SMART GRID: How Secure Will You Be?

 

John Boering    All Rights Reserved. Copyright 2011

_________________________________________________________

Congress funded and implemented Smart Grid, knowing that it had major security issues.  And it still does.  Was our old system more secure?  If the Smart Grid is supposed to make us more secure, then why are we sharing our technology with everybody and their brother around the world?

In an April 26, 2011 Center for a New American Security (CNAS) www.cnas.org blog posting, Christine Parthemore, a Fellow at CNAS, wrote:

“For years, DOD-focused discussion could be characterized as many heads of hair on fire. We saw tons of arm-waving, sky-is-falling near-hysteria within different parts of the Department of Defense on the cyber vulnerabilities of smart grid technology…”

“Many burning questions remain, and seem to be even more urgent after our off-the-record, this-meeting-never-happened meeting on smart grid cyber security…

there is so little clarity to the nature and scale of the problem that solutions are bound to be incredibly ineffective while wasting massive stacks of cash.”

Sept. 2007 GAO Report Warned Congress

GAO Report GAO-07-1036 pdf. to Congress warned that:

“The smart grid vision and its increased reliance on IT systems and networks expose the electric grid to potential and known cybersecurity vulnerabilities… As we and others have previously reported, these potential vulnerabilities include:

• increasing the use of systems and networks increases the number of entry points and paths that can be exploited by potential adversaries and other unauthorized users.
• increasing the use of new system and network technologies can introduce new, unknown vulnerabilities.
• interconnecting systems and networks can allow adversaries wider access and the ability to spread malicious activity; and  
• increasing the amount of customer information being collected on systems (and transmitting it via networks) provides monetary incentive for adversaries to attack these systems…”

This GAO report concluded that the Department of Homeland Security (DHS) “lacks an efficient process for sharing sensitive information on vulnerabilities with private sector critical infrastructure owners” and “is unable to fulfill its responsibility… 

there is an increased risk that attacks on control systems could cause a significant disruption to our nation’s critical infrastructures” 

Congress funds it anyway 

Dec. 2007, with the Energy Independence and Security Act of 2007, $100 million per year in funding per fiscal year from 2008–2012, established a matching program to states, utilities and consumers to build smart grid capabilities. http://en.wikipedia.org/wiki/Smart_grid_in_the_United_States

In 2009, As part of the American Recovery and Reinvestment Act, the U.S. government outlined plans to distribute more than $3.3 billion in smart grid technology development grants and an additional $615 million for smart grid storage, monitoring and technology viability. 

They put the cart before the horse 

January 2011 GAO Report to Congress found there were still 6 key “challenges” to the security of Smart Grid.  It listed:

• “Aspects of the regulatory environment may make it difficult to ensure smart grid systems’ cybersecurity.
• Utilities are focusing on regulatory compliance instead of comprehensive security. 
• The electric industry does not have an effective mechanism for sharing information on cybersecurity 
• Consumers are not adequately informed about the benefits, costs and risks associated with smart grid systems 
• There is a lack of security features being built into certain smart grid systems.  
• The electricity industry does not have metrics for evaluating cybersecurity.”  

Was the old system MORE secure?

A January 2010 article in Government Computer News quoted Martin Libicki of the Rand Corp.,  author of “Cyberdeterrence and Cyberwar,” as stating that the pre-Smart Grid system was a tough nut to crack,” for four reasons.

“First, it is a distributed system operated by some 3,000 companies. It is cooperative and interconnected, but it is not homogenous.  Any significant deliberate disruption would have to successfully target tens or hundreds of companies.

Second, the industry is obsessed with resiliency and experience with many natural disasters has taught it how to restore power quickly.

Third, the Internet is not intrinsic to the industry’s business model. It got along fine without it for years and could roll back connectivity as needed and still function effectively.

