The smart grid revolution: a security challenge?

Opinion by Michelle Lewis

Smart grids are the most significant change in the electrical grid in 100 years.

Smart grids are the most significant change in the electrical grid in 100 years.

These digitally enabled networks show how much electricity a household or business has used in any given time using a smart meter, and can help prompt energy saving among users while improving operational efficiencies for utilities.

Yet they also present one of the biggest new challenges facing the UK's critical infrastructure, as with every smart meter connected to the internet, a potential new point of compromise is created. In the next five to ten years, 100 billion devices and sensors will be added globally, so serious planning now is vital to avoid future issues.

Given the sheer scale of these grids and because they are IP-enabled, there are a number of issues that need to be addressed. Firstly, it is vital to have layers of security built in from the outset. With the threat landscape having evolved to include exploits such as Stuxnet and Duqu worms, vulnerabilities can be exploited to send malicious code into smart grids without the proper defences.

These defences need to be capable of protecting against highly sophisticated, targeted and well-planned attacks born of political pressures or industrial espionage. If not, elements of a country's critical infrastructure could end up in the control of a third party.

In terms of the smart meter itself, it is vital that utilities can ensure only authenticated meters are on their system. This will protect against data or device compromise. Measures need to be taken to remove unauthenticated or tampered meters from the grid while being able to take steps to get meters back up and running quickly.

From a privacy point of view, IP-enabled smart meters generate vast amounts of personal data for utilities to manage. They may send everything from electricity use to billing information and other personal data over the internet, and this personal data needs to be effectively protected by the utility to ensure no vulnerabilities exist which could be compromised for financial or malicious purposes.

Back-end system design to limit when personal data is transmitted is also key. The loss of trust resulting from such a privacy breach could potentially terminate a smart grid project and, more importantly, damage the brand integrity of a utility or its service providers.

In addition to ensuring security, authentication and privacy, the data created by the meters must be efficiently managed. A typical smart grid comprises ten million smart meter endpoints for a single utility, handling in the region of 28 petabytes. All this has to be backed up while ensuring that auditing and compliance demands are met.

This is further complicated by the fact that many utilities work on a multi-national basis. Each government will have different laws and compliance regulations, meaning each grid needs to meet the demands of multiple legislation.

It's clear that the challenges facing utility companies are considerable, but they are not insurmountable. The key is that any utility embarking on a smart grid project needs to develop a security strategy from the outset to minimise risk. This means that every part of the chain has security built in.

Content such as billing information needs to encrypted; infrastructure such as servers and gateways need to be secured; the network should have security built in; and embedded devices such as communications hubs and meters themselves need to be protected.

But in building a secure system, it is also vital that it remains open and scalable. With utility companies merging or changing ownership, it is important that grids can operate on common standards and best practices to allow easy integration.

The best advice to utilities is to look to others for advice and support. See what non-competitive businesses are doing worldwide and how they are building their smart grids, encourage information sharing to understand best practices and work out the best way to build a system that complies with the best international standards.

Only by taking these steps will utilities be capable of reaping the benefits of smart grids without jeopardising the integrity of their critical infrastructure, their customer relationships, their brand reputation or their revenue.

Michelle Lewis is a smart grid specialist at Symantec


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming Events