Smart grid metering, digital based delivery and monitoring system for the electric power supply (an energy internet) has been on a very fast track recently as a result of the Federal Stimulus Recovery Act .All those involved are enthusiastic that improvements to efficiency will be huge. Precise monitoring and control of demand for power will help power suppliers adjust capacity accordingly avoiding generating excess power.
Vermont completed a $66 million application for federal stimulus funds for smart grid implementation. The grant, if approved, would pay up to half the costs of $133 million in improvements across Vermont.
Uniform smart grid standards including security, reliability, data sharing, and privacy are still in process as the effort moves forward. Creating smart grid industry standards has been described as a process that’s 10 times more complex than that of the computing industry, with a deadline for delivering those game-changing decisions in a manner of mere months. Standards are to be in place by September.
Given the size and fast pace of the overall effort it is not alarmist that security concerns have been raised. The resulting digital based systems vulnerability to malicious tampering or cyber attack shut down is a valid concern.
When asked about smart grid security Vermont’s head recovery officer Tom Evslin down played concerns stating that the chaotic nature of the system with no monolithic control would be its best defense, like the internet. He said
“I see a very distributed architecture with no single point of failure and no central intelligence - like the Internet whose strength is in it chaotic nature.”
Congressional Homeland Security oversight committees have held hearings and legislators in both houses of congress have proposed greater security oversight legislation. The Washington Post
reports on recent security conference and concerns both centralized and chaotic in nature ………
Yet security researchers have found that these devices often are the weakest link in the smart-grid chain. Smart meters give consumers direct access to information about their power usage and the ability to manage that usage over the Web, but that two-way communication also opens up the possibility that the grid could be attacked from the outside. Many such systems require little authentication to carry out key functions, such as disconnecting customers from the power grid.
Black Hat, the world's largest cyber security conference held annually in Las Vegas, researchers from IOActive of Seattle are slated to demonstrate a computer worm that spreads by taking advantage of the software update feature built into a prevalent brand of smart meters (IOActive is not disclosing which). The worm could in theory give the attackers who launched it the ability to very quickly sever tens of thousands of homes from the smart grid.
Earth2tech.com writes.
The biggest barrier to adding more security to the smart meter, from the perspective of the manufacturer and the utility is the upfront cost. Each meter already costs several hundred dollars and additional security functions will just continue to boost that sticker shock. But at the end of the day, it will cost considerably more to add on security functions after the smart grid is already built out, compared to weaving security into the network as it’s built. IOActive …studies show that overall project costs are 60 times higher when gaps in information security controls are addressed late in the development cycle, as opposed to projects where security is implemented in the design phase. With the large initial start up costs and perhaps larger costs to build security into an already established system it would be wise for the state and the utilities to start smart and secure with this grid.
No comments:
Post a Comment