Navigant Research Blog

Under Pressure, Utilities Look to Self-Healing Grids

— January 7, 2014

The weekend before Christmas, one of my longtime neighbors cornered me and posed a number of questions regarding the impact of distributed renewables on the reliability of the local electric distribution grid.  The conversation suggested that utility customers are increasingly concerned with grid reliability issues, driven by media coverage of global climate change, natural disasters, presidential speeches, and financial investment.  In fact, the technologies and the breadth of the self-healing grid continue to change, as they have over the past 20 years or so.

Whether caused by global climate change or regional mega storms, the winter storm damage and outages across New England, as well as major damage to the transmission and distribution grid in New Jersey and New York due to Tropical Cyclone Sandy, have accelerated public awareness that the power grid could go down for days.  Suddenly, the need for a resilient, self-healing grid has become urgent.  And lurking in the background is the question of how capital-intensive grid improvements will be funded in this post-stimulus grant era.

Hardware to Software

In New Jersey, the damage to the grid was so extensive that PSE&G, the state’s largest publicly owned utility, said it will request rate case funding for the Energy Strong program, a 10-year, $3.9 billion proposal to protect and rebuild utility transmission and distribution systems.  In New England during November 2013, ISO New England released its Regional System Plan, which includes a wide range of transmission and distribution grid improvements that will be rate-based in future years.

A recent study on cleantech investment trends indicated that early- and mid-stage VC investments have moved away from smart grid equipment and smart metering to focus on the devices and analytics software necessary for resilient, self-healing grid systems – not only for transmission and distribution, but also for integrating distributed renewables and supporting storage devices at the edge of the grid.  These investments will ultimately take full advantage of new developments in big data analytics and the huge volume of information that will become available on the Internet of Things.

When the president of the United States talks about the self-healing grid in his 2013 State of the Union address and a widely followed investment website like The Motley Fool points to self-healing grids as a “Big Smart-Grid Investment Idea for 2014,” maybe it’s time to take a closer look.  Upcoming reports from Navigant Research will examine many of these technologies in 2014 ‑ including my next report, Flexible AC Transmission Systems.


Smart Grid Cyber Security Moves From Hype to Hard Work

— December 6, 2013

Smart grid cyber security gets a lot less hype than it did 2 years ago – and that’s a good thing.  The reason for less hype: people have stopped talking so much about it and actually started doing something about it.  Securing a smart grid is incredibly difficult work, as this blog has noted many times.  Not only are we dealing with perhaps the most critical of critical infrastructures, but some of the devices to secure are decades old with decades of service life remaining.  It’s not for the faint of heart.

The people who are talking about smart grid cyber security nowadays are the people who are actually securing the grids.  The people in the trenches.  So it’s no surprise that conferences full of security vendors with solutions for the world’s ills are fewer and farther between.

As evidence, the IEEE SmartGridComm conference in Vancouver included a full afternoon workshop on smart grid cyber security.  The speakers embodied the progression from hype to hard work in utility cyber security:

The panel was chaired by Dr. Hassan Farhangi, director of research at the British Columbia Institute of Technology.  The presentations progressed from utility business drivers down to extremely technical talks on hacking smart grids inexpensively, and then back out to cyber incident response.

The heart of my talk was observations on the current state of cyber security in utilities.  In a nutshell:  there is good technology to protect control networks, but it is rarely deployed as an integrated whole.  There are few legal requirements driving cyber security – cyber security at any given utility is only good if the executives want it to be.

Cheap & Dangerous

I had hoped that my comments would be scary enough to grab the audience’s attention for the rest of the afternoon session.  Turns out, I was the optimist of the bunch.

Justin Clarke was his usual entertaining and frightening self.  To be fair, he’s entertaining; it’s his comments that are frightening.  He displayed some easily available tools for attacking smart grids.  An inexpensive device to hack smart meter optical maintenance ports even qualifies for free shipping with Amazon Prime.  He displayed a $120 open-source Bluetooth monitoring and developing platform – in other words, a hacking tool.  Bluetooth appears increasingly in control devices such as reclosers, so that lineworkers don’t have to physically access those devices during a thunderstorm.  That is a fantastic safety advance, but if Bluetooth is not properly secured, then the price to compromise that recloser is $120.

Patrick Miller reminded us that attackers have three things that cyber security departments rarely have: time, people, and money.  The more creative attacks against control networks – Stuxnet, Duqu, Night Dragon – were clearly the work of organizations with effectively limitless resources.  Contrast that with day-to-day fights for spending budgets that is the life of a chief security officer.

Finally, Frank Turbide discussed the activities of the CCIRC.  Incidents run from sophisticated denial-of-service attacks to poor implementations that have control devices linked directly to the Internet.  The CCIRC issues alerts on current threats and vulnerabilities to its member organizations, of which the most common are malware and phishing attacks.  During the past 3 months, energy and utilities have been the second-most attacked industry after telecommunications.

There are still lots of attackers out there, and useful attack tools are dropping quickly in price.  And yet, there are good guys looking at more efficient and thorough ways to protect a control network.  There is still hope for protecting our control networks, so let us remain vigilant but optimistic.


Smart Grid Vendors Embrace Life in the Big City

— December 2, 2013

Smart meter manufacturer Itron and smart grid networking provider Silver Spring Networks (SSN) have both recently embraced new smart city initiatives, becoming the latest vendors to focus attention on a market that is expected to grow to $20.2 billion by 2020, according to Navigant Research’s Smart Cities report.

