Navigant Research Blog

High Stakes Blockchain Applications Are a New Frontier for Cybersecurity

— November 30, 2017

Blockchain-Based Systems Are Only as Strong as Their Weakest Link

On November 16, the US Patent and Trademark Office released a patent filed by Nasdaq that describes a blockchain-based architecture that could be used to track the ownership and transaction of stock market assets.

Nasdaq is part of a wave of big name organizations globally—including banks, utilities, and the Pentagon—that have announced plans to experiment with blockchain to determine whether it can help their organizations run more smoothly, efficiently, and securely.

As the hype train charges onward and expectations skyrocket, there is a real risk that in the rush to generate solutions to increasingly complex high stakes problems, adopters will forget that simply adding blockchain doesn’t make a system bulletproof. Before integrating blockchain into keystone systems like stock exchanges or electricity grid operations, it’s important to understand where blockchain brings security to a system, where it doesn’t, and how it interacts with other pieces of the puzzle.

Blockchains Are Built on Security and Cryptography Principles

Blockchain architectures are considered a robust and highly secure means of storing information for several reasons:

  • The blockchain is stored across a decentralized and distributed network of many computers, creating a redundant record with no single point of failure.
  • Network nodes use a resource-intensive cryptographic process to reach majority consensus on the chronology and validity of transactions between nodes.
  • The full record of information stored on the blockchain is auditable by any node in the network.

In combination, these properties make the blockchain ledger itself resilient to attacks. Indeed, despite soaring valuation that provides a $140 billion incentive for hackers, the underlying architecture of Bitcoin has never been broken.

Determined Hackers Will Work Around Unbreakable Cryptography

Rather than attacking the blockchain itself, hackers have repeatedly exploited weakness in the hardware and software components of the system—the personal computers and devices that make up the nodes of the network and the software applications that enable autonomous transfers and digital contracts. It’s the cryptographic analog of identity theft: a thief doesn’t need to smash their way into a bank vault if they can clone your credit card.

White hat hackers used exactly this principle to gain irreversible control of users’ Bitcoin wallets by exploiting a hole in cellular text messaging protocols. A hacker famously exploited errors in an Ethereum smart contract to steal $31 million  from early backers of a startup. The blockchain preserves an immutable open record of the thefts for all to see, but it also makes them irreversible.

Planning Ahead

The electricity system is a frequent target of cyber attacks backed by powerful antagonists. To date, no blockchain architecture has yet been subjected to a stress test of the magnitude we might expect if it were supporting, say, the automated demand response capabilities of a microgrid in an urban financial district. Potential applications in these systems are among the most transformative opportunities for blockchain, but will also be among the most prone to cyber attack and the hardest to field test at scale.

Until a set of comprehensive security standards for blockchain-based systems is developed, Nasdaq and any organizations seeking to adopt blockchain-based solutions must recognize that blockchain does not inherently provide end-to-end security. For blockchain to be part of the solution requires thoughtful implementation and proactive design that maximizes security at the ends of the chain. Every link of the system must be evaluated for security and potential vulnerabilities, and adopters should be especially cautious about entrusting critical systems to the technology.

 

Can Technology Solve the Dysfunction of Sustainability?

— November 30, 2017

Sustainability is a term that, by itself, can be meaningless. The downfall of “green” into “greenwashing” is a cautionary tale for sustainability champions. In a recent Triple Pundit article, “The 8 Dysfunctions of Sustainability,” a Penn State University professor articulated the problem: “[My critique] is meant to both reclaim the original fullness of ‘sustainable development’ but even more to point to the baggage we must leave behind. In a word, sustainability has to grow up.” Professor Erik Foley’s criticism is sound and defensible. The question then becomes: How can we course correct and make sustainability a relevant and impactful metric?

It is important to define a scope of action to make the concept of sustainability concrete. Let’s look at the commercial buildings sector as an ecosystem of business, economics, and people that can provide structure to the analysis of sustainability. Technology can be deployed to alter how we operate and assess the value of buildings against the environmental, social, and governance lenses of sustainability. To be specific, data, analytics, and automation can represent three pillars of a mature solution for the buildings sector that ensure continuous and ongoing improvements in the buildings sector from a sustainability perspective. Let’s examine two dysfunctions from Professor Foley’s article to highlight how technology can be the pathway forward.

#2: We measure what we can manage even if it doesn’t matter.

The bottom line here is action. We have tracked the evolution of the intelligent buildings market for years at Navigant, and it is evident the technology can make significant impacts on sustainability metrics. We have tracked the transformation from traditional building automation solutions that improved scheduling and reduced hot and cold calls in the biggest buildings to software as a service (SaaS) applications that provide enterprisewide insight on building operations—the key shift is action. Effective intelligent building solutions provide an end-to-end solution for gathering, communicating, and analyzing data that is translated into meaningful information with integrated automation and controls that enable continuous improvement in operations. What that means that customers can utilize technology to reduce costs, improve experience, and lower environmental impact through a systems-based strategy.

#4: Efficiency ≠ sustainability.

Foley’s fourth dysfunction sets up a further explanation of the sustainability improvement opportunities tied to the systems-based approach to building operations made possible by intelligent building solutions as described above. The smarts of the data-driven approach to intelligent buildings are rooted in the idea of holistic insight and operational improvement. This approach is a perfect counter to dysfunction #4. Take, for example, our historic approach to energy efficiency and demand management—these two objectives were seen as isolated strategies for energy management that delivered different and possibly competing benefits. The real-time insight and continuous operational changes made possible by integrated automation and controls with analytics enable reduced costs, lower environmental impacts, and increased comfort. One side does not have to take precedent over another but can be prioritized at different times to meet a larger goal. From a sustainability perspective, an intelligent building solution can support overall energy use reduction, but also optimize equipment operations so energy is used at peak time if there is onsite solar, for example, or reduce energy during peak if reliant only on grid power.

