Friday, October 2, 2009

Evolution of SmartGrid: A new Game for Owning the Continent

The life of human has dramatically changed from the manual work to automation during the past few years. This change has brought excellent benefits to the humanity and significant change to our environment making the life easier and trustworthy. However, the lack of 'security' into automation has raised challenging questions to provide a resource with confidentiality, integrity, availability and accountability. And because of distributed nature of the internet, it has also become harder to control and regulate the illegal activities cross the border which requires additional law/petitions among countries.

SmartGrid is a digital technology for providing electricity. It allows the suppliers to remotely control the consumption of consumers electric energy and amend any possible variation in rates. In similar way, it does help users to monitor their energy usage in real-time. The major objectives of SmartGrid technology is to increase reliability, efficiency, perfectness and safety of the country's electrical infrastructure. Integration of security in such digital technology is vital and must be implemented with a broad vision. Currently, The Energy Independence and Security Act of 2007 has provided Energy Department with necessary guidelines to develop SmartGrid program. On the other side, US-NIST has been assigned with core responsibility of developing a framework of security for the SmartGrid and the project named by NIST called "Smart Grid Interoperability Project".

Current Security Initiatives (SmartGrid)

-Energy Independence and Security Act of 2007 (bill signed on 18-DEC-2007)
-NIST Smart Grid Interoperability Project (initial standards published on 8-MAY-2009)
-Advanced Metering Infrastructure (AMI) System Security Requirements v1.01 (Released on 17-DEC-2008)
-Critical Electric Infrastructure Protection Act (CEIPA) - (HR 2195) (Introduced on 30-APRIL-2009)


In response to the current state of design and implemetation of Smart Grid technology, it is an unfortunate condition for those such as, Salt River Project and Austin Energy, who had already started this revolution years back because of no proper security integration from the initial step of production. Thus, the security will be add-on feature for some SmartGrid producers after implementation. From the anticipation of electronic industry like banks and financial institutions, health care, manufacturers and other similar market segments facing critical threats at different levels today, it is quite obvious to judge the future of SmartGrid security. Some of which are given below:

1. Penetration testing for Smart Meters have shown negative signs, allowing attacker to take full control over the meters.
2. Wide scale denial of service (DoS) attacks are possible.
3. Application threats (exploiting OSI layer-7 to control the full usage of electricity over multiple homes/businesses).
4. Physical Security threat (if malicious adversary successfully access the SmartGrid controller room).
5. Controlling SmartGrid network, thus owning the whole continent?

A very serious initiatives will be forwarded by FERC in 2010 to fine the utility companies up to "$1million dollars per day" if any found non-compliance with security standards. Hence, there is more to come in near future.