Smart Grid and cyber security
The first question that comes up with any discussion of the Smart Grid is what is it? I know of no single definition. The one aspect I believe that applies to any definition of the Smart Grid is two-way communications with consequent cyber security considerations. Most often, the Smart Grid is composed of the electric distribution system and customers. Many people equate Automated Metering Infrastructure (AMI) as being the Smart Grid, but that is just the metering aspect. There has been a significant amount of work to secure the meter to the back office collection point. However, another significant part of the Smart Grid is Distribution Automation (DA) which incorporates distribution SCADA and the electric distribution infrastructure where cyber security is questionable at best. There several presentations at Distributech 2009 in San Diego this week that reflect these issues. One utility will show “the technical and practical value of using remote set-point control to bring added value to DA”. Another utility will present details on a project to automate portions of sub-transmission and distribution feeders. There are numerous concerns over the depth of coverage of security in these systems especially when vendors are supplying equipment that use cyber vulnerable technologies such as blue-tooth. From a regulatory perspective, there is an interesting twist - the NERC CIPs provide cyber security requirements for the bulk electric system which explicitly excludes electric distribution while there are no regulatory security requirements for the electric distribution system.
At the October Control System Cyber Security Conference, we will discuss the control system cyber security issues that are integral to the Smart Grid.