Key Message: The smart grid is the use of digital technology to modernize the power grid, which comes with some new privacy and security challenges.
Executive Summary
"The smart grid employs innovative products and services combined with intelligent monitoring, control, communication, and self-healing technologies to do the following:
"More than meters and mobility, the smart grid represents a whole new framework for improved management of electric generation, transmission, and distribution. It also presents challenges. As a complex system, the smart grid requires special attention to issues of interoperability, security, and resiliency."
In this podcast, James Stevens, a senior researcher with CERT, discusses the growing digitization of electrical power distribution (referred to as the smart grid) and some of the related security and privacy issues. James also introduces new work at the SEI on a smart grid maturity model that will be discussed in more detail in upcoming podcasts.
What Is The Smart Grid?
The smart grid is intended to reflect electric power distribution infrastructure that uses technology to improve efficiency. This vision will likely vary depending on country, region, and specific stakeholder groups.
Some examples of what stakeholders want are as follows:
A Wide Range of New Services Possible
Potential services may include:
Who’s in Charge?
Power transmission and generation are considered inter-state activities in the U.S. These services are regulated at the national level.
Power distribution is largely considered intra-state; it is regulated at the state and regional levels.
With the smart grid, many of these boundaries may blur as they do for the Internet in general.
There is much work still to be done and we likely won’t know all of the dimensions until we start using the smart grid.
Economic and Service Advantages
The smart grid promises a wide range of economic opportunities, particularly given the large investments that will be made in its development and operation.
In addition, organizations will be better able to manage their energy use. For example, you can decide to use more environmentally-friendly sources of electricity first (for example indicating that wind is your most preferred source and that coal is your least preferred source).
Alternatively, you can set up an electricity selection schedule that provides the cheapest available source at any given time. Organizations can shift their working hours to take advantage of cheaper rates during off hours if this is a high priority.
Organizations with large data centers (such as Amazon, Google, and eBay) could enjoy significant cost savings by using smart grid services. Such organizations would likely be willing to pay a premium rate to have high priority for service restoration during a blackout or other types of disruption.
Physical vs. Digital
As with the Internet, replacing physical infrastructure with digital service does create new problems and challenges.
Privacy
Utilities will likely start gathering energy usage profiles of its customers. Such profiles can reveal personal habits (such as when you’re home watching television vs. when your home is unoccupied).
Security
Smart meters on the network can be altered without service provider or customer knowledge. Billing errors and other types of fraud can result.
Patching smart meters via the network has all of the same problems as software patch management, including confirming that a patch is coming from an authorized source.
Botnets and distributed denial of service attacks against smart meters are possible. This could include instructing the smart grid that 10,000 homes require significant energy all at once. Adding features into smart meters and into the grid that detect these conditions are some of the challenges.
Work in Progress
The U.S. National Institute of Standards and Technology (NIST) is working on interoperability standards.
Many key stakeholders are evaluating lessons learned from the Internet to ensure the smart grid is designed with them in mind.
Other thought leaders include IBM, GE, and all state and regional utility regulating bodies including NERC (North American Electric Reliability Corporation) and FERC (Federal Energy Regulatory Commission).
Smart Grid Maturity Model (SGMM)
"In 2009, the Software Engineering Institute became the steward of the Smart Grid Maturity Model. This new role supplements ongoing modern power grid research associated with smart metering, interoperability standards, and critical infrastructure protection."
SGMM is a management tool that an organization can use to assess, guide, and improve its smart grid transformation.
SGMM defines smart grid stages, options, and a common vocabulary. It can be used to bridge the gap between strategy and execution.
SGMM was originally created by IBM, GIUNC (Global Intelligent Utility Network Coalition), and APQC (previously the American Productivity Center). IBM has donated the SGMM to the SEI to improve it and serve as steward.
The U.S. Department of Energy’s Office of Electricity Delivery and Energy Reliability is sponsoring the SEI’s SGMM work to:
Resources
CERT Podcast: Introducing the Smart Grid Maturity Model (SGMM)
SEI Webinar Special Event: The Age of the Smart Grid Is Here, March 2009.
NIST Smart Grid Interoperability Standards Project
Department of Energy GridWise Architectural Council
Sweet, William. “How Smart Can You and Your Local Electricity Grid Get?” IEEE Spectrum, June 2009.
Gussin, L.D. “Smart Grid: Digging the Foundations.” SolveClimate.com blog, July 6, 2009.
Lohrmann, Dan. “Hacking Power: Feds Promise Smart Grid Security.” CSOonline.com blog, July 12, 2009.
De Morsella, Chris. “The Dark Side of the Smart Grid (Updated).” The Green Economy Post blog, April 23, 2009.
Mitra, Sramana. “The Smart-Grid Dilemma.” Forbes.com, March 27, 2009.
Meserve, Jeanne. "'Smart Grid' may be vulnerable to hackers." CNN.com/technology, March 21, 2009.
