Checklist for a Safe and Sane Smart Grid: Security, Standards and the Right Equipment

By Jim Alfred

 

Energy providers want consumers to cut back on their electricity use, citing its benefits for everything from the environment to customer bank accounts. 

 

Utilities benefit, too. A managed power load requires less investment in expensive new power-generation capacity, and consumers can save money by using real-time energy monitoring and dynamic energy pricing to control their costs.

 

Smart Grid Obstacles 

But Smart Grids—also known as Advanced Metering Infrastructure (AMI)—come with a few obstacles. One is security.

 

Smart meters contain radio transmitters that enable the programmable communicating thermostats to send and receive messages between the customer’s utility meter and the utilities. The messages contain information about customer usage, billing and other private customer data. This information must be secured.

 

To do so, smart meters encrypt the data using elliptic curve cryptography (ECC), a set of algorithms declared by the National Security Agency (NSA) in 2005 as the most secure public key crypto system available. Today, manufacturers have incorporated ECC in to their solutions because the technology is designed for small devices like smart meters.

 

Given the openness and two-way capabilities of Smart Grids, they are vulnerable to a malevolent attacker or unwitting hacker who could harm someone connected to in-home medical equipment, cripple a business or cause a wide-scale blackout.

 

Given these risks, utilities must consider North American Electric Reliability Corporation’s Critical Infrastructure Protection requirements when automating their networks. NERC is responsible for improving all physical and cyber security for the bulk power system of North America, as it relates to reliability.

 

In addition, recognizing that security is a critical market enabler, the UCA International User Group’s Utility AMI security working group (AMI-SEC) is establishing baseline security requirements and drafting specifications that will serve as a useful guide for utilities evaluating vendor equipment.

 

Solid Security Protects on Many Fronts

Securing the Smart Grid is based largely on cryptographic services for a number of security purposes, including:

 

• Authenticating systems to ensure they haven’t been tampered with
• Guarding against replay network-based attacks or load shedding and ensure availability of system resources
• Authenticating metering assets to the network to ensure that only “trusted” devices are connected
• Encrypting meter data to protect consumer privacy
• Providing integrity protection and origin authentication of meter data
• Authenticating meter firmware when updates are provisioned

While investing in a Smart Grid vision will deliver ROI and environmental benefits, creating the world’s largest distributed command and control system has its risks. Utilities can protect their significant investments in a Smart Grid by choosing secure solutions, adopting standards and employing industry-approved equipment.

 

Jim Alfred is the Director of Product Management for Certicom Corp. (www.certicom.com).  Prior to Certicom, Jim co-founded UK Broadband Ltd., a wireless broadband service provider.  Jim is a Sloan Fellow from London Business School and holds a Master of Science in Management.  He can be reached at jalfred@certicom.com