Smart Grid security is a subject that many people prefer to avoid – either for fear of ‘giving it away,’ because the multi-stakeholder nature of Smart Grid makes implementation highly complex, or because the consequences of insecurity are more dire than we want to contemplate. A typical response is to assume that somehow security has been addressed – by someone. At the
TMC Smart Grid Summit in Miami, however, the topic was broached with a fresh degree of candour. In his keynote address, John R. Bryan, President of the Secure Smart Grid Association, recalled a couple of events that underscore the need for constant vigilance on grid security – and the grid powered by IP networks in particular: white hats hacked SCADA in 10 minutes in 2003 (this can happen much more quickly with today’s computers); researchers at U of Toronto discovered the
Ghostnet infiltration of government sites in 103 countries last year to document the growing magnitude of the cyber spy threat ; the US SCADA Network was hacked in April of 2009; and this year witnessed the infiltration of Google networks in China.
In a Summit session devoted to grid security, Solutions Director for Utilities and
Smart Grid at Cisco, Rick Geiger outlined some of the hurdles that are specific to security in Smart Grid, such as the need to ensure reliability and resilience on an incredibly large scale network (3 million miles of distribution network in the US), which is often run by legacy systems that in some cases can be 40 years old in under populated regions. But of even greater concern are the “security through obscurity” approach that many grid operators rely on – the notion that you are safe because no one knows your protocol – and the consequences of a denial of service attack on the grid, which could involve loss of more than money. In Geiger’s view, security must not be an “add on” and providers must plan for the “truth that devices, and specifically the metre, will be compromised” as we move closer to wide scale implementation of Smart Grid.
