“Security is too important to be left to compliance.”

Jim Brenton of ERCOT thusly encapsulated the security-versus-compliance dichotomy at the recent Managing SCADA Security Risks conference. But is this truly a dichotomy or just two distinct objectives with quite a bit of overlap?

The history of Smart Grid compliance does not confidently promise a high degree of security. The first round of NERC CIP standards required utilities to self-identify their Critical Cyber Assets (CCAs). After careful consideration, 73% ascertained that they had no CCAs. Then CIO of NERC, Michael Assante, wrote to utilities in a now famous memo that they may have been unrealistic in their self-assessment.

Yet, every utility that I have spoken with wants a secure grid. All have constrained budgets. And legal counsel will avoid making commitments unless required. Regardless of your stand on security, avoiding commitments whenever possible is sound business practice. We security purists often forget that.

So we watch as NERC CIP evolves in fits and start through a morass of 500 member work groups, stakeholder foot-dragging, and the familiar diet of politics and procedures. Andy Bochman of IBM provides an excellent play-by-play of CIP development in his Smart Grid Security Blog. Generating excitement about a process that moves at glacial speeds is no mean feat, but Andy manages it.

And yet – compliance is a good thing. Without NERC CIP, would utilities be even as secure as they are now? Doubtful. Without compliance as a driver, would cyber security even exist as an industry after the recent recession? Improbable. Many software markets faltered during the downturn but security ploughed right on through. Auditors don’t get a holiday during a recession.

So which to choose, compliance or security? I have news for you: The answer is “both.” It’s all a matter of approach.

Compliance is typically a top-down driven activity. Laws or regulations arrive, corporate legal advises whether or not they are relevant, and the minimum necessary activity for compliance is undertaken. Again, this is sound business practice. There is no sane reason to overspend on compliance.

Security is a bottom-up activity, starting with an assessment of risks for key assets. This assessment then forms the basis of a security program. The highest possible impact risks are addressed first and the lowest impact risks are most likely never addressed because funding is exhausted before reaching that point. Employee awareness training is also a key but an often-neglected element of effective security.

The difference between compliance and security is evident. Compliance is a one-size-fits-all undertaking. Security, meanwhile, is custom-built for each enterprise. Compliance starts at the 50,000 foot level and offers some high-level assurances about the overall operation of a system. Security starts on the ground and works its way up to provide due care against the risks most likely to inflict damage upon the enterprise.

You need both.

Ask five knowledgeable people about the future of Meter Data Management (MDM) and you will probably get seven or eight opinions. But they will likely agree on two points:

Pike’s recently published report, Meter Data Management, forecasts that by the end of 2018 there will be about 500 million meters supported with an MDM system, as shown in Chart 1. The increase in MDM-supported meters from 2010 until 2018 represents a compound annual growth rate (CAGR) of approximately 40%.

Those numbers represent a nice market, but come with some caveats.

The vendors with whom we spoke agreed unanimously that MDM software is at an inflection point. Until now the MDM market has been driven by a desire for accurate billing and supporting data collection schemes such as Automated Meter Reading (AMR). While those qualities remain important, the prevailing winds in MDM are blowing toward more efficient operation of utilities. Improvements in capabilities as diverse as grid operations, credit and collections, rate design, and settlements all revolve around a strong MDM.

What remains unresolved is how MDM systems will enable these improvements. We discerned two distinct approaches among the MDM vendors we surveyed:

These two approaches are quite different and we observed among the vendors a roughly 50/50 split between the two. Some vendors offer both. Regardless, the MDM market today is extremely dynamic and in flux. Even vendors who do not yet offer the new crop of analytical and operational capabilities admit that they need to be there, and aim to have them very soon.

Regional issues are key to understanding the MDM market. Different regions of the world focus on different aspects of MDM, such as better audits, operational efficiency, or reducing energy theft. Some regions are rolling out large numbers of meters to first-time locations and simply want to be paid for the energy consumed. In our forecasts, we assume that these regions may have little or no interest at all in MDM for several years.

China deserves a special mention. It has a very large potential installed base, yet there appears to be little MDM activity so far. Moreover, Pike is not convinced that China will ever become an addressable market for today’s MDM vendors. Rather we see a high probability that MDM in China will be supported by an internally developed system. Economically, the number of smart meters in China would justify a custom development. For those reasons, we forecast MDM in China separately from the rest of Asia Pacific, as can be seen in Chart 1 above.

With so much to play for, and so much uncertainty, we believe that success will come to those MDM vendors who execute superbly in several areas:

While we can forecast MDM revenue globally, this much variance makes it challenging to select the vendors who will win. But if you want to place a wager, pick someone that you believe will hit all of the above points.

The European Union (EU) is made up of 27 countries and over 500 million people. Each country (more commonly called “States”) has its own sovereign identity but the governing body of the EU has rights to set limited legislation and broader policy direction for its member States. Initially set up as a trading bloc for the free movement of goods and labor, the EU is now much more.

The EU is increasingly setting far-reaching and far-sighted policy on the environment and sustainable development. Two critical documents have come out since the start of the year. A third is due, which will steer a number of critical decisions made over the next decade.

