Securing the Smart Power Grid from Hackers

Imagine if the havoc caused by Internet viruses and wormS—downed web sites, snatched credit card data, and so forth—were unleashed on the power grid's critical infrastructure. The results could include targeted blackouts, tampering with power generation (including nuclear plants), or the use of energy consumption data for malicious intent. For while a smart power grid, which leverages information technology to add more intelligence to the electricity network, will give consumers and utilities more control over energy consumption, the transformation from analog to digital will bring to the grid a threat that plagues the Internet: hacking.

According to a report in the National Journal last year, hackers in China may have already used what little infotech intelligence there is on the current power grid to cause two major U.S. blackouts. So with a smart grid moving to become reality, utilities and federal regulators are trying to ready themselves for potential dangers. As representatives from the Federal Energy Regulatory Commission said at a smart grid policy meeting last week, maintaining security is the highest priority.

Why is a smarter power grid so vulnerable? Joe Fagan, an attorney for Pillsbury Winthrop Shaw Pittman who has spent his career representing the energy industry, including extensive work with FERC, explained that transforming the power grid's largely one-way distribution network into a two-way system delivers many more points of contact with the network. And if the power grid is to be run by networks based on Internet Protocol, hackers have spent years developing the tools needed to take such networks down.

Stimulus Money for Grid Security

In addition, Ben Schuman, an analyst with Pacific Crest Securities, notes that the smart meters being installed in homes are basic, low-cost (around $100) consumer electronics that a hacker can easily purchase, take apart, and use to learn about the accompanying communications network.

The good news is that several steps can be taken to build security into the smart grid from the ground up, and the stimulus package is allocating some $11 billion for smart-grid-related technology. Fagan estimates utilities would each need to spend millions of dollars to implement security controls.

Crucial to maintaining security will be establishing industry standards. At the smart grid policy meeting held last week, FERC Acting Chairman Jon Wellinghoff issued a statement calling for the development of "standards to ensure the reliability and security, both physical and cyber, of the electric system." While FERC doesn't itself develop standards, the agency will be asking for input from standards bodies that work on security in the Internet, engineering, and electronics industries. Over the next month and a half, companies and consumers can offer their thoughts as to the direction the standards will take.

The second factor needed to secure the smart grid will be an open platform. This sounds counterintuitive, but as Pacific Crest's Schuman explains, the most robust security systems out there are largely based on already established open standards. In order for third-party developers to be able to contribute their best solutions to a smart power grid, it must be based on an open platform as well.

Ultimately the hurdles to securing the smart grid are not impossibly high. The benefits of offering consumers and utilities more control over energy consumption—reducing energy use and carbon reduction—far outweigh the security concerns.

Before it's here, it's on the Bloomberg Terminal.