Finally, “we really don’t know how vulnerable the electric power community is,” Libicki said. Reports of kids who have almost taken over control of dams or shut down power stations turn out upon closer examination to be inaccurate anecdotes, he said. Even the intelligence community “is more of a hindrance than a help.” Widespread reports last year that the grid’s infrastructure was riddled with rogue code were the result of unconfirmed speculation by intelligence agencies, he said.”

If Smart Grid is supposed to keep us safe, why are we sharing our technology with the rest of the world?

China

In a Reuters, August 24, 2011, article:   “Fueled by its booming economy, China’s military growth in the past decade has exceeded most U.S. forecasts. Its aircraft carrier program, cyber warfare capabilities and anti-satellite missiles have alarmed neighbors and Washington.

Some China watchers, including members of the U.S. Congress, note with apprehension that rising Chinese defense spending coincides with Washington’s plans for defense cuts.”

China is also now the world leader in Smart Grid spending.

A lot of American companies implementing the Smart Grid in the U.S. seem to be the same companies that are implementing Smart Grid system in China and helping them be more secure, too.

GE recently announced a joint effort with the city of Yangzhou   that will showcase smart grid technology. Some other companies buying into China’s smart grid boom seem to include Cisco, Accenture, Hewlett-Packard, IBM, ABB, Westinghouse, Oracle and American Superconductor.

China's energy planners got a firsthand look at the technology during
a visit to Itron's headquarters near Spokane, Wash.  
(Itron’s Smart Meters are installed on buildings in Los Angeles, too.) 

Russia

March 10, 2011, The nation’s top intelligence officer, Director of National Intelligence James Clapper, told the Senate Armed Services Committee that Russia and China pose the greatest mortal threat to the United States. 

At recent meetings between Russian and American energy experts in  in Washington and Texas “…Russian experts learned about U.S. smart grid technology…”

This was the first “exchange” under a multi-year partnership by the Energy Working Group of the U.S.-Russia Bilateral Presidential Commission (BPC).   This “included a two-day workshop in Washington attended by representatives from USAID, the Russian Ministry of Energy, the U.S. Department of Energy, the U.S. Energy Association, corporations such as Echelon, Honeywell and General Electric, and energy research and development organizations.

At this meeting “The United States and the Russian Federation reaffirm that the era when our countries viewed each other as enemies is long over.”

Oh goodie, now we can take a big chunk of change out of the $549 billion Defense budget to help American families with medical coverage and education.

The Middle East

At a House Homeland Security subcommittee meeting in April, 2011, 

 “The Chairman of the Counterterrorism and Intelligence Subcommittee, Republican Congressman Patrick Meehan of Pennsylvania said he welcomes the positive changes in Egypt and Tunisia, but he is worried that the unrest across the Middle East and North Africa could have ramifications for U.S. homeland security.  He said there were credible reports from Egypt, for example, that prisons were emptied and that a number of jailed Islamist radicals are now free.”

Frank Ackland, General Manager of Digital Energy in the Middle East for GE Energy, was interviewed and said “GE has been at the forefront of the smart grid technology globally, and we are focused on developing integrated, energy-efficient smart grids for the Middle East region.”

And GE is looking for partners in other countries, including the Middle East and Africa.    It seems that GE is staying busy and distracting itself from the terrible devastation that 3 of the Mark I nuclear reactors they built are causing at Fukishima (and beyond).  If any of you haven’t heard of the “GE Three” yet, please read this .

January 11, 2011, Smart Grid Workshop in Reyadh, Saudi Arabia, Speakers presenting papers at the workshop were:  Los Angeles Department of Water and Power, University of Southern California, University of Colorado, California Institute of Technology, National Science Foundation, The Brattle Group. 

The Smart Grids & Smart Meters Summit on Sept. 26-27, 2011 at the Park Rotana Hotel in Abu Dhabi will include speakers from the U.S. Department of Energy, GE Energy, and Avista Utilities, USA. 

It doesn’t seem like Smart Grid is making the United States more secure.  I does seem like Smart Grid is lining some very big pockets.