Navigant Research Blog

Smart Grid Cyber Security Moves From Hype to Hard Work

— December 6, 2013

Smart grid cyber security gets a lot less hype than it did 2 years ago – and that’s a good thing.  The reason for less hype: people have stopped talking so much about it and actually started doing something about it.  Securing a smart grid is incredibly difficult work, as this blog has noted many times.  Not only are we dealing with perhaps the most critical of critical infrastructures, but some of the devices to secure are decades old with decades of service life remaining.  It’s not for the faint of heart.

The people who are talking about smart grid cyber security nowadays are the people who are actually securing the grids.  The people in the trenches.  So it’s no surprise that conferences full of security vendors with solutions for the world’s ills are fewer and farther between.

As evidence, the IEEE SmartGridComm conference in Vancouver included a full afternoon workshop on smart grid cyber security.  The speakers embodied the progression from hype to hard work in utility cyber security:

The panel was chaired by Dr. Hassan Farhangi, director of research at the British Columbia Institute of Technology.  The presentations progressed from utility business drivers down to extremely technical talks on hacking smart grids inexpensively, and then back out to cyber incident response.

The heart of my talk was observations on the current state of cyber security in utilities.  In a nutshell:  there is good technology to protect control networks, but it is rarely deployed as an integrated whole.  There are few legal requirements driving cyber security – cyber security at any given utility is only good if the executives want it to be.

Cheap & Dangerous

I had hoped that my comments would be scary enough to grab the audience’s attention for the rest of the afternoon session.  Turns out, I was the optimist of the bunch.

Justin Clarke was his usual entertaining and frightening self.  To be fair, he’s entertaining; it’s his comments that are frightening.  He displayed some easily available tools for attacking smart grids.  An inexpensive device to hack smart meter optical maintenance ports even qualifies for free shipping with Amazon Prime.  He displayed a $120 open-source Bluetooth monitoring and developing platform – in other words, a hacking tool.  Bluetooth appears increasingly in control devices such as reclosers, so that lineworkers don’t have to physically access those devices during a thunderstorm.  That is a fantastic safety advance, but if Bluetooth is not properly secured, then the price to compromise that recloser is $120.

Patrick Miller reminded us that attackers have three things that cyber security departments rarely have: time, people, and money.  The more creative attacks against control networks – Stuxnet, Duqu, Night Dragon – were clearly the work of organizations with effectively limitless resources.  Contrast that with day-to-day fights for spending budgets that is the life of a chief security officer.

Finally, Frank Turbide discussed the activities of the CCIRC.  Incidents run from sophisticated denial-of-service attacks to poor implementations that have control devices linked directly to the Internet.  The CCIRC issues alerts on current threats and vulnerabilities to its member organizations, of which the most common are malware and phishing attacks.  During the past 3 months, energy and utilities have been the second-most attacked industry after telecommunications.

There are still lots of attackers out there, and useful attack tools are dropping quickly in price.  And yet, there are good guys looking at more efficient and thorough ways to protect a control network.  There is still hope for protecting our control networks, so let us remain vigilant but optimistic.


Smart Grid Vendors Embrace Life in the Big City

— December 2, 2013

Smart meter manufacturer Itron and smart grid networking provider Silver Spring Networks (SSN) have both recently embraced new smart city initiatives, becoming the latest vendors to focus attention on a market that is expected to grow to $20.2 billion by 2020, according to Navigant Research’s Smart Cities report.

Itron has joined Microsoft’s CityNext effort, which aims to encourage cities around the world to chart a new future where technology combines with creative ideas to do “new with less.”  The lofty ambitions of CityNext include bringing municipal governments, citizens, and businesses together to build more efficient and sustainable urban areas and do so at lower costs.  Itron’s focus will be on the intersection of energy and water – the nexus, as it’s known – where the company’s technology can be brought to bear to help cities better manage these two vital resources.

City of Light

Silver Spring announced a new network-as-a-service (NaaS) product as part of its smart city solution.  The new service offering aims to help cities avoid upfront capital and deployment costs, and it can become a foundation for adding new smart city applications over time.  The company says its smart city solution helps cities meet some of the key challenges they face in four areas: environmental sustainability, transportation management, health and safety, and economic growth.  The company notes that both Paris, France, and Copenhagen, Denmark, have chosen SSN for projects.  For Paris, the company is providing a new street lighting and traffic control program as the city attempts to cut public lighting consumption by 30% during the next 10 years.  Copenhagen chose the company to deploy a citywide network for connecting 20,000 street lights, which can be leveraged for future smart city services.

Both Itron and SSN join a long list of other smart city technology vendors targeting this market, including Cisco, IBM, Schneider Electric, and Siemens, among others.  (See the Navigant Research Leaderboard Report: Smart City Suppliers for our ranking of this group of companies).

With these initiatives, Itron and SSN are looking to broaden their reach beyond the U.S. market for smart metering and networking, which has peaked for now with the winding down of federal stimulus money.  Different opportunities lie elsewhere, and often the need is for solutions that solve urban problems not often found in the United States.  For instance, Itron is supplying new advanced water meters to areas of New Delhi, India,  in a project aimed at providing a continuous water supply where, before, water was only available for several hours each day.  In China, Itron has supplied smart water, heat, and gas meters, along with networking gear, for the Sino-Singapore Tianjin Eco-City – a city built with efficiency and sustainability squarely in mind.  We can expect to see more of these types of city-centric and integrated solutions in coming years.


