Having completed research for Navigant Research’s forthcoming report, Smart Grid Communications Security, I’m now into the writing and modeling phase. As you might expect, the topic of IP-based communication came up a lot during the interviews. There is nothing approaching consensus about IP in Smart Grids, and everyone has an opinion. Whenever I’m having trouble getting someone to talk, all I have to do is mention either IP or Linux, and then the floodgates open. Dirty trick, I know, but it works.
So what do people think about IP in smart grids? Well first, let me clarify that I mean all of smart grids. Not only smart metering, but transmission networks, substations, and distribution networks too. There appear to be three schools of thought:
The first school holds that because IP is widely available and well-known, it is a good thing. There are lots of technicians, and plenty of commercial off-the-shelf (COTS) products available to support it. IP’s near ubiquity is a giant leap in the direction of interoperability. I will remind readers at this point that utilities tell me that they want more than interoperability; they want interchangeability. In this view, proprietary protocols merely hinder progress. In the worst case, proprietary protocols become handcuffs, making exit costs so high that utilities may be stuck forever with a given vendor. Having been a product portfolio manager in a past life, I can assure you that this is no accident.
The second school holds that because IP is widely available and well-known, it is a bad thing. Such a widespread installed base means that there are many more people who understand how to attack IP, and many more COTS tools to attack it with – although sourcing those tools can be trickier and will probably land you on some intelligence agencies’ watch lists. Personally I find this viewpoint overly paranoid – and keep in mind, as a cyber security professional, I am paid to be paranoid. It takes an awful lot for me to think of something as too paranoid.
The third school simply holds that IP is widely available and well known, full stop. Therefore, it will eventually become the dominant protocol for all smart grid communications. Whether this is a good thing or a bad thing is irrelevant to these pragmatists. In their view, IP is going to happen, so let’s plan for it, rather than arguing about whether or not it is a good thing.
Me? I’m a pragmatist. Sure, there are complications. Some vendors’ IP implementation is really just their own proprietary protocol riding on top of IP. Securing IP does not provide any application-level security. And very old legacy devices cannot deploy IP, but they may still have 20 years’ service life remaining. There are approaches for that, but none completely satisfactory.
Nevertheless, IP is coming to your smart grid. Count on it. Yes there will be more attackers and a more familiar attack surface. But so what? Stuxnet proved that security-by-obscurity really is a myth. At least with IP as a standard approach, we shall all speak the same language. Surely that’s better than the alternative.
Tags: Energy Management, Smart Grid Communications, Smart Grid Security, Smart Utilities Program
| No Comments »