Today, there is a real opportunity to re-envision sustainability to deliver operational changes that provide sustained social, environmental, and governance improvements. Interested in more of Navigant Research’s point of view on sustainability? Check out our recent report, Intelligent Building Technologies for Sustainability.

 

China Cements Its Role as the Undisputed AMI Leader

— November 30, 2017

In terms of volume, China continues to preserve its status as the undisputed global leader in advanced metering infrastructure (AMI). Since 2012, State Grid Corporation of China (SGCC) has been deploying smart meters to each of its customers at a feverish clip. SGCC has installed more than 400 million smart meters across China over the past 5 years as part of this unprecedented project.

While utilities in countries like Italy and Sweden have succeeded in converting all their electromechanical meters to smart devices, the scale and execution of China’s nationwide project are truly unmatched. It is worth noting some of the unique characteristics of SGCC’s project and what’s in store for the future of the overall Chinese smart meter market.

How Is This Possible?

When looking at the Chinese market for smart meters, it becomes clear that all meters are not created equal. More often than not, smart meters deployed across China lack the full capabilities of a basic smart meter common in Europe or North America, such as hourly interval measurements or reasonably symmetric two-way communications. Yet, the Chinese meters still provide significant capabilities beyond traditional automated meter reading systems, including very low speed or potential short-range communications.

These limited capabilities are one of the primary drivers behind the radically different price points of Chinese smart meters, which are typically around 50% less than typical US or European prices. In addition, the monopolistic nature of Chinese utilities leads to high volume purchase orders from domestic suppliers, further reducing average meter costs.

What Is Happening on the Ground?

Over the course of 2016, SGCC deployed 70 million new smart meters, with the installed base reaching approximately 400 million devices. SGCC expects full deployment by the end of 2017.

China Southern Power Grid, the country’s other state-owned electric utility, was primarily involved in pilot-scale projects prior to March 2016, at which point the utility began its large-scale commercial deployment. China Southern expects full deployment by 2020, which should account for more than 80 million meters.

Improving Technology Shows Promise for the Market

While initial indications would suggest a significant market downturn in 2017 and 2020 given the rollout conclusions, the emerging second-generation smart meter market should help placate any potential concerns. According to China’s national regulations, meters must be replaced every 5 to 8 years. With the lifespan of SGCC’s deployed meters running between 1 and 5 years, the mega-utility will now begin looking into second-generation upgrade meters, which often carry a higher cost along with increased capabilities.

This emerging second-generation market is expected to help sustain the strong revenue and growth profiles that have characterized the Chinese market for years. As other major markets like Brazil, Egypt, India, and Turkey begin their forays into large-scale smart meter projects, lessons can be learned from the impressive scale and execution of China’s rollouts.

 

Businesses Say Bring On IoT Regulations

— November 28, 2017

Most businesses do not seek new regulations from governments or regulatory agencies. They already have enough rules to play by. But when it comes to the Internet of Things (IoT), many take a different tack and are quite open to strong regulations since they are acutely aware of the many reported hacks or known vulnerabilities in things like webcams, baby monitors, and cardiac devices.

A new survey underscores this sentiment. 96% of business respondents saying there should be IoT security regulation, according to the study of 1,050 global IT and business decision makers conducted by Gemalto, a global digital security vendor based in the Netherlands.

Not only do business people see the need for enhanced IoT security, consumers do as well. The same Gemalto survey finds that 90% of consumer respondents (out of 10,500) believe there should be IoT security regulation. 65% of the same consumers are concerned about a hacker controlling their IoT devices.

Challenges Businesses Face

The leading challenge for companies trying to secure IoT products or services is the high cost of implementation (44%), according to the survey. That means companies either bite the bullet and invest in greater security for products or services or cut corners. The latter is obviously not a wise approach. It leaves customers too vulnerable to shoddy security in the IoT products or services they purchase. If spending remains a barrier, it could spell trouble for the emerging IoT market as a whole. With no baseline of security, IoT technology buyers will remain leery and unlikely to make purchases.

Another concern the study revealed is that only 6 out of 10 businesses encrypt all the data they capture or store via IoT devices. That means 4 out of 10 (or 40%) businesses do not, a major red flag. Not all data flowing from IoT devices is that valuable; the number of times someone turns on or off a connected light bulb is minor. But health records or personal financial details is another matter altogether.

Energy Sector Relatively Secure, So Far

So far, the energy sector has a fairly good record of thwarting attacks against devices, with some exceptions. Things like smart meters, substations, and other grid assets have remained safe for the most part. But there are many attempts to penetrate the grid, like earlier this year when nuclear facilities came under attack. Those attempts are likely to increase as more things connect to the grid through distributed energy resources and behind-the-meter devices like smart thermostats or EV chargers. Without stronger rules and incentives, the risks will rise significantly.

One can understand the desire for more stringent regulations for the IoT. The number of things connecting to the grid and other systems is growing exponentially, and so too the number of potential threats. A strong set of standards throughout the IoT value chain is needed to keep data, systems, and people safe. Strong rules will force vendors to devote the needed resources and money to make it happen sooner rather than later.

 

Blog Articles

Most Recent

By Date

Tags

Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author


{"userID":"","pageName":"2017 November","path":"\/2017\/11","date":"1\/18\/2018"}