grego grid jp final
Post on 08-Apr-2018
225 Views
Preview:
TRANSCRIPT
-
8/7/2019 Grego Grid JP Final
1/25
-
8/7/2019 Grego Grid JP Final
2/25
Grego 1
Contents
Executive Summary.............................................................................................................................. 2
Overview and Importance ........................... ............................ ....................... ................................ ...... 3
Background.......................................................................................................................................... 4
Smart Grid Defined .......................................................................................................................... 4
Strengths of the Smart Grid ....................... ............................... ....................... ................................ . 5
Weaknesses and Threats ............................ .............................. ...................... ................................ .. 6
Findings and Recommendations ........................................................................................................ 13
Information Sharing ....................................................................................................................... 14
Reserve and Redundancy ............................................................................................................... 15
Cyber Security ................................................................................................................................ 16
High Impact, Low Frequency (HILF) Events ..................................................................................... 19
Conclusion ............................................................................................................................................. 21
Endnotes ........................................................................................................................................... 23
Works Cited..23
-
8/7/2019 Grego Grid JP Final
3/25
Grego 2
Executive Summary
The implementation of the smart grid raises questions about the security and reliability of
the new system. Everything from physical and cyber attacks, to electromagnetic pulse and solar
storms all pose potentially serious risks to a smart system. Some of these threats are present in
the current system as well and will require collaborative strategies to ensure the security of the
US bulk power system.
The following report outlines the strengths and weaknesses of the current grid and the
potential smart grid. It highlights critical risk areas that could be exploited under a smart grid
system and also analyzes the current grid with respect to these security concerns. It concludes by
outlining key findings and recommendations for the future of the smart grid and the US bulk
power system.
KEY FINDINGS AND RECOMMENDATIONS
- Information Sharingo Information sharing will be critical across the entities responsible for the electric
grid and should remain a priority.- Reserve and Redundancy
o Contingency planning for an emergency should include the capability to replace
damaged equipment.
- Cyber Securityo The field of cyber security should be dealt with from every available perspective.
Diplomatic agreements, government coordination, and industry regulation shouldall be used to adapt to this quickly changing field.
- High Impact, Low Frequency (HILF) Eventso Industry regulators should remain conscious of possible events with grid wide
implications. Although unlikely, these events will have to be dealt with
separately to ensure the security of the power grid.
-
8/7/2019 Grego Grid JP Final
4/25
Grego 3
Overview and Importance
The implementation of smart grid technologies into the current electric infrastructure in
the United States has significant promise to increase efficiency and reliability but also poses
serious security questions. By Homeland Security Presidential Directive-7, the US electric
system has been identified as a primary concern of all infrastructure systems as a one of North
Americas Critical Infrastructure and Key Resource systems.1
The reliable and constant supply
of electricity is not only vital to maintain the current standard of living in the United States but
almost all industry, infrastructure, information and security entities are modeled with secure
access to electricity as a given. Therefore the need for a secure electric grid contributes to almost
all fields of US domestic policy.
The current grid system, through direct government and industry regulation has been able
to meet many security challenges by virtue of its excess capacity, detailed command systems,
and transmission redundancy. Excess capacity thresholds established and regulated by the North
American Electric Reliability Corporation (NERC)2
ensure that in the event of a failure of a
major generator there is reserve capacity in other generators to meet load demands. .3
Similarly,
the current bulk power system creates a large incentive for excess capacity because as the
demand for electricity varies throughout the day more producers are brought on line to meet the
increased demand at a higher price. Many plants lie dormant until a bulk power price threshold
is reached at which time they begin to sell power. This allows the market to bear significant
excess capacity that can be called upon in an emergency.
1Homeland Security Presidential Directive-7.Department of Homeland Security.December 13, 2003.
http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm 2
Reliability Standards North American Electric Reliability Corporation Website. Accessed 4/28/2011.
http://www.nerc.com/page.php?cid=2|203
Ibid.
-
8/7/2019 Grego Grid JP Final
5/25
Grego 4
Additionally, these communications are monitored and initiated by human controllers at
Regional Transmission Organizations (RTOs). This allows for executive control and support in
crisis management situations as well as prioritization of resources. Lastly, the grid has redundant
transmission and distribution routes built into it in order to incorporate the various producers and
markets. This ensures that the destruction of one line will not lead to compounding blackouts.
