Weak Security Will Doom the Grid

The national power grid is about to get a major overhaul. The smart grid is coming. It will use advanced technologies to fine-tune its distribution of electric power and will, for the first time, allow customers, businesses and alternative energy providers to feed power back into the grid. Computer technology will give the network its intelligence and the data will be managed via the Internet. Power lines will work like two-way streets, shuttling not just electricity but data about that electricity to and from providers and consumers. Electronic devices, such as smart meters and smart appliances, will allow consumers and utility companies to manage the ebb and flow of power in a more efficient way.

But making the grid smarter unintentionally exposes its soft underbelly to a new generation of attackers. If it's possible to sell excess power back to utilities, for example, a lack of security could open the door to fraud. Hackers could jeopardize a homeowner's privacy or the reliability of power getting to a neighborhood. They could breach utility control systems and even blackout entire cities. If we're not careful, the smart grid could become a national security risk.

Now is the time to ensure that the smart grid is secure. Billions of dollars are being set aside to build out the infrastructure and security should be a primary component. Just imagine an Internet without passwords, virus scanners, firewalls, encryption or antispyware. That's the kind of national power system we face if we don't starting thinking about to how protect the new grid against attack. Security must become as central to the goals of the smart grid as cost-savings, energy independence and environmental protection.

What To Do?
Political, environmental, and economic pressures are driving organizations to develop and deploy smart grid enablers as quickly as they can. Before these deployments become too widespread, we must consider the security lessons that we have learned from similar evolutions in the financial services, retail, and services industries.

Those industries dove headfirst into the Internet during the late 1990's to take advantage of connection to customers and each other without considering how insecurity could impact the stability of their businesses. If they had, it's unlikely that the wild-west hacking environment that has arisen since would have been so successful or so populous. Until recently, there has been little legal motivation to protect data, and as a result, private data theft, fraud, internal corruption and system downtime have been damaging these businesses.

Developers of smart grid technology can avoid the same pitfalls by focusing on security at three different stages: when they are defining the mandates for new grid technologies, when they are specifying what they will buy and when they are creating their strategies to manage the new grid.

Define Mandates
While most industries blanch at the thought of regulation, the fact that the grid is a critical national infrastructure makes regulating its security essential. But current regulations and those being developed for the future grid seem to focus more on reliability.

As an example, the regulating body, the Federal Energy Regulatory Commission, recently issued guidelines to inform the development of smart grid technologies. But the document lacks language mandating that utilities prevent outsiders from installing traffic sniffers and back doors -- two common methods used by hackers -- onto the utility company's networks. The reason? Those measures don't immediately impact reliability.

Making matters more complicated, the parties who will be regulated -- utility companies and energy providers -- are being asked what's necessary and practical, and those developing devices are working on the standards. Not exactly independent parties.  Plus, there's pressure for progress, which seems to be forcing technology down the pipeline without it being thoroughly assessed for its vulnerabilities to attacks.

Because so much of the current motivation for deployment is driven by government financial incentives, it is incumbent upon the government to mandate that regulations and components include requirements for security review and standards, especially if those items create access to information and control on the grid.

Create Pre-Purchase Standards
Another way to promote adequate security in the system is to set up standards that have to be met before a utility company purchases and deploys smart grid technology. The standards do not need to be ridiculously specific or tough. In fact, two simple measures could protect users, minimize obsolete equipment and motivate vendors to reach consensus on key issues: notification of all security breaches and legal means for organizations to recover their losses from the utilities, if a breach results in damages.

A similar approach was taken in the financial industry and it eventually drove credit card companies to develop the Payment Card Industry Data Security Standard. By mandating secure storage of consumer information and minimum acceptable levels of security in applications and operations, the standard has encouraged organizations to create new programs that decrease the likelihood that consumers will experience credit card fraud. It has also improved early identification and notification of losses when they do occur.  Without it, these breaches would be even more widespread, and customers might learn about them only when they receive their monthly statements.

Manage the System with Strength and Transparency
Appropriate regulations and standards will fortify the smart grid against attack. But inevitably, someone will break in. For that reason, the smart grid will need to be managed with strength and transparency.

Strength refers to the need to change the way that people get access to grid systems. Computer systems operating the current power grid were originally designed to run on protected networks, where security amounts to limited control and monitoring of user access. A smart grid cannot be managed under these same terms. It will be a vast network of providers and consumers who will need broad access to certain types of information. All systems, even those internal networks that connect externally, must be re-evaluated so that the right people can get in and the wrong people can't.

Transparency means that there are systems put in place that will be responsible for watching the networks for anomalies and attacks, much like systems that have existed on common Internet networks for years. Even secure components can sometimes be misused or misconfigured, so there must be direct visibility into the grid operations, and there must be strong controls that regulate the capability of individuals to manipulate the system.

A smart grid is required to meet our national goals of reliability, energy independence and efficiency.  Those needs and their urgency do not mitigate our responsibility to ensure that such a grid is as safe as it can be. Security must be demanded from all of those responsible for the new grid environment, including legislators, regulators, utilities, integrators, and product manufacturers. We must temper our enthusiasm for the potential of the smart grid with attention to its weaknesses, and create a focus on security to ensure its success.