Securing the Smart Grid

Normally, the last thing I'd advocate is another government agency. But in the case of the smart grid, it might not be a bad idea.

The Massachusetts Institute of Technology recently concluded that the mishmash of agencies overseeing the security of the smart grid is ill equipped to handle a cyberattack. According to a Reuters article, MIT recommended that a single federal agency deal with the threat of cyberattacks on the national grid. This agency would work with the industry and have the regulatory authority to enhance cybersecurity preparedness, response, and recovery. According to the article:

While acknowledging there is no absolute insurance against such attacks, the MIT researchers said a single U.S. agency would be better able to address the problem than the disparate federal, state, and local entities responsible for various aspects of safeguarding the power grid.

Problems with managing the grid were highlighted by a rare October snowstorm that swept across the Northeast. In some states, residents were without power for up to 11 days, because repair efforts weren't properly coordinated. Crews dispatched from outside the Northeast sat idle while they waited for the OK to get to work. Some crews answered to their employers, some to the state, and others to a union. No single organization coordinated the efforts, and the results were a nightmare.

Until recently, I had a hard time imagining why anyone would try to hack into a utility. The fact is that outages in one part of the country have a far-reaching effect. Planes in California are grounded because of outages in Atlanta. Hackers aren't targeting individuals. They are targeting systems. If weather can wreak such havoc, imagine what a coordinated attack would feel like.

Other MIT recommendations cited by Reuters include:

  • Utilities with advanced metering technology should start the transition to customer prices that reflect the time-varying costs of supplying power, to improve the grid's efficiency and make rates lower.
  • The electric power industry should fund research and development in computational tools for bulk power systems, methods for wide-area transmission planning, procedures for responding to cyberattacks, and models of consumer response to real-time pricing.
  • To improve decision-making, more detailed data about the bulk power system, results from “smart grid” demonstration projects, and other measures of utility cost and performance should be compiled and shared.
  • Cybersecurity fears reach far beyond the grid, of course — any system can get hacked. But utilities might be vulnerable because of the market they serve. Homeowners aren't worried about their utilities being hacked. But maybe they should be.

    12 comments on “Securing the Smart Grid

    1. DataCrunch
      December 5, 2011

      Utilities with advanced metering technology should start the transition to customer prices that reflect the time-varying costs of supplying power, to improve the grid's efficiency and make rates lower.

      This is a very interesting point and something that should be investigated further.

    2. Clairvoyant
      December 5, 2011

      Very interesting article. It is easy to see how un-organized repair efforts and prevention efforts can be if there is not good communication between all the different levels and branches taking care of the Smart Grid. Having one overall organization to handle this would be much more efficient and quick responding.

    3. SunitaT
      December 6, 2011

      @Barbara,  thanks for the post. I think government should install backup powersupplies at all critical places. One such alternative powersupply device is – bloom box. The technology is a square box made of fuel cells that can fit right in the palm of your hand but can also power your entire house. According to  he founder and CEO of Bloom Energy, a single cell (one 100 × 100 mm metal alloy plate between two ceramic layers) generates 25 watts, enough to light a lightbulb.

    4. Taimoor Zubar
      December 6, 2011

      I am not sure if I completely understand this point. Aren't utilities like electricity already being charged on variable basis? If so, what impact would this change have?

    5. Jay_Bond
      December 6, 2011

      I am normally like you Barbara; I would rather not see more government agencies set up for many reasons. However I do think there needs to be a agency in place that can help coordinate and control the countries grid. After the massive blackout in the early 2000's that took out power from Michigan to New York or the various blizzards, everybody needs to be on the same page. After seeing some of the chaos caused by storms, it would be total pandemonium if there was a coordinated super hack.

    6. Anna Young
      December 6, 2011

       “The Massachusetts Institute of Technology recently concluded that the mishmash of agencies overseeing the security of the smart grid is ill equipped to handle a cyberattack”.

      I do agree with the Massachusetts Institute of Technology findings too. If the current agencies are ill equipped to handle a cyber attack or unable to deal with recent act of God that affected some parts of the states in America then a government or some sort of agency is needed to oversee and ensure the delivery and services of a proper workable smart grid.

    7. Barbara Jorgensen
      December 6, 2011

      Thanks for the feedback, readers! I've been mulling this over, trying to figure out how it might work. One thing that comes to mind is the Department of Energy be given oversight in the event of a cyberattack. That means the DOE and the various utilities have to cooperate upfront to get their systems in sync and they must agree on a common protocol. I think one of the barriers here is the mix of public and private ownership of ultilites we have here in the US. Even though a utility is regulated, it doesn't mean that a state or federal government can mandate how a utility runs its business. A cooperative effort on behalf of the government and utilities would be much more effective.

    8. Eldredge
      December 6, 2011

      Certainly security of the smart grid is a great concern. Impacts of a hacking incident would be far reaching.

    9. Ariella
      December 6, 2011

      Yes, it seems that a smart grid would need extra security. But even the standard power grid we have in place now can be improved. Though my own area was not really affected, some people in northern NY, NJ, and CT were without power for a whole week after the snowfall in October. There really should be a way to move things along faster with better backup, planning, and reaction times.

    10. prabhakar_deosthali
      December 7, 2011



      I am quite curious to know about this Bloom Box. How does it stand in terms of pricing and running cost. It could become a viable alternative for grid power in remote villages and small towns in India.

    11. mfbertozzi
      December 9, 2011

      Good point p_d, I am wondering also how that application could run, for example, in case Govs would decide to implement public safety services for preventing natural disasters as hearthquake or dramatical flooding. It is an aspect not mentioned till now within posts delivered, but I am convinced smart grid could help a lot in.

    12. Cryptoman
      December 16, 2011

      For a hacker to attack a system he/she must have an incentive. That incentive may be financial gain or the pure thrill of being the first to crack a system. In the case of the smart grid, besides the obvious incentive of causing widespread chaos, another strong incentive for an attacker is making money. In the smart grid, households will be able to sell energy to the grid besides using it. This energy will be harvested in a house using solar panels, wind power and in some cases wave motion. (There 's a great video that illustrates how this is done here for the interested readers.)

      Imagine a scenario where the meter ID of a house selling energy to the grid is stolen by an attacker to use in his/her utility meter at home. That way the attacker would be able to pocket the money that belongs to the victimised home owner.

      In order to avoid such attacks, besides providing local security measures on the smart meters, a global security framework is required. This security measure should be centralised and controlled by a trusted and powerful body in order to be effective. Therefore, I cannot think of an alternative means of providing this security framework other than by a govenrment agency.

    Leave a Reply

    This site uses Akismet to reduce spam. Learn how your comment data is processed.