The smart grid also has particular strengths that can increase reliability in the current
grid. It has promise to do everything from efficiently distributing electricity in a consumer
conscious manner, to allowing for better energy storage to accommodate renewable energy
sources, to self-healing in the event of an outage or attack and providing forensic data analysis
of lapses in reliability.4
All of these elements have great promise to increase reliability and capabilities in a smart
grid system but there are vulnerabilities that would affect the Smart Grid just as much as the
current grid. Electronic components will always be vulnerable to electro-magnetic pulse in either
system. Also, the staff required to oversee and run the grid as well as the facilities themselves are
subject to attack. And lastly, both grids rely heavily on computer monitoring and data
transmission that needs to be protected for the grid to function.
Background
Smart Grid Defined
The Smart Grid is a concept for integrating new technologies into the electric grid. It is
comprised of a number of new innovations from demand-response monitors to improved
diagnostic data analysis and energy storage capabilities. The US Department of Energy (DOE)
and National Energy Technology Laboratorys Modern Grid Strategy project along with industry
leaders have established seven characteristics and implicit goals of a smart grid.
4Smart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm
-
8/7/2019 Grego Grid JP Final
6/25
Grego 5
1. Self-healing from power disturbance events
2. Enabling active participation by consumers in demand response
3. Operating resiliently against physical and cyber attack
4. Providing Power quality for 21st century needs
5. Accommodating all generation and storage options
6. Enabling new products, services, and markets
7. Optimizing assets and operating efficiently5
Taken individually, each of these criteria yields volumes of technical data and implementation
questions. However, taken as a whole they represent a working model of the smart grid. More
directly related to cyber-security is the issue of incorporating computer analysis and digital
communication into smart grid practices. While this is implied in characteristic number seven,
the digital data collection and transmission poses unique strengths and weaknesses that affect
security policy for the smart grid
Strengths of the Smart Grid
In theory, the smart grid will expand upon the current grid monitoring technologies and
use real time data analysis to record and mitigate distribution and outage issues. The mountain of
data produced over time by producers, distributers and individual demand response units could
streamline production and distribution. Also, the smart grids storage technologies could not only
allow for further integration of alternative energy sources such as wind as solar, which rely on
intermittent weather patterns and therefore require storage for large scale viability.6
Lastly, smart
grid technologies have the potential for automation and self-healing processes which could ease
the load on electricity managers and regulators as well as provide a back up emergency
management system in the case of a personnel crisis.
One risk highlighted by the North American Electric Reliability Corporations (NERC)
High Impact, Low Frequency (HILF) Study is that of a pandemic, which could drastically inhibit
5Smart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm
6Ibid.
-
8/7/2019 Grego Grid JP Final
7/25
Grego 6
the effectiveness of an actively managed grid.7
Smart grid technologies could replicate some
functions carried out by highly trained individuals in the event of such a personnel emergency.8
Weaknesses and Threats
While various elements of a smart grid system could prove advantageous from a security
perspective, data and decentralized control systems could provide access points for a slew of
cyber attacks ranging from personal data liability to denial of service. However, the Smart Grid
has will still be subject to certain threats that affect the security of the current grid. These
different threat types are outlined below.
Geomagnetic Disturbance (GMD), High Altitude Electro-Magnetic Pulse (HEMP)
The effect s of electromagnetic pulse on electrical systems has been well known and
documented since the early 20th
century. However, recent research has revealed new elements
and dangers to particular systems associated with the electric grid. In particular, unprotected
wires in command and control centers which are used for data rather than transmission have been
showed to be vulnerable to electro-magnetic pulse.9
This vulnerability exits in the current the
grid and will likely only be compounded in the Smart Grid with additional monitoring devices in
the system. The nature of the threat detailed below illustrates the potentially devastating effects
of electro-magnetic events on the grid.
7High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.8
Smart Grid US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm9
High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. Pp 61-72.
-
8/7/2019 Grego Grid JP Final
8/25
Grego 7
Case Study: Quebec 1989
On March 13th
, 1989 a severe geomagnetic event took place focusing around Quebec
Canada. At 2:44 AM it caused the shutdown of the entire Quebec grid and the loss of almost
10,000MW of generation. The approximate strength of the storm, measured in nT/min was about
500nT/min and had damaged transformers as far away as New Jersey.
What is most concerning about the 1989 storm was how a majority of the damage occurred
on equipment associated with 735kv transmission grid as opposed to the smaller distribution grid.