Among Executives, Fears of Cyber Crime Rise

— August 23, 2013

According to Vito Corleone, “A lawyer with his briefcase can steal more than a hundred men with guns.”  That was 1972.  One can only wonder what he would make of today’s cyber thieves.

The recent Lloyd’s 2013 Risk Index makes it likely that Don Corleone would be right in the middle of the action.  To quote the introduction to this third biennial edition, “The findings are based on a global survey of 588 C-suite and board level executives conducted by Ipsos MORI for Lloyd’s during April and May 2013.”  The report summarizes priority and preparedness within each respondent company for a number of business risks.

Strikingly, cyber risk has risen from #20 in the original 2009 risk index, to #12 in the 2011 report, to #3 in the current report.  If this were the Billboard Hot 100, cyber risk would have a bullet.  The only corporate risks given higher priority than cyber risk are high taxation and loss of customers.  Respondents view cyber risk as more pressing than inflation, cost of credit, excessive regulation, and far more pressing than risks such as fraud, protectionism, or strikes.

The Lloyds study appeared in the same week that The Economist cover story was “The Curious Case of the Fall in Crime”.  As an example, The Economist reported that during 2012 there were only 69 armed robberies of banks, building societies and post offices in all England and Wales.  That amounts to one armed robbery every 5 days, over a population of 56 million.

From this evidence it seems there are fewer criminals, and those that remain have gone online.  Rob a bank?  That’s so last millennium.  Maybe the dearth of traditional criminals is another victim of aging Baby Boomers.  Or is it a predictable outcome of a generation raised on technology?  Regardless, the new criminal is savvy:  Why risk injury or death when you can steal millions from your balcony overlooking the Neva River?

Infrastructure? We Got This

Oddly, in the Lloyd’s survey, critical infrastructure failure comes in at #22 on the executives’ priority list, essentially unchanged from 2011.  Yes, #22 – behind failed investment, reputational risk, and internal oversight failure.  Even worse, the C-suiters rate their preparedness for infrastructure failure much higher than they rate its priority.  In other words, “It’s no big deal; we got this covered.”

Cyber security for utility infrastructure remains weak.  As this blog has often repeated, control systems security has yet to solve some key problems.  Yet in a 2010 presentation, Scott Borg, CEO of the U.S. Cyber Consequences Unit, pointed out that 72% of the U.S. gross domestic product (GDP) is directly dependent upon electric power.  Surely three-fourths of the GDP should rate higher than #22 on our hit list?

I could be an optimist here and be thrilled to see cyber risk at #3 priority.  Or I could be a pessimist and despair to see critical infrastructure failure at #22.  But instead I’ll take Door Number Three:  realist.  Cyber security is a critical element of critical infrastructure protection, so raising the profile of cyber risk is likely raise the profile of infrastructure cyber security over the long run as well.

One huge question remains:  How long is too long?


Great Britain Plan Scuppers Iceland Interconnect

— August 23, 2013

Iceland’s abundant geothermal and hydro resources make it an energy powerhouse. For example, energy-hungry greenhouses can be powered by geothermal energy, producing tomatoes, bananas, and other fruits in a cold climate.  It’s been proposed that Iceland could build out more generating capacity and lay a submarine high voltage direct current (HVDC) transmission line to export clean, low-cost energy to power-hungry cities in Great Britain.

According to Askja Energy, Hörður Arnarson, the CEO of Landsvirkjun (the power company that operates 13 hydropower stations and two geothermal stations across Iceland) said recently that a submarine interconnector to Europe represents “one of the biggest business opportunities Iceland has faced.”  However, Great Britain might take a pass on the opportunity to tap Iceland’s abundant resources.

How About a Datacenter?

On July 12, the U.K. Department of Energy and Climate Change (DECC) published a memorandum that lays out requirements for the geographical location of generating units that can participate in Britain’s Capacity Market.  “It is currently intended to restrict the Capacity Market to units located in Great Britain,” the memo said, “but this is subject to further consideration.”

Evidently the DECC wishes to build out Britain’s own infrastructure of smart grids and renewable generation first. The DECC recently announced plans to roll-out smart meters in 30 million homes. And according to the U.K. government’s Round 3 of offshore wind license announcements, the country aims to have 18 GWs of offshore wind by 2020.

At minimum, this will delay any plans for Iceland to build new generating units and an HVDC interconnector. In the meantime, perhaps Iceland will build more power-hungry datacenters that run efficiently on arctic cooling and cheap, clean energy.


Blog Articles

Most Recent

By Date


Clean Transportation, Electric Vehicles, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Smart Grid Practice, Smart Transportation Practice, Smart Transportation Program, Utility Innovations

By Author

{"userID":"","pageName":"Smart Grid Infrastructure","path":"\/tag\/smart-grid-infrastructure?page=3","date":"3\/29\/2015"}