by Brianna Crandall — April 30, 2012—nCircle, provider of information risk and security performance management solutions, recently released the results of a survey conducted online between March 12 and March 31, 2012 concerning various aspects of the smart power grid and its vulnerabilities. The survey garnered responses from 104 energy security professionals and was sponsored by nCircle and EnergySec, a public-private partnership funded by the U.S. Department of Energy (DOE) that works to enhance the cyber security of the electric infrastructure.
-
When asked “Do smart meter installations have sufficient security controls to protect against false data injection?” 61% said “no.”
nCircle notes that the analysis of smart meter measurements and power system models that estimate the state of the power grid are a routine part of system monitoring, and that false data injection attacks are an example of technology advancing faster than security controls. The company adds that we need to make sure that all systems that process usage data assure data integrity.
-
When asked, “Has the hype around privacy issues associated with smart meter consumer data been overblown?” 53% said “yes” and 47% said “no”.
“Smart Grid meter privacy is still a new area,” said Patrick Miller, CEO of EnergySec. “State regulations are inconsistent, and sensitive customer details in smart grid data vary from utility to utility. I expect to the smart grid industry to struggle with several challenges around who ultimately ‘owns’ customer data. There are several grey areas that impact how smart grid customer data will be used as the industry attempts to maximize revenue potential. Even seemingly innocuous customer data has significant value — just ask Facebook or Google.”
Elizabeth Ireland, vice president of marketing for nCircle, said she was encouraged to see this discussion happening before any significant security breach of smart meter consumer data has taken place, “when additional protection for smart grid customers can still be implemented.”
-
Highlights of a related question indicate that 75% of energy security professionals believe smart grid security has not been adequately addressed in smart grid deployment, and 72% believe smart grid security standards aren’t moving fast enough to keep up with deployment.
“Security has been addressed to varying degrees in many smart grid deployments, however it is going to be a challenge to keep pace with the constantly changing security landscape,” said Patrick Miller. “The analog and mechanical devices installed in most utilities were designed for a very different maintenance model than newer digital equipment being designed and installed today.”
-
When asked, “What part of the smart grid infrastructure is most vulnerable to cyber attack?” 29% said “smart meters,” 41% said “metering infrastructure including transport,” 20% said “utility energy management systems,” and 10% said “energy management, such as phasor measurement units.”
According to Patrick Miller, “The enormous range of technology in the smart grid presents many points of potential vulnerability, and we are moving at the speed of light to insert even more technology ‘shims’ into the existing network structures of the smart grid. This ever-increasing rate of complexity and hyper-embedded technology will be very difficult to secure.”
- When asked, “Should regulatory oversight for smart grid distribution be transitioned to the Federal government?” 40% said “yes” and 60% said “no”.
According to Patrick Miller, “The modernized grid encompasses new digital components all the way from the toaster to the turbine. It spans local, state and federal regulatory lines. In an environment where innovation is paramount, a federal one-size-fits-all approach may significantly slow down progress. On the other hand, potential inconsistencies in regulatory approaches may introduce complexity and risk smart grid landscape. Either model, whether state or federally regulated, comes with pros and cons. I see the regulatory oversight of the smart grid as one of our biggest challenges with the least obvious solution.”
Elizabeth Ireland said that the division of opinion at least partly reflects fundamental political beliefs on the role of government. “The majority of energy security professionals believe the energy industry will police itself.”
For more information, visit the nCircle Web site. Since the site does not accept live links from FMLink, you will need to copy and paste this link for the home page: http://www.ncircle.com/, and this one for the survey page: http://www.ncircle.com/index.php?s=resources_surveys_Survey-SmartGrid-2012.