The storm created a 15% asymmetry in load on the grid and quickly overloaded transformers before
they could be taken off the grid.
Source: see endnotes
It is theorized that future potential storms could reach a magnitude of up to ten times the
power of the 1989 storm. If this happens large transmission lines could be the primary factor in
collecting and concentrating this energy that has the power to sweep across the grid and shut down
generation and transmission facilities.
Geomagnetic Disturbance (GMD) is caused by solar storms and the associated inflections
in the polarized electromagnetic field of the earth.10
This disturbance creates geomagnetically
iinduced currents (GIC) which are absorbed and concentrated in large scale power systems.
11
These currents have the potential to overload transformers and compensators in large scale
10High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. p. 6111
Ibid.
-
8/7/2019 Grego Grid JP Final
9/25
Grego 8
electrical systems causing hardware damage and transmission outages.12
Significantly, high
voltage transmission lines are less resistant proportionately to GIC compared to lower voltage
lines.13
The larger voltages and capacities of these lines also serve to concentrate GIC more
effectively over space and increase the likelihood of transformer overload on the grid.14
Since GMD occurrences are forces of nature and completely unavoidable, protection
efforts in this category should focus on three critical steps; detection, preparation and mitigation,
and recovery/restoration. By detecting geomagnetic storms early enough, some actions could be
taken to prevent a cascading failure of key components of the grid. Solar storms, take mere
minutes to reach the earth however, with training and preparation this could be enough time to
isolate and protect key areas of the grid.15
Next, proper insulation and shielding of critical control
components and facilities should be incorporated to disperse the effects of the storm. And lastly,
any transformer, transmission line, or facility should have reconstruction and replacements plans
and procedures in place to account for loss of grid hardware.
The detonation of a nuclear weapon in high atmosphere, a so-called High Altitude
Electro-Magnetic Pulse (HEMP) is capable of radiating electromagnetic waves similar to those
emitted by GMD. Since HEMP weapons would require advanced nuclear weapon designs and
sophisticated delivery and targeting systems, they could likely be traced to their perpetrator and
their use deterred in the same manner as deterrence more generally. A HEMP weapon would
appear completely infeasible by any non-state group. Also, the actual effects on the greater
electric infrastructure of the US have been debated as different levels of mitigation to GMD
events already are in place. However, while further insulation and shielding standards could
12High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. Pp 62-65.13
Ibid. pp 69-73.14
Ibid.15
Ibid. p. 19.
-
8/7/2019 Grego Grid JP Final
10/25
Grego 9
effectively mitigate both GMD and HEMP occurrences, unique policy to the threat of HEMP
should be the focus of international policy. A focus on prevention, deterrence, and detection
should effectively deal with the unique threat posed by HEMP.
Coordinated Cyber and Kinetic Attack
Large scale kinetic attack threats have existed as long as production facilities and
transmissions lined have comprised the grid. An effective attack on one or more facilities could
potentially knock out production capacity and transmission reach. Due to the physical
Case Study: Tres Amigas A compound vulnerability
The Tres Amigas Superstation is a proposed bridge between the three independent power
grid in the US; the Western, Eastern, and Texas interconnections. The facility would be
constructed near the Texas-New Mexico border and would allow for power transfers across all
three grids.
Source: http://www.tresamigasllc.com/about-overview.php
It would rely on new large capacity transmissions lines linking all three grids in one
location. As illustrated, these large capacity lines can concentrate and transfer geomagneticallyinduced current which can knock out transformers and transmission infrastructure. Any project
that calls for these large transmission lines will require a close examination of insulation
techniques to ensure it can withstand feasible amount of GMD. Also, a combined facility such as
this would be an appealing target to a traditional or cyber attack, which merits enhanced security
-
8/7/2019 Grego Grid JP Final
11/25
Grego 10
restrictions of electricity distribution, a smart grid would most likely have similar vulnerabilities.
