Safe smart grid design
Ray Bell, GridNet
In May, President Obama cited smart grid security as one reason for creating a new White House cybersecurity coordinator position. In addition to a lack of encryption or authentication processes, the majority of smart grid mesh networks present critical vulnerabilities in performance, management and especially security. Lacking open standards, mesh networks are not yet ready for wide-scale installation in the smart grid.
Security needs to be designed into every aspect of the smart grid and support all of the government's cybersecurity principles: confidentiality, integrity, availability, identification, authentication, access control, non-repudiation, access controls and auditing/accounting. To adequately do this, utilities need to take a three pronged approach in designing the smart grid.
First, take security “granular” to prevent an attack from spreading throughout the smart grid network. Network hacks are a fact of life, but utilities can protect their smart grids with the right security architecture, which requires unique, standards-based security built into every network node and device.
The next step is to use only standards-based security – everywhere. By incorporating security standards into the smart grid, utilities can leverage the collective best efforts of thousands of engineers and millions of dollars of investments in the latest protections. Moreover, standards-based security ensures faster, simpler upgrades and “future-proofing.”
And finally, it's essential to make security pervasive. Only a multi-layer, multi-level security architecture will provide adequate safeguards in the smart grid. Utilities need to architect government-grade security into meters and other devices, into the smart grid network, into smart grid software operating systems and applications, into the data being transmitted, and into utility enterprise systems.It's time for utilities and their vendors to stop talking about security and to start building it into every aspect of the smart grid. Done right with the right holistic approach, the smart grid will allow utilities to make the leap to IP-networks to enable real-time, two-way energy usage monitoring and information sharing.