Navigant Research Blog

Speculation Over Smart Home Technology

— January 18, 2018

Over the holidays, I received my first personal assistant. Her name is Alexa, and despite the latest hype and commercial appeal, my virtual assistant remains in her box, lifeless and unused. I have reservations about engaging with a smart device that was programmed to listen, track, and record my personal habits in the privacy of my own home. According to recent consumer reports, these misgivings are common. In fact, over a third of Americans are uncomfortable using smart technology as privacy policies fail to address ongoing security issues. For some users, the convenience of voice-controlled devices, like the Amazon Echo and Google Home, is shadowed by security concerns. Data leaks and recent reports of hackers gaining access to home devices and speakers have not helped matters, begging the question, what do consumers stand to gain from smart home technology?

An Ecosystem of Connectivity

For starters, the ease of access to information and remote-control capabilities of home appliances have helped users save a lot of time and money. Energy efficient solutions like smart thermostats and internet-connected lights paired with other smart devices have helped consumers reduce monthly energy bills. Products like Amazon Echo act as a smart home platform for connecting various Internet of Things-enabled devices, like security cameras and remote-controlled cooking gadgets. Consumers already using some of these devices are more likely to install additional ones as they discover new tasks for machines to handle. Throw in the added convenience of a voice-activated assistant and the benefits of connected home technology start to become more convincing for even the biggest skeptic. Yet the real risk of hackers taking advantage of these features remains as the growing transfer of control from homeowners to smart devices is left unprotected.

A Silver Lining

Despite ongoing security concerns, smart technology offers consumers the opportunity to lead more efficient lives. Yet for users to reap the full benefits of these devices, privacy and security concerns must be addressed. Doing so attracts long-term buyers, securing data and customers in one fell swoop. Since innovation leads regulation, privacy policies for this technology will require continuous revitalizing. Proposals like the European Union’s cybersecurity certification framework represent steps legislators are taking to confront these issues. Vendors can also play a role by being more transparent about their offerings and educating consumers on where risks lie and how best to avoid them. Understanding how the tech works and where faults exist may convince hesitant consumers, like myself, to give it a go and take advantage of what these smart devices have to offer. For more information about smart home technology, check out Navigant Research’s Digital Assistants and AI in the Home.


Amazon’s Key Service Echoes Growing Concerns Over Privacy and Security

— January 2, 2018

Amazon’s latest service innovation has raised questions about how far the boundaries of technology can be pushed to make consumers’ lives more convenient. The Amazon Key delivery service, along with the Amazon Cloud Cam and a compatible smart lock, allow users to grant access for in-home deliveries. The service solves issues around package theft and customer availability to receive a package. It works by sending the user a 4-hour window on the day of delivery and confirming the assigned courier is at the correct address at the intended time by scanning the package barcode. When the package is scanned, the user receives a notification of the imminent delivery, the Cloud Cam is activated, the door unlocks, and the user can watch the delivery in real-time or check back later to ensure the delivery went well. The service was made available in 37 cities for tens of millions of items in November 2017. This sounds simple and straightforward, but media and industry specialists are scrutinizing the limits this service approaches by letting strangers into people’s homes. And to be fair, there are already issues with it, including a flaw that allows couriers to disable the security camera and door lock (which Amazon has promised it will fix).

Can Security Solutions Tamper Concerns?  

This new service is one among many offerings in the residential sector that emphasizes growing concerns over consumer privacy and security. From the common belief that our beloved social media sites are spying on users to publicized hacks of big name brands resulting in leaked personal data, consumers are increasingly wary as technology becomes a more intimate part of their lives. Stakeholders across the value chain recognize the need to implement more robust security solutions, and new regulations that aim to protect consumer data are emerging, such as the General Data Protection Regulation (GDPR). But for many, cybersecurity is only starting to become a priority, and companies are still figuring out how to deal with growing threats.

Threats of Scale

Data privacy and security become especially complex in the consumer electronics world because the home is a sanctuary and should be private and secure. At the same time, the hacking of a Wi-Fi router has much lower stakes than the hacking of a power plant and can be considered less of a priority for investment in security. Manufacturers promise data privacy and secure devices, but customer sentiment does not always resonate with these assurances. There is also the question of responsibility and whether the manufacturer, chip provider, wireless protocol alliance, or the consumer should be held responsible for security and data privacy. Consumers want to partake in social media, adopt smart home devices, and lead more convenient lives, but don’t want to feel like they are being watched, listened to, or followed, and they don’t always understand the risks associated with using technologies (such as the collection and sales of personal data).

Convenience vs. Safety

Privacy and security are increasingly affecting consumers at home. Residential customers are skeptical of technologies that have the potential to compromise privacy and security, which is affecting market growth. In order to progress the Internet of Things in the home, it is important for stakeholders in the residential space to be transparent with users about the measures they take to ensure the security of devices, software, services, and data privacy.


High Stakes Blockchain Applications Are a New Frontier for Cybersecurity

— November 30, 2017

Blockchain-Based Systems Are Only as Strong as Their Weakest Link

On November 16, the US Patent and Trademark Office released a patent filed by Nasdaq that describes a blockchain-based architecture that could be used to track the ownership and transaction of stock market assets.

Nasdaq is part of a wave of big name organizations globally—including banks, utilities, and the Pentagon—that have announced plans to experiment with blockchain to determine whether it can help their organizations run more smoothly, efficiently, and securely.