The same security standards in place today should suffice for the physical security of smart grid
assets. In actuality, a responsive smart grid would by definition be able to respond more
effectively to loss of production or transmission routes than the current system.16However,
vulnerabilities in the information sharing, transmission, and processing inherent in the smart grid
could raise new vulnerabilities. NERC has highlighted eight unique capabilities of cyber attacks
that could potentially be used against a smart grid: Distributed Denial of Service (DDOS)
Attackattackers flood network resources to render physical systems unavailable or less than
fully responsive for a period of time
1. Rogue devicesan unauthorized device accesses the system, manipulating it or
providing incorrect data to system operators
2. Reconnaissance attacksprobing of a system to provide attackers information on
capabilities, vulnerabilities, and operation
3. Eavesdropping attacksviolations of confidentiality of communication within
network
4. Collateral damageunplanned side-effects of cyber attacks
5. Unauthorized access attacksattacks where the adversary exercises a degree of
control over the system and accesses and manipulates assets without authorization6. Unauthorized use of assets, resources, or informationattack in which assets,
services, or data are manipulated by an authorized user in an unauthorized manner.
This can result in system operators being given inaccurate information from a
trusted source, and thereby being misled into making decisions based on this data
that result in impacts to the system
7. Malicious code (Malware)viruses, worms, and Trojan Horses17
16Smart Grid US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm
17High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. P. 29
-
8/7/2019 Grego Grid JP Final
12/25
Grego 11
An attack which used a variety of these methods could pose a serious threat. Even a coordinated
denial of service attack could potentially create load asymmetries in the grid to disrupt or
interrupt service.18
The field of cyber security is quickly changing and relatively new. Data heavy industries
such as banking and finance have implemented secure data servers and protocols to ensure
connections. Given the consolidated nature of the grid compared to the spread out and
decentralized structure of these other industries it is likely that the Smart Grid may be able to
secure its data as good as if not better then these other industries.
Personnel Vulnerabilities Staff and Data
18High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. P. 29
Case Study: Stuxnet Vs. The Playstation Network
As discussed, cyber vulnerabilities can take on many forms and many motivations. Tworecent prominent events have highlighted the need for a dynamic cyber security strategy for the
safety of the smart grid.
First, Stuxnet was a computer worm that infiltrated and infected uranium enrichment
facilities in Iran. It targeted Supervisory Control and Data Acquisition (SCADA) used by the
Siemens hardware and resulted in the destruction of centrifuges and large set back to the Iranian
nuclear program.
Second, on April 20, 2011 the private network used by Sonys Playstation gamers was
hacked by what appears to an individual or small group. This was not a common Denial of
Service attack designed to shut down a system, rather it was a sophisticated infiltration of the
networks secured information that may have resulted in the leak of user credit card information,
addresses, etc.
These two separate reflect the diversity of the challenges of cyber security. Stuxnet was
state-run operation with clear political aims while the Playstation hack seems to be contributable
to a small motivated group. These both illustrate the diverse types of cyber threats that exist and
stress the importance of a flexible security plan for both the individual consumer and the grid as a
wh le.
-
8/7/2019 Grego Grid JP Final
13/25
Grego 12
The last vulnerability posed by smart grid implementation pertains to individuals and
customer data. NERCs research has focused on the threat of pandemics. However targeted
attacks on personnel have a just as much power to affect to the security of todays grid as well as
the smart grid. Any shortage of the already limited staffing of electric grid coordinators and
engineers could drastically hinder the effectiveness of the over 1,800 separate entities that make
up the command and distribution wing of the current electric grid.19
Therefore, essential personnel records and strategies should be developed to ensure that
critical individuals are given precedence for evacuations, vaccinations, and emergency
notification as NERC suggests
20
but additional physical security, resources, and background
checks should be allocated for people with significant influence in the system to protect them
from potential epidemics, emergencies, or directed threats.
Also, the implementation of the smart grid poses security concerns for the private
consumer as well. Separate from the macro-level grid oriented attacks of denial of service attacks
and like, personal data recorded on the smart grid could be accessed by unauthorized people if it
is not secured properly. It has been theorized that simple demand-response data could also reveal
personal data to criminals pertaining to anything from the time people leave their homes,
schedule a vacation, and pay their bills.
This vulnerability requires that secure communications between demand-response
systems and utility providers become a primary concern of smart grid implementation. Also,
compartmentalization of this data should be utilized to ensure that hole in one small area remains
confined to a limited area and a widespread connection patterns vary in encryption patterns and
purposes. Lastly, isolation of Supervisory Control and Data Acquisition (SCADA) should be
19High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. p. 23.20
Ibid. pp 46-51.
-
8/7/2019 Grego Grid JP Final
14/25
Grego 13
isolated from internet servers as much as possible and the possibility of a separate secured
network along the lines of the Departments of Defenses Secure Internet Protocol Router
Network (SIPRnet) should be considered and investigated for large scale and inter-grid
information transmission.
