen on the streets," says Katz, "We gain observers at all points throughout the network." Also like patrolmen, vigilance should be maintained by security testing throughout the lifetime of the smart grid, not just for the duration of the original project.
Oncor, the largest regulated transmission and distribution system in Texas, is leading one of the largest deployments of smart grid technologies in the nation and is scheduled to replace 3.4 million standard meters with advanced meter systems by 2012. As the lead systems integrator, IBM contributed to Oncor's significant milestone this summer: the reporting of 15-minute interval, billable quality data to the Texas market.
IBM is providing expertise in smart metering and systems integration, large-scale data management, business analytics, and security solutions. The security solution will focus on the data center and include identity and access management, the security functions at the Web services level enabled through IBM Solution Architecture for Energy and Utilities Framework (SAFE), compliance, auditing and governance.
1 http://seekingalpha.com/article/149728-8-3-million-u-s-smart-meters-and-counting
Get your complimentary copy of The Energy and Utilities Project: Shaping a New Era in Energy, the ninth volume of utility industry thought leadership.
IBM sponsored an IDC Webinar about smart grid cybersecurity on September 14. Listen to the replay.
How does a smarter planet manage its energy? Find out more.
