During a recent thunderstorm, a power surge fried the motor of my pool pump.  With prime algae-growing season nearly upon us in Texas, this was suboptimal timing.  Still, being a smart grid researcher, I thought I’d write to my co-operative power supplier, CoServ, and find out what happened.  So I sent a short note via their “Contact Us” web page, asking if they could look into their distribution management system for that Sunday morning and see if there had been a power swell in my neighborhood.  This was purely out of curiosity – this is what I do for a living, right?  Here’s the reply that I received about 4 days later:

 Thank you for taking the time to contact CoServ Electric. As you are aware there were adverse weather conditions in your area at the time of the service abnormalities.

CoServ Electric works hard to ensure all our members receive reliable service. However, because of the nature of the electric utility industry, continuous service cannot be guaranteed. (For example, situations involving animals on the lines, unforeseeable equipment issues, or weather events such as happened in your case.) Because this event was an “Act of God” and not something we could have foreseen or prevented, we cannot accept liability for any reported damage. We recommend contacting a qualified electrician to make sure your electric service beyond the point of service (the electric meter) is properly protected from common outside disturbances.

Thank you again for your report and for allowing us to serve you as a member of CoServ Electric. If you would like to discuss this situation further, feel free to contact me.

Okay, I admit that lots of people walk around with an entitlement mentality.  Still, it would never occur to me that my power utility is responsible for lightning strikes.  Is CoServ up there in the sky hurling thunderbolts at my pool?  Of course not.  They bear no liability for the pump.  So why such a defensive response?

Litigation Phobia

Here’s my theory: because their lawyers made them to do it.  In its 108-page tariff for electric service, CoServ already states that it is not responsible for acts of God.  Nor should it be.  Making any utility liable for all acts of God in its service area would most likely render that utility bankrupt.

And that’s the problem.  I have seen (but will not link here) job postings for “NERC Compliance Manager” where one of the essential candidate requirements is a law degree.  An analysis of NERC CIP v4, which added additional clarification of the term “critical cyber asset” (CCA), shows 17 new clauses to define a CCA.  Each of those clauses gives a utility enough wiggle room in a courtroom to escape penalty.

I’m currently researching cyber security for smart grid telecommunications.  As ever, the overriding investment theme for cyber security emerges as avoidance of fines or litigation.  After 23 research interviews I have a consensus response that there are a handful of utilities in the United States that proactively address cyber security, in each case because of a single individual that really cares.  The remaining utilities are characterized by my contacts as doing the minimum necessary to avoid legal consequences.

Don’t get me wrong – I’m all for keeping our utilities healthy financially.  From a purely selfish perspective, researching those utilities puts bread on my table.  But – can we please focus on operations and reliability, not legal ramifications?

Utilities want to know if vendors are overselling their wares.  Are vendors making commitments that that they really should not?  Sometimes it’s hard to know what a product will actually do – or not do – until it’s installed and running.  So most buyers will try to assure themselves that the product – hardware or software – will do what it says on the label.

But there’s another side that gets less attention: do vendors underplay the difficulty of living with a product?   As Calvin once explained to Hobbes, there’s a big difference between getting something and having something.  After the discussion session at a recent smart grid conference, I understand that having meter data management (MDM) can be more complicated than buyers may grasp during the acquisition cycle.

At the conference session, I joined five utility executives discussing their experiences implementing MDM.  The group was given a preset list of questions to discuss.  The first, “What have you learned from going beyond billing?” resulted in a bunch of blank stares.  The reason: that’s all these utilities have done with MDM – generate bills.  There is little “beyond billing” yet.

Perhaps the most common theme of the discussion was the difficulty of installing MDM and then integrating it with other applications.  All of the participants felt that this aspect had been underplayed by their vendors during the MDM purchase cycle.  Integration of MDM to other applications such as energy management, outage management, or customer information systems, has proven far more difficult than expected.

Response Times Slowed

All five utility officials were also dissatisfied with their MDM’s reporting capabilities.  Several utilities had reinstalled legacy reporting systems, piping the data from the new MDM back to the reinstalled legacy systems.  The group also wanted a separate replicated MDM database for reporting because running complex analyses against the online database significantly slows the response to real-time queries – usually driven by customer portals on the Internet or help desk agents on a call.

Everyone present agreed that MDM should be done before a smart meter rollout, or at least simultaneously.  No one thought it a good idea to deploy smart meters before the MDM was in place.  Some of the group felt that the holy grail of smart metering – interval readings every 15 minutes – is useless for residential applications, although useful in commercial and industrial applications.  One panelist said his utility had activated remote disconnect for only 1% of its smart meters, although that was due to local regulations governing disconnect processes.

