Cyber security issues with Smart Grid go way beyond metering devices
Saturday, March 21st, 2009
IMHO, end-user ’smart meter’ device security is the smallest issue to be resolved with moving toward a Smart Grid.
The real issue with Smart Grid is having thousands of electric devices connected to the network that have intermittent production capacities.
Currently, from what I understand, the electrical grid is somewhat sensitive to large changes in the amount of electricity being put onto or being pulled down from the grid.
As energy consumption goes up, power producers put more energy on the line. As consumption goes down, those sources are throttled back.
But what do you do when you plug 1500 windmills into the grid?
What happens when the wind starts blowing, then suddenly stops.
Here’s a hypothetical. Suppose a 1500 turbine wind farm, producing 15 MW of power and placing it on the grid.
If consumption = supply, we are all good.
But what happens if the wind, literally, stops blowing for 30 minutes.
Is everyone going to scramble to shut off their air conditioners and unplug their fridge?
With respect to Availability aspects of the CIA triad, we have a big issue here.
Compound that concern with the fact that electrons traveling across a grid monitoring system travel at the same speed as the electrons traveling from producers to consumers, and you get an ugly producer/cosumer problem.
An effective smart grid must mitigate these intermittent sources of power by ensuring that access to the grid happens in a controlled manner.
That involves rapid ability to disconnect an intermittent source, or to store it’s electricity for later consumption.
The devices that perform that function are, in my opinion, the biggest cyber risk.
Though it’s not necessarily security related, the other issue that needs to be addressed with the introduction of large-scale intermittent power sources on the grid, is the need to match all intermittent sources with 100% non-intermittent sources.
For example. In our example above, in the case where you have 15MW wind being put on the grid, you must have at least 15MW stand-by power producing capacity spinning and ready to dump energy onto the grid in the event that the wind dies down.
This issue is tough, and involves, essentially, rebuilding vast amounts of the grid to attempt to decentralize the alternate energy sources as broadly as possible.
So, for example, wind turbines in Maine might be providing power to consumers in Arizona during the night, but Solar Production in Arizona might be powering Air Conditioners in DC during the mid-day. At the moment, our grid just ain’t built that way.
I was at a FERC Commissioner’s meeting last week, and I assure you, they weren’t talking about the issues with end-point monitors. How you secure the devices protecting the grid as a whole was on everyone’s lips.
Bill Gross