The headline policy that most people have heard of is the “20/20/20” target. Or, in longhand, the member States of the European Union have committed themselves to reducing greenhouse gas emissions (GHG) by 20%, increasing the share of renewables in the EU’s energy mix to 20%, and achieving the 20% energy efficiency target by 2020. To do this, brains behind the policy have undertaken a lot of “how to” modelling work to see how to get from here to there.

Now 2020 is deemed too close and policy is looking out to 2050. As part of this “A Roadmap for moving to a competitive low carbon economy in 2050” was published in March of this year. The focus of the document is in the title – keeping (or making, depending on your point of view) the EU greener and competitive by 2050. The document is incredibly important, as it doesn’t give clues, but full-blown statements of direction for the development and deployment of policy across the Euro zone over the next decade.

Here are the highlights and implications from the roadmap:

All the buzzwords are here and it is clear they don’t want to annoy any one technology or industry over another, but actual rollout is going to be a lot messier than this neat sentence.

For those interested in reading about the transport section rollout, the EU White Paper on Transport provides a “comprehensive and combined set of measures to increase the sustainability of the transport system.” It caused some strong debate when it came out.

The EU Emissions Trading Scheme (ETS) is thought to be critical in driving a wide range of low carbon technologies into the market.

The implication behind this is that the price of carbon will not only need to be stabilized, but also increased above its current bargain basement price.

The sad part is that if we can make buildings nearly zero-energy now with some investment and political will, why are we waiting until 2021?

So between now and 2050 there is going to be a major investment in R&D for CCS and am sure some fine subsidies for its rollout.

That should cause a dash to these banks.

While this blog has been very cynical, the EU should be congratulated for looking out as far as 2050. We will know much more about the energy portion of this when the Energy 2050 Roadmap is published combined with the White Paper on Transport (which is already out). It should not only give me lots of write about but do what it seems impossible to do in the United States – have a coordinated policy on energy!

At Connectivity Week in Santa Clara, recently, I took part in a series of panel discussions on data center energy efficiency. The discussions covered a wide range of issues from the practicalities of infrastructure optimization to the possible role of data centers in demand response schemes. There was a particular focus on the importance, and also the challenge, of making a closer connection between overall data center efficiency and the effective work being done by IT equipment. A more general theme was the sheer complexity of the changes happening in the data center industry. It seems everything is in flux, from changes in the power grid to the impact of smart devices on IT demand. This is the context in which operational changes like the move to more dynamic management of power and cooling infrastructures and the introduction of virtualization are taking place.

In the midst of these changes, it was a pleasure to hear what some of the leading companies are doing in terms of increasing the energy efficiency and lowering their environmental impact of their data centers. An important point was made about the benefits of sharing good ideas, experience, and best practice. The data center professionals at the event, which included people from Cisco, NetApp, and Sybase/SAP, were generous with the insight they provided on what they are doing in their data centers and the challenges they face. The question was also asked why some data centers are less willing to talk about the specifics of their operation. While commercial sensitivities are often cited, the issues that are being addressed in terms of cooling efficiency, for example, can hardly be seen as business critical. More importantly, lack of transparency makes it harder to assess the real environmental impact of a given data center.

This discussion came back to me as I read the latest Greenpeace report on the environmental performance of the IT industry. In the report, “How Dirty Is Your Data?“, the organization takes a critical look at the environmental impact of the growth in data centers. Greenpeace is largely positive about the role that IT can play in reducing carbon emissions and other forms of environmental damage. It also recognizes the impact of the move to cloud computing on demand patterns and on how the industry operates. However, the report makes the case, that cloud computing will only be as green as the data centers that support it. We have made a similar point regarding how realizing the potential environmental benefits of cloud computing depends on how the model is actually instantiated. One of Greenpeace’s strongest criticisms of current practice is that there is still a tendency among some of the biggest players in the cloud space to build data centers in low-cost energy regions that are largely dependent on coal-powered generators. The organization’s bust-up with Facebook over this issue is well-known, but it points out that other major cloud providers have also shown inconsistency in their location planning for data centers. The irony, of course, is that these decisions are often being made in parallel with much-lauded moves to use more renewable energy in other data centers or to improve the energy efficiency of operations. On the positive side, Greenpeace sees some signs of more considered and transparent strategies for data center location emerging, with Yahoo! cited as a pathfinder in this regard.

However, the strongest point made by the Greenpeace report and the one that connects back to the discussions in Santa Clara, is about the general lack of transparency on these issues. As the report says, “much of the information that would allow us to assess the net benefits of the cloud by measuring the true environmental cost…is missing.” The role of data centers as “the factories of the Technology Revolution” means that we need to develop greater visibility on the choices being made about their energy consumption and their energy sources. Any company has the right to keep its operational data private, but customers, investors, and employees have a right to know how well it is living up to its own ethical claims and how it compares with its competitors on the sustainability of its operations. If cloud computing is to live up to claims of being a greener solution, then we need more open reporting and standard metrics on energy use in data centers to enable an objective assessment of how well providers are performing.