Findings and Recommendations
If the proper steps are taken, it is fully possible for the smart grid to just as good as or
better than the current grid in dealing with the threats detailed above. As it stands, the present
grid is vulnerable to all the threats covered in this report just as the smart grid would be. The key
areas in which the security of the smart grid differs however is in cyber security for consumers
because the current grid already relies heavily on secure communications to function, and the
further expansion of high capacity transmission lines exemplified by the Tres Amigas project.
Either way, the recommendations listed below would enhance the security of the current grid and
smart grid initiatives.
- Information Sharing
o The US DOE, NERC, and FERC should work with their Canadian counterparts toensure a framework for the creation of cooperative research and standards.
o The US DOE and FERC should work with NOAA and NASA to create a grid wide
warning system for geo-magnetic spikes and other atmospheric events in line
with FERCs recommendation.
- Reserve and Redundancy
o FERC should implement the spare parts database in line with the findings of their
task force.
- Cyber Security
o The US DOE should submit to congress an initiative to commit to an international
definition of cyber attack, crime, and war.o The US DOE should attempt to target a portion of Smart Grid stimulus grants to
offset security costs in the development of new technology.
o NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.
- High Impact, Low Frequency (HILF) Events
o NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.
-
8/7/2019 Grego Grid JP Final
15/25
Grego 14
o NERC should direct and oversee the implementation of higher insulation
standards for command and control connections.
o The US DOE should mandate and oversee national contingency training
standards and drills across all essential grid entities.
Information Sharing
The US DOE, NERC, and FERC should work with their Canadian counterparts to
ensure a framework for the creation of cooperative research and standards.
Securing the smart grid will require pooled knowledge and experience from government,
industry, and private technology firms. Therefore it is imperative that the US DOE, its Canadian
counterpart, and industry leaders have a means to cooperate and coordinate on research and
mechanisms for dissemination of critical security information.
Among other benefits of this combined effort superior encryption techniques, enhanced
security software, and better smart meters could be developed by private research firms. The
smart grid will be more dependent on dispersed control elements than the current system,
exacerbating issues of interoperability. The electric industry as a whole will have to establish its
own system of interoperability standards, but government should also play a monitoring role to
ensure the security of the grid. .
The US DOE and FERC should work with NOAA and NASA to create a grid wide
warning system for geo-magnetic spikes and other atmospheric events in line with
FERCs recommendation.
To respond to major system wide threats such as GMD, HEMP, and combined Kinetic
and Cyber attacks the smart grid will have to rely on fast and accurate detection mechanisms in
order to ensure the protection of as many key components as possible. Rapid dissemination of
changing atmospheric conditions and problem outages could effectively reduce the impact of
natural disasters and malignant threats.21
21High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. pp. 18-19
-
8/7/2019 Grego Grid JP Final
16/25
Grego 15
Therefore, the US and its Canadian partners should establish a system of information
sharing and dissemination between organizations with pertinent perspectives over threats to the
electric system. Most notably in the US this would encompass the Department of Defense,
Department of Homeland Security, and the Department of Energy concerning domestic kinetic
and cyber threats and National Aeronautics and Space Association (NASA) and National
Oceanic and Atmospheric Administration (NOAA) concerning GMD and HEMP threats.
Given the two governments interconnected grids, similar incentive for cooperation, and
diplomatic ties, it would be beneficial to the security of the entire North American grid to have
both governments and their grid monitoring bodies working together to ensure a rapid system of
information dissemination in the event of an emergency.
Further, interagency alarm systems should be established similar to those in Quebec after
the GMD storm of 198922
to ensure immediate notification and action throughout the entire
affected area that can be triggered from central monitoring agencies (NOAA) to further establish
quick and effective response protocols.
Reserve and Redundancy
FERC should implement the spare parts database in line with the findings of
their task force.
Even if all known strategies of security and risk mitigation are implemented that certain
breakdowns in the grid can and will happen eventually. A catastrophic GMD event will be
impossible to prevent or completely shield the grid from and outages and unscheduled equipment
failures happen even when all due care is taken to prevent them.
It is therefore necessary that critical replacement components are available to deal with
crises in the grid. NERCs recommendation of reopening the Spare Parts Database which
22High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. pp. 62-65.
-
8/7/2019 Grego Grid JP Final
17/25
Grego 16
provided grid distributing bodies a central database of all reserve components nationwide23
should be carried out. This would allow a critically damaged area to benefit from the stocks of an
unaffected are in the event of an emergency.