As the hype train charges onward and expectations skyrocket, there is a real risk that in the rush to generate solutions to increasingly complex high stakes problems, adopters will forget that simply adding blockchain doesn’t make a system bulletproof. Before integrating blockchain into keystone systems like stock exchanges or electricity grid operations, it’s important to understand where blockchain brings security to a system, where it doesn’t, and how it interacts with other pieces of the puzzle.

Blockchains Are Built on Security and Cryptography Principles

Blockchain architectures are considered a robust and highly secure means of storing information for several reasons:

  • The blockchain is stored across a decentralized and distributed network of many computers, creating a redundant record with no single point of failure.
  • Network nodes use a resource-intensive cryptographic process to reach majority consensus on the chronology and validity of transactions between nodes.
  • The full record of information stored on the blockchain is auditable by any node in the network.

In combination, these properties make the blockchain ledger itself resilient to attacks. Indeed, despite soaring valuation that provides a $140 billion incentive for hackers, the underlying architecture of Bitcoin has never been broken.

Determined Hackers Will Work Around Unbreakable Cryptography

Rather than attacking the blockchain itself, hackers have repeatedly exploited weakness in the hardware and software components of the system—the personal computers and devices that make up the nodes of the network and the software applications that enable autonomous transfers and digital contracts. It’s the cryptographic analog of identity theft: a thief doesn’t need to smash their way into a bank vault if they can clone your credit card.

White hat hackers used exactly this principle to gain irreversible control of users’ Bitcoin wallets by exploiting a hole in cellular text messaging protocols. A hacker famously exploited errors in an Ethereum smart contract to steal $31 million  from early backers of a startup. The blockchain preserves an immutable open record of the thefts for all to see, but it also makes them irreversible.

Planning Ahead

The electricity system is a frequent target of cyber attacks backed by powerful antagonists. To date, no blockchain architecture has yet been subjected to a stress test of the magnitude we might expect if it were supporting, say, the automated demand response capabilities of a microgrid in an urban financial district. Potential applications in these systems are among the most transformative opportunities for blockchain, but will also be among the most prone to cyber attack and the hardest to field test at scale.

Until a set of comprehensive security standards for blockchain-based systems is developed, Nasdaq and any organizations seeking to adopt blockchain-based solutions must recognize that blockchain does not inherently provide end-to-end security. For blockchain to be part of the solution requires thoughtful implementation and proactive design that maximizes security at the ends of the chain. Every link of the system must be evaluated for security and potential vulnerabilities, and adopters should be especially cautious about entrusting critical systems to the technology.


Cybersecurity Threats Mount, but Overall Picture Not So Bleak

— November 16, 2017

Cybersecurity threats keep mounting against the grid, corporations, and individuals. The known attacks and security holes revealed in the past year are real and cause for serious concern. The whole picture, however, might not be as bleak as it first appears if utilities focus on getting ahead of cybersecurity threats. The good guys are in this fight and they have solid tools to keep us safe. Among grid-related threats, at least three incidents stand out as examples of how grim the situation could become if utilities do not proactively address cyber attacks.

It was revealed in August that a foreign power had compromised the state-owned Irish power grid company EirGrid, according to a report by Ireland’s Independent newspaper. When the hack was first discovered, experts said the breach occurred more than 2 months beforehand. At the time, the newspaper’s sources said it was still unknown if any malicious software had made its way into EirGrid’s control systems. Though it is unclear which foreign power was involved, the hackers used Internet Protocol (IP) addresses sourced from Ghana and Bulgaria.

In July, US officials revealed that hackers had penetrated computer networks of companies operating nuclear power stations, other energy facilities, and manufacturing plants. Wolf Creek Nuclear Operating Corp.’s power plant near Burlington, Kansas is one of the nuclear facilities specifically named. The nefarious activity caused the US Department of Homeland Security and the US Federal Bureau of Investigation to issue an amber warning, which is the second-highest rating level. It turns out the hackers were unable to hop from victims’ computers into control systems, and officials said there was no sign of a threat to public safety.

In mid-October, millions of people found out that nearly all Wi-Fi devices were at risk of hijack and eavesdropping because of a bug known as KRACK that exposes a flaw in the common security protocol WPA2. If exploited, a hacker could use a skeleton key to access any WPA2 network without a password. Patches for thwarting the threat have been made available from some vendors, while others are still pending.

Grid Cybersecurity

So, how high are the overall risks? Potentially rather high, but perhaps not as high as one might think for the grid in particular. According to Philip Propes, chief security information officer for the Tennessee Valley Authority (TVA), the situation is not doom and gloom in the electric utility sector. During a recent webinar, he said officials in the utility industry are well aware of cybersecurity issues and many have taken appropriate steps. In TVA’s own case, he says his team is moving from a reactive approach to a proactive approach around security and getting ahead of attacks before an event occurs.

Furthermore, private experts and researchers at the US Department of Energy’s national labs are working on new methods to reduce the threat from cyber attacks. One project at Oak Ridge National Laboratory would set up a private communications and control system for the grid, called darknet, that would operate separately from the public internet. Also, the use of quantum encryption capabilities could add enhanced security for the grid.

Cybersecurity risks should not be taken lightly, but there is no reason to panic. There is a growing sense of urgency among experts and officials to collaborate on robust solutions and progress is being made quietly, despite the mounting threats. For a more in-depth look at how utilities are responding to these threats, check out Navigant Research’s Cybersecurity for the Digital Utility report, written by my colleague Michael Kelly.


Blog Articles

Most Recent

By Date


Clean Transportation, Digital Utility Strategies, Electric Vehicles, Energy Technologies, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Transportation Efficiencies, Utility Transformations

By Author