Rescue plans on the rise to mitigate smart grid security risks

By John Johnson on Jan 11, 2012

Utilities are scrambling to come to grips with what one industry expert refers to as a “near state of chaos.” But a 'what if case by case scenario' approach could help alleviate future problems when the EV revolution arrives.

Pike Research analyst Bob Lockhart says that security issues facing the electrical grid continue to be a major topic of discussion as utilities around the world roll out smart grid deployments.

However, despite an increased focus on security, Lockhart says that the cyber security challenges faced by utilities are nowhere close to being resolved. He predicts that the industry will continue to face serious hurdles in the coming years.

“After years of vendors selling point solutions, utilities investing in compliance minimums rather than full security, and attackers having nearly free rein, the attackers clearly have the upper hand,” Lockhart says. “Many attacks simply cannot be defended.”

However, Lockhart says there is a silver lining. Over the last 18 months, he has witnessed utilities moving more aggressively to escalate the importance of securing smart grids with architecturally sound solutions.

Pacific Gas & Electric, for example, is actively engaged with multiple working groups in the industry that are collaborating on emerging standards and solutions for some of the more pressing smart grid security challenges.

The utility, which provides gas and electric services to 15 million customers in California, is involved in the Open Smart Grid, National Institute of Standards and Technology, and the Cyber Security Working Group. PG&E has an entire organization dedicated to ensuring that security is part of current and future smart grid investments.

Security awareness

“Smart grid security is a top priority for PG&E,” says Jonathan Marshall, a spokesperson for the utility. “The entire industry takes this matter very seriously. It's important that our customers know that our energy grid is being kept safe and secure now and in the future.

“As part of this, we have a dedicated team focused on providing security awareness and training for our workforce, since vigilant personnel are a key defense.”

PG&E has an integrated information security group of about 60 people, of which smart grid security is just one of their functions. The company is also working with vendors to ensure that they adhere to a prescribed standard security baseline established by PG&E, guaranteeing robust system protections in addition to compliance with industry regulations.

Plenty of solutions

Although smart grid security options remain a moving target, there is no shortage of solutions and utilities are expected to dramatically increase their security investments going forward. According to ABI Research, utilities spent $590m on smart grid security technologies in 2010, a number that is expect to top $2 billion by 2016.

Security spending on transmission upgrades made up the largest portion of smart grid spending, accounting for 54 percent of total spending in 2011. The transmission sector is expected to remain the largest sector for the next five years.

Security spending on substation and distribution automation is also forecast to be significant over the next few years.

“There has been an enormous focus on smart grid security, particularly over the last two to three years,” says Josh Flood, a senior analyst with ABI Research. “As well as providing security protection against physical and cyber-attacks on the smart grid, utilities are spending significant amounts of money on closed-circuit television (CCTV) surveillance and security software.”

EVs challenge

Another major area of concern when it comes to security is the exploding electric vehicle market, an issue that utilities are trying to get a head start on.

According to ABI research, EV charging stations are projected to see the highest security growth rates out of all the smart grid segments, growing from $6 million in 2011 to $150 million by 2016. The security issues faced by EV charging stations are very similar to the smart meter market, with data protection and tampering with the charging stations primary areas of concern.

“Authentication and payment technologies and models are expected to vary by market and will be determined by technological needs, security concerns, and the type of deployment,” says Flood. “Residential charging is the least complicated, with the chargers installed in a customer’s garage or parking space and attached directly to the residence’s electric meter.

Flood says that billing can be much more complex in public or semi-public spaces, where multiple customers need to access the chargers, and security therefore becomes a greater issue.

Are you authorised?

“Authentication technology is critical for identifying the user and ensuring the charging transaction is accounted for by means of a subscription plan, pay-per-use model, or other account-based plan,” he says.

Authentication and access control can be handled by various technologies. A card can be swiped at the charger to initiate a transaction, or an RFID-enabled contactless card can be waved in front of a reader attached to the charger.

In the future, Flood predicts that biometric sensors could be used to identify users who are part of a closed community, such as employees at a company that has chargers installed in its company parking lot.