Many of the major components in the grid, transformers, static var compensators, etc.
have replacement times ranging between 1 to 2 years and for many of them there is little or no
capacity for producing them domestically.24
While it may be uneconomical to push for the
opening of new production plants as NERC suggests25
the industry should be pushed to enforce
its own replacement parts threshold as it does for production capacity.26
Cyber Security
The US DOE should submit to congress an initiative to commit to an
international definition of cyber attack, crime, and war.
The field of cyber security is evolving rapidly. With new areas and issues a dialogue is
often needed to standardize discussions and negotiations in order to create transparency and
clarity in diplomatic agreements.
Therefore, the US should take the lead in committing to an international definition of
what constitutes cyber war, a cyber crime, and a cyber attack. This differentiation would aid
policy makers but it would also empower domestic security bodies to deal with each of these
threats in varying degrees of magnitude. Since cyber attacks are difficult to trace and analyze, a
framework for differentiating different cyber threats would give the public and decision makers a
better grasp of different threats.
23Spare Parts Database Task Force. North American Reliability Corporation Website. Accessed 4/20/2011.
http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf24
High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. p. 9825
Ibid.26
Ibid.
-
8/7/2019 Grego Grid JP Final
18/25
-
8/7/2019 Grego Grid JP Final
19/25
Grego 18
Also, isolation of Supervisory Control and Data Acquisition (SCADA) should be isolated
from internet servers as much as possible and the possibility of a separate secured network along
the lines of the Departments of Defenses Secure Internet Protocol Router Network (SIPRnet)
should be considered and investigated for large scale and inter-grid information transmission.
The US DOE should attempt to target a portion of Smart Grid stimulus grants to
offset security costs in the development of new technology.
Much of smart grid implementation is based on efficiency and cost-effectiveness. These
new technologies are competing with old ones to show that over the long run, an investment in
the smart grid technologies will pay off for individuals and governments alike. However, this
cost restraint has led to a reduction in research and development of security measures in smart
grid technologies in an attempt to minimize overall costs.29
Effectively, the elements that make smart grid technologies so appealing (information
sharing, real time feedback, etc.) have also posed security risks whose mitigation requires
additional security measures as opposed to their predecessors.
Because smart grid technologies with substandard security measures are already on the
market, the US government should mandate information security standards on all electric grid
products and should allocate a portion of the current smart grid subsidies to offsetting the
research and development costs of producers of smart grid technologies in order to ensure they
are safe and competitive at the same time. This would ensure that new smart grid products, like
various smart meters, would meet the highest level of security needed without inflating the costs
to the point at which they become inhibitive.
NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.
29Hathaway, Melissa. Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure. Scientific
American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com/article.cfm?id=power-hackers
-
8/7/2019 Grego Grid JP Final
20/25
Grego 19
The smart grid will rely on millions of data transfers everyday to function the way it has
promised to. Each one can be potentially used against the grid or its customers by malignant
actors. However, hope lies in the fact that other industries have incorporated data exchange
systems just as active while still remaining secure.
The current banking and securities exchange systems in the US transmits mountains of
data, both numerical and personal across different entities and businesses everyday with
relatively few incidents of electronic breaches in security.30
The same security measures that
have worked for years for banks could also work for the smart grid.
The US DOE should work with electric industry leaders and the leaders of industries
which have already implemented significant data transfer systems to facilitate discussion,
cooperation, and dissemination of best practices between industry leaders to ensure that the
transfer of data over the smart grid is as secure as the transfer of data between peoples bank
accounts.
High Impact, Low Frequency (HILF)Events
The US DOE and NERC should devise a plan for grid automation in the event of
a national emergency.
HILF events pose a system wide threat to the grid. Both the current grid and a future
smart grid will be somewhat vulnerable to unlikely but possible events that would require grid
wide mitigation strategies. This makes funding an issue for countermeasures to HILF events
important because these events can never be completely prevented or mitigated.
One such event is a pandemic in which functioning populations would be sharply
decreased affecting the numbers of engineers experienced enough to run the system. . The smart
30Cyber Security for the Banking and Finance Sector. Wiley Handbook of Science and Technology for Homeland
Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.
http://www.fsround.org/hyperlink/hhs460.pdf
-
8/7/2019 Grego Grid JP Final
21/25
Grego 20
grid could drastically reduce the risk associated with this shortage through levels of automation
and computer control of the grid system.
