Cleantech Market Intelligence
Smart Grid Security Summit East: Absolute Security!
This week saw the second Smart Grid Security Summit East meeting, in Knoxville, Tennessee. Compared to the first event last August in San Jose, attendance increased nearly fourfold – I counted 150 seats in the ballroom and my session was standing room only. We didn’t really attain “Absolute Security” but one vendor panelist made that claim for his product. So it became a catch phrase for the remainder of the conference.
Given the choice of sessions to moderate, I snapped up the best one of the conference: “How Utilities Are Managing Security.” Before sharing my impressions I would like to thank the four excellent panelists, who made my job as moderator nearly redundant:
- David Batz, Edison Electric Institute
- Ward Pyles, Southern Company
- James Sample, Tennessee Valley Authority
- Rob Humphrey, Duke Energy
This session set the tone for the conference. I believe we are seeing change of heart by utilities to get out and engage more with the cyber security industry. As one utility panelist said, “When it comes to security, we are not competitors. We all need to work together.” And there were several other utilities attending beside these four.
What struck me about the utilities’ comments in our panel session was that no matter the question, the responses were framed in business terms by all four panel members. Whether change control, smart meter lifetimes, security vendors, or smaller utilities, each answer circled back to running the business of a utility; delivering energy to customers. The panelists’ responses indicated that their utilities have strong processes to manage technical and cultural change, as a key to their success. Utility cyber security has clearly become a profession and not just a technology.
Unfortunately, security vendors may not be getting the message. Utilities criticized security vendors on several counts:
- Overselling their solutions
- Not showing up with a specific utility solution
- Not understanding utilities’ business issues
- Simply repackaging existing products
- Running pilots in situations that do not reflect the real world
In offline conversations, utilities are aware that nearly every large security vendor has, in the past year, established an energy vertical. They do not seem impressed by this. Utilities feel that they have to do too much work on their own to make the solutions work after the vendors have left.
The large utilities on my panel expressed a willingness to share what they have learned with smaller utilities. Actually, they phrased this more as a responsibility than merely a willingness. Security is only as strong as its weakest link. The large utilities realize that protecting smaller utilities, linked to them in many ways, is in their own best interest. While not explicitly stated, I also sensed a comradeship in wanting their smaller brethren to avoid their sometimes painful experiences. Panelists suggested that smaller utilities could operate in cloud computing environments, applying lessons learned from the large utilities. A cloud with many small utilities can approach the scale of a large utility’s infrastructure.
Finally, the utilities see a need to better collaborate with the relevant PUCs, to educate the PUCs in the challenges they face and solutions used. The current situation leaves the PUCs – who in a later panel admitted that their security teams are substantially understaffed – working in the dark and regulating areas where more information could make them more effective and efficient.
For me the keyword of the conference was collaboration – it occurred in many diverse sessions. My next blog will share impressions from some of the other sessions. And who knows? If this many key players do in fact collaborate, we may one day attain Absolute Security!