Posted by Usman Sindhu on July 31, 2009
Critics of Smart Grid argue that it is not secure enough to be rolled out yet. They may even paint a doomsday picture similar to ‘Die Hard 4’, with hackers breaking into the grid and controlling the nation’s power system. That kind of extreme scenario is shocking — in essence launching a denial of service (DOS) attack that can imperil critical infrastructure. This year’s Black Hat conferenceplans to showcase similar security threats that can impact smart meters and devices. NIST has put out a 270 page roadmap of Smart Grid standards and protocols that address various aspects of controls, including security. These guidelines can help utility companies, manufacturers, technology vendors, and service integrators to streamline controls when rolling out Smart Grid. However, the implementation of this approach is missing to date.
It is very important to discuss the risks associated with deploying smart metering technology without proper security controls. Smart Grid technologies should only be implemented under a compliance mandate. The fear is that the pilots underway today are not keeping security as the top priority. These roll outs can compromise data privacy and jeopardize user information if security measures are not taken. Government guidelines can provide value here by helping to define appropriate controls and pinpoint specific measures to secure these components.
Utility companies, Smart Grid equipment suppliers, and technology vendors need to come together to solve security issues as the top priority at this early stage of technology roll outs. The Smart Grid concept is built on an IP-based network, and therefore requires a hardened approach to network security. And similar to proper network security, adopters should be focusing on security posture and policy from the ground up.
Secure Smart Grid should be built upon tiered access control architecture that includes physical, network, data, and application access control mechanisms. This is a minimum requirement that smart meters, devices, appliances, and data centers need to fulfill. Access control architectures will provide a starting point in implementing technologies that protect and control various aspects of data transaction through diverse modes of connections.
Cisco predicts that utilities will be investing in new greener data centers more than new power plants in the coming years. Therefore, these issues need to be dealt with soon, before this technology becomes pervasive.
What role will compliance standards play in securing Smart Grid?