The US DOE should ensure that all automated functions of the smart grid have manual
oversight and override functions. But in an emergency situation when the managers of these
systems become compromised, the US DOE should ensure that there are automated measures in
place to keep the grid running effectively with limited personnel.
NERC should direct and oversee the implementation of higher insulation
standards for command and control connections.
Another major risk to the grid system is induced current along power lines from a GMD
or HEMP event. NERC research has shown that major transmission and distribution lines are
effectively resistant to induced current.31
However, many common components used in
command and control centers such as computer and control board wiring do not have the
shielding and protection found in transmission lines32
The smart grid compounds this issue because the command and control functions would
be expanded to include data centers and more advanced smart monitoring systems. Now an
induced current would have a much greater effect on these more diverse systems simply through
higher exposure of data centers and networks.
The US DOE and industry leaders should examine the shielding methods used across the
industry for current command and control centers as well as developing smart grid technologies
in order to ensure that critical components could survive or could be quickly repaired or replaced
in the event of an induced current scenario.
The US DOE should mandate and oversee national contingency training
standards and drills across all essential grid entities.
31High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric
Reliability Corporation. pp. 61-7332
Ibid. pp. 79-93
-
8/7/2019 Grego Grid JP Final
22/25
-
8/7/2019 Grego Grid JP Final
23/25
-
8/7/2019 Grego Grid JP Final
24/25
Grego 23
Endnotes
1). Quebec 1989 case study cited from: High-Impact, Low Frequency Event Risk to the North American
Bulk Power System North American Electric Reliability Corporation. pp. 61-73
Photo from:http://www.google.com/imgres?imgurl=http://c2h2.ifa.hawaii.edu/images/outreach/spaceweather/qu
ebec_superstorm.gif&imgrefurl=http://c2h2.ifa.hawaii.edu/Pages/Education/space_weather_geomagn
etic.php&usg=__PrqU5IRFtFeT4BJ2i-JN9tsJYaA=&h=449&w=63
2&sz=33&hl=en&start=0&sig2=EZ3SGBwmyROzqd54jF86UQ& zoom=1&tbnid=Ib4IaDQTLDww-
M:&tbnh=117&tbnw=164&ei=seO_TbrLC8eatwfL8 5i_BQ&prev=/search%3
Fq%3Dmetatech%2Bquebec%2B1989%26um%3D1%26hl%3Den%26sa%3DN%26biw%3D1280%26bih%3
D685%26tbm%3Disch&um=1&itbs=1&iact=hc&vpx=125&vpy=93&dur=330&hovh=117&hovw=164&tx=
187&ty=67&page=1&ndsp=24&ved=1t:429,r:0,s:0
2) Tres Amigas Case Study cited from: Overview of Tres Amigas. Tres Amigas LLC website.
http://www.tresamigasllc.com/about-overview.php. Accessed 5/2/2011.
3) Stuxnet and Playstation Case study cited from:
McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010.
Accessed 4/24/2011/.
http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_
industrial_systems?taxonomyName=Network+Security&taxonomyId=142
Thomas, Keir. Sony Makes it Official: Playstation Network Got Hacked. PC World. 4/23/2011. Accessed
5/1/2011.
http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_network_hacked.html
Works Cited
iCyber Security for the Banking and Finance Sector. Wiley Handbook of Science and Technology for
Homeland Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.
http://www.fsround.org/hyperlink/hhs460.pdf
iHathaway, Melissa. Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure.
Scientific American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com
/article.cfm?id=power-hackers
iHigh-Impact, Low Frequency Event Risk to the North American Bulk Power System North American
Electric
Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.
-
8/7/2019 Grego Grid JP Final
25/25
Grego 24
iHomeland Security PresidentialDirective-7. Department of Homeland Security.December 13, 2003.
http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm
McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010. Accessed
4/24/2011/. http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_
hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142
Reliability Standards North American Electric Reliability Corporation Website. Accessed 4/28/2011.
http://www.nerc.com/page.php?cid=2|20
iSmart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy. gov/
smartgrid.htm
iSpare Parts Database Task Force. North American Reliability Corporation Website. Accessd
4/20/2011. http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf
iThomas, Keir. Sony Makes it Official: Playstation Network Got Hacked. PC World. 4/23/2011.
Accessed 5/1/2011. http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_net
work_hacked.html
top related