http://www.govtech.com/templates/gov_print_article?id=120896244
The Power Grid Brings Cyber-Security Concerns | April 28, 2011 The topic du jour across government and the electricity industry is the smart grid and the amazing efficiencies it will bring to the nation. There's also, however, a growing chorus about potential cyber-security dangers as new smart grid infrastructures are designed and installed across North America. Is it real, hype or somewhere in between? Let's start by defining the smart grid and then some of those security issues. Depending on who you ask - whether a vendor, utility, consumer or the government - you'll likely get different answers about what a smart grid is. It's probably most accurate to describe it as a vision for delivering electricity rather than something wholly tangible. Certainly technology is a big part of it, but the smart grid also includes planning, public policy, regulatory oversight and even consumer participation. Without getting too technical, the smart grid overlays the existing electricity generation, transmission and distribution infrastructure currently serving North America so reliably, with digital technology that provides more efficient delivery and accurate measurement of consumption. Quite simply, the smart grid vision provides for a decentralized and automated network of delivering electricity by enabling interoperability and two-way flow of energy and information with sensors to monitor key attributes of the grid. When implemented, this vision offers a more granular detail of electricity flowing on the grid, giving both the electric industry and consumers more control. According to the U.S. Department of Energy, "The smart grid brings the philosophies, concepts and technologies that enabled the Internet to the utility and energy grid." The smart grid provides an availability of intelligence about the grid that the electricity industry has never had. This intelligence enables vastly improved efficiencies for load planning and real-time information to balance supply and demand, along with opportunities to improve grid reliability. For consumers, this new information offers the ability to control smart appliances and potentially decrease electricity costs by altering use to take advantage of off-peak hours and even curtail usage during times of voluntary incentive-based reduction periods. Recent federal, provincial and state policy initiatives promote the vision of a smart grid that is much more interactive and interoperable, reliable and robust. From a big-picture perspective, the smart grid: * enables consumers to better manage and control their energy use and costs; * improves energy efficiency, demand response and conservation measures; * interconnects renewable energy resources; * improves bulk power and distribution system security and reliability; and * reduces electric sector greenhouse gas emissions. What about those cyber-security concerns? It's neither hyperbole nor fantasy. Anytime you consolidate a critical infrastructure service like electricity in an environment as notoriously fraught with vulnerabilities as the public Internet, it's time to pay attention. While a well designed system can increase resilience by providing visibility that enables both prevention of and rapid recovery from system disruptions, a poorly designed system can expose vulnerabilities that threaten the entire structure. The key words are "well designed," and that worries many people. The interoperable design of smart grids, unless carefully planned and operated, can provide avenues for intentional cyber-attack or the unintentional introduction of errors that impact bulk power system reliability. Any system designed for control functionality - where errors resulting from misuse, miscommunication or IT system failure can impact the confidentiality, integrity and availability of control system data - requires a robust and deliberate, defense-in-depth approach. Security of control systems that can be defeated or corrupted by either villainous intent or simple ignorance demands a design based on worst-case scenarios. Forrester Research analyst Unman Sindhu called the smart grid "the cloud computing of the utility industry," and with the evolving nature of cyber-security in the cloud arena, that alone should give us pause. Because communications between electricity generators, transmission providers and distribution utilities is a key component of reliability, any system that exposes critical communications to the Internet is serious cause for concern. This includes the smart grid. Andy Bochman and Jack Danahy write The Smart Grid Security Blog with the iconic slogan, "We've Got to Get it Right This Time." This is more than just a catchy tagline, it's a societal, economic and national security imperative. Mark Weatherford is the former chief information security officer of California. Weatherford now serves as vice president and chief security officer for the North American Electric Reliability Corp., an organization whose mission is to ensure the reliability of the bulk power system of North America. [Non-text portions of this message have been removed] ------------------------------------ -------------------------- Want to discuss this topic? Head on over to our discussion list, [email protected]. -------------------------- Brooks Isoldi, editor [email protected] http://www.intellnet.org Post message: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