Navigant Research’s report, Meter Data Management, published 3Q 2012,  stressed the need for detailed planning before installing an MDM system.  These discussions reminded me how true that is!

Utilities expect smart grid technologies to help them in three key areas:  grid efficiency, financial management, and customer engagement.  Of the three, customer engagement gets by far the least attention in the media.  But as often happens, what we read in the papers is merely the tip of utilities’ project iceberg.  At the ElsterConnect conference in San Antonio, I saw an impressive example of enriched customer engagement.  The keynote speaker was Michael Lowe, chief customer executive at Salt River Project (SRP).

Chief what, you ask?  Already you’ve sensed the problem – many utilities don’t rate their customers highly enough to give them their own chief executive.  That was the first hint that SRP is going about things differently.

Mr. Lowe declared that every customer interaction with SRP must be rewarding, easy, and pleasant.  Those three words were on the screen in what looked like 1,000-point font throughout much of his remarks.  SRP’s goal is that 90% of its calls are answered within 30 seconds, and they have set no limit on how long a customer call can last – the company doesn’t even collect that data.  That is pure heresy to classic call center management but pure bliss to SRP customers.

We Guarantee It

SRP says it hires its customer service agents for attitude in a hiring process that’s described as speed dating.  The underlying concept is that happy employees will yield happy customers, and successful current employees are the best judge of who will make great future employees.

SRP’s goal is to make energy tangible to their customers, to get the customers to think about it.  That means giving them enough information, in ways that are easy to receive and digest.  The most popular page on SRP’s website is the daily usage graph, which each customer can access for their own account.  Customers can get a weekly SMS text message showing their anticipated monthly bill, given current usage.  Customers can pay their bill via phone call, text message, at hundreds of kiosks in the Phoenix metropolitan area, or by U.S. mail.  Only 20% are paying via post now.  Meanwhile, giving more information to customers online has reduced phone contacts by 28%.

SRP also offers time-of-use billing through their EZ-3 program, to shift usage away from the 3 p.m. to 6 p.m. peak demand period.  So far, 20% of its customers have volunteered out 845,000 smart meters deployed.  The program includes a money-back guarantee: If TOU billing doesn’t lower a customer’s bill, then SRP refunds the difference and returns the customer to single-rate billing.

Finally, 15% of SRP’s customers use prepaid plans.  Doing the math, that is about 125,000 prepay customers – the largest prepay program in North America and far beyond any definition of a pilot.  Prepay users reduce their monthly energy bills by 12% on average, thanks to the discipline required by prepay plans.  Improving service, apparently, carries benefits for the utility and for its customers.

It sounds sci-fi but it really isn’t.  Los Alamos National Labs (LANL) announced that it has successfully demonstrated quantum cryptography, using a single photon to generate secure random numbers between devices.  LANL successfully tested this quantum crypto transmitter against an electric grid test bed.  (Perhaps the bigger surprise is that someone is actually developing a security solution not aimed at social networking.)

According to the press release, this marks “the first-ever demonstration of securing control data for electric grids using quantum cryptography.”  That gives me a mild case of heartburn:  cryptography is one method of protecting data, but to say that any cryptography on its own secures data is to overstate the accomplishment.  But this is genuine innovation – rare as hen’s teeth in grid cyber security – so let’s press on.

If this were just another way to encrypt data, I might say, “Neat!” and stop there.  But the most nearly intractable problem in securing smart grids is protecting legacy devices that sit side-by-side with modern IP- and Bluetooth-enabled devices.   The cryptographic transmitter, invented by LANL and called a QKarD, is tiny by comparison with other encryption devices and introduces line latency well within tolerances for a control network.  Testing was done on a 25-kilometer (15.5-mile) length of optical fiber.

New Intelligence Required

As Los Alamos points out, integrating renewable energy supplies into grids requires new techniques, and new telecommunications.  Most grids were built for the steady, predictable inputs from fossil-fired generation.  Adding variable rate inputs such as solar or wind requires new intelligence and new controls.  Those new controls assume that data received from the field is reliable and from a trusted source.

Cryptography can fulfill both of those functions.  While enterprise IT shops rely upon cryptography first and foremost for confidentiality, data integrity is more important for control networks.  Cryptography is not by itself a total security solution, but its role in preserving useful and accurate data is key.  LANL’s solution may move the industry one step closer to a painless way to protect all that data.

A recurring theme from my 3 years of research is that there is precious little innovation in cyber security.  Along with quantum cryptography, I have recently seen promising new approaches for network anomaly detection, network cleansing, and device ID protection, among other things.

Perhaps the tide is finally turning.