Itron has joined Microsoft’s CityNext effort, which aims to encourage cities around the world to chart a new future where technology combines with creative ideas to do “new with less.”  The lofty ambitions of CityNext include bringing municipal governments, citizens, and businesses together to build more efficient and sustainable urban areas and do so at lower costs.  Itron’s focus will be on the intersection of energy and water – the nexus, as it’s known – where the company’s technology can be brought to bear to help cities better manage these two vital resources.

City of Light

Silver Spring announced a new network-as-a-service (NaaS) product as part of its smart city solution.  The new service offering aims to help cities avoid upfront capital and deployment costs, and it can become a foundation for adding new smart city applications over time.  The company says its smart city solution helps cities meet some of the key challenges they face in four areas: environmental sustainability, transportation management, health and safety, and economic growth.  The company notes that both Paris, France, and Copenhagen, Denmark, have chosen SSN for projects.  For Paris, the company is providing a new street lighting and traffic control program as the city attempts to cut public lighting consumption by 30% during the next 10 years.  Copenhagen chose the company to deploy a citywide network for connecting 20,000 street lights, which can be leveraged for future smart city services.

Both Itron and SSN join a long list of other smart city technology vendors targeting this market, including Cisco, IBM, Schneider Electric, and Siemens, among others.  (See the Navigant Research Leaderboard Report: Smart City Suppliers for our ranking of this group of companies).

With these initiatives, Itron and SSN are looking to broaden their reach beyond the U.S. market for smart metering and networking, which has peaked for now with the winding down of federal stimulus money.  Different opportunities lie elsewhere, and often the need is for solutions that solve urban problems not often found in the United States.  For instance, Itron is supplying new advanced water meters to areas of New Delhi, India,  in a project aimed at providing a continuous water supply where, before, water was only available for several hours each day.  In China, Itron has supplied smart water, heat, and gas meters, along with networking gear, for the Sino-Singapore Tianjin Eco-City – a city built with efficiency and sustainability squarely in mind.  We can expect to see more of these types of city-centric and integrated solutions in coming years.


Among Executives, Fears of Cyber Crime Rise

— August 23, 2013

According to Vito Corleone, “A lawyer with his briefcase can steal more than a hundred men with guns.”  That was 1972.  One can only wonder what he would make of today’s cyber thieves.

The recent Lloyd’s 2013 Risk Index makes it likely that Don Corleone would be right in the middle of the action.  To quote the introduction to this third biennial edition, “The findings are based on a global survey of 588 C-suite and board level executives conducted by Ipsos MORI for Lloyd’s during April and May 2013.”  The report summarizes priority and preparedness within each respondent company for a number of business risks.

Strikingly, cyber risk has risen from #20 in the original 2009 risk index, to #12 in the 2011 report, to #3 in the current report.  If this were the Billboard Hot 100, cyber risk would have a bullet.  The only corporate risks given higher priority than cyber risk are high taxation and loss of customers.  Respondents view cyber risk as more pressing than inflation, cost of credit, excessive regulation, and far more pressing than risks such as fraud, protectionism, or strikes.

The Lloyds study appeared in the same week that The Economist cover story was “The Curious Case of the Fall in Crime”.  As an example, The Economist reported that during 2012 there were only 69 armed robberies of banks, building societies and post offices in all England and Wales.  That amounts to one armed robbery every 5 days, over a population of 56 million.

From this evidence it seems there are fewer criminals, and those that remain have gone online.  Rob a bank?  That’s so last millennium.  Maybe the dearth of traditional criminals is another victim of aging Baby Boomers.  Or is it a predictable outcome of a generation raised on technology?  Regardless, the new criminal is savvy:  Why risk injury or death when you can steal millions from your balcony overlooking the Neva River?

Infrastructure? We Got This

Oddly, in the Lloyd’s survey, critical infrastructure failure comes in at #22 on the executives’ priority list, essentially unchanged from 2011.  Yes, #22 – behind failed investment, reputational risk, and internal oversight failure.  Even worse, the C-suiters rate their preparedness for infrastructure failure much higher than they rate its priority.  In other words, “It’s no big deal; we got this covered.”

Cyber security for utility infrastructure remains weak.  As this blog has often repeated, control systems security has yet to solve some key problems.  Yet in a 2010 presentation, Scott Borg, CEO of the U.S. Cyber Consequences Unit, pointed out that 72% of the U.S. gross domestic product (GDP) is directly dependent upon electric power.  Surely three-fourths of the GDP should rate higher than #22 on our hit list?

I could be an optimist here and be thrilled to see cyber risk at #3 priority.  Or I could be a pessimist and despair to see critical infrastructure failure at #22.  But instead I’ll take Door Number Three:  realist.  Cyber security is a critical element of critical infrastructure protection, so raising the profile of cyber risk is likely raise the profile of infrastructure cyber security over the long run as well.

One huge question remains:  How long is too long?


Blog Articles

Most Recent

By Date


Clean Transportation, Electric Vehicles, Finance & Investing, Policy & Regulation, Renewable Energy, Smart Energy Practice, Smart Energy Program, Smart Transportation Practice, Smart Transportation Program, Utility Innovations

By Author

{"userID":"","pageName":"Smart Grid Infrastructure","path":"\/tag\/smart-grid-infrastructure?page=3","date":"11\/30\/2015"}