Posted by Usman Sindhu on May 21, 2009
What is a Smart Grid? It's an interconnected network of electric stations, substations, and meters that communicate with one another and exchange information. The concept utilizes wireless sensor networks, software, and computing to enable utilities to see how much and where energy is being consumed, and if there are problems or blackouts in the network. More importantly, it lets customers manage their electricity consumption. But what does it mean to security and risk management? President Obama has called for the installation of 40 million smart meters and 3,000 miles of transmission lines. This means that technology vendors like Cisco Systems and IBM will be front line players in implementing networking intelligence for the electric system.
Specifically, Cisco has announced its intentions to provide an end-to-end networking platform to put the President’s plan in action. Essentially, Cisco will work with city municipalities and utility providers to revamp networking infrastructure with routing & switching and security technologies. The result could be constantly connected meters that exchange information with the utility providers and customers. Thus, building an inter-network of energy databases that will improve delivery and quality of electricity.
There are important security implications to this initiative. Utility provider’s physical equipment is light years away from being secure. Forrester has seen some interest among municipalities regarding how to secure their meters by fingerprinting and tracking them. But the Smart Grid plan will need to scrutinize important security measures like tracking, monitoring, and managing the endpoints at all times. It will need to perform asset management and make sure that authorized users are accessing the data. Moreover, establishing a robust alert mechanism that notifies IT staff of events and security breaches. Since information is going through many handoffs, compliance requirements could dictate how this information is used and how to enforce these requirements in due course.
Many security technologies can be employed to secure a hybrid infrastructure that will involve communication with the utility provider and public network, such as NAC, IPS, IAM, and VPN to name a few... More importantly, this initiative will thrust NAC to success, much like healthcare has revamped wireless and PCI has revived the SIM and IPS markets. If this initiative picks up the pace, many security vendors would need to be involved to deliver a secure infrastructure.
Enabling a robust and secure infrastructure could mean 1) better service for customers and 2) upgrading utility providers and municipalities network infrastructure that is efficient and less error-prone.
Do you think the Smart Grid project will help revamp security initiatives?
Will Cisco's announcement have an impact on the network security market?