Smart-grid dividend: security and intelligence already built in
The typical pattern for technology development has been innovation followed by commercialization and deployment. Only after new products, services or functionality have made their way into our lives and businesses have risks been recognized and security issues addressed.
This has been the pattern followed by the Internet in general and most of the devices using it, from desktop PCs and operating systems to handheld devices and social media.
The result has been basically insecure infrastructure and products with clunky add-on security that struggle to keep pace with functionality. It has been recognized for years that it would be better to build security in from the beginning, but development has occurred so quickly and unexpectedly that it has been impossible to chart a secure path because no one knew where we were headed.
Smart grid gets its first 6 standards
California goes first on smart-meter adoption
That process is beginning to change with the smart grid, an intelligent energy and information delivery system that will replace the grid that we have been relying on since the late 19th century. Functionality still has a lead over security in the smart grid, but that lead has shrunk quite a bit, and security now is almost keeping pace. With the concerted effort now being made by industry and regulators, there is even a chance that security might be able to get out in front.
With the National Institute of Standards and Technology taking the lead, a secure smart-grid architecture is being developed, and a framework of standards and best practices is being assembled that should be available for utilities and their vendors by the time the bulk of the new system is ready for implementation.
That has happened because the need for updating the power grid to adapt to the demands of 21st-century problems was recognized early and the effort of creating it was identified as a priority, with responsibilities assigned before most of the technology had been put into place or even designed.
The process is not perfect. Security requirements for a smart-grid architecture are not yet complete, and security and interoperability standards are still being identified and developed. In the meantime, the first elements of the smart grid, including smart meters that provide more detailed information to both consumers and utilities about how much energy is being used, already are being installed. And the Energy Department has awarded more than $3.5 billion in Recovery Act grants for smart-grid development.
The grants, ranging in size from $200 million to less than a million dollars, have gone to 100 projects for advanced metering infrastructure, customer systems, electric distribution and transmission systems, equipment manufacturing, and integrated and cross-cutting systems.
Although development and implementation are under way, it is being done with an eye toward security.
In July, California became the first state to adopt rules for ensuring the privacy and security of information generated by smart meters. The state regulations are being developed in cooperation with the Smart Grid Interoperability Panel, headed by NIST, which is assembling technical standards for the new equipment. State and national officials hope the California effort will become a model for other state regulators.
With these proactive cooperative efforts, there is a chance that when the smart grid finally emerges, it will be the first public IT infrastructure designed and built with security in mind.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.