Securing the Smart Grid
Sandeep Raina, Senior VP, Cisco India & SAARC
As much as 24% of total electricity produced in India is lost in transmission; if losses due to energy theft are taken into account the total average equals 50%. The resulting revenue depletion is estimated to be 1.2% of the national GDP. According to a Planning Commission report, losses in transmission and distribution in the power sector exceeded Rs 45,000 crore for the fiscal ended March 31, 2010, even as losses in 2010-11 may equal Rs 68,000 crore.
While a 'Smart Grid' solution can prevent these losses and increase efficiency, putting tabs on wastage and improving the existing system is crucial. Planning the distribution networks, even loading of system components, enforcement of reactive power support and regulation services, improving metering efficiency, bill collection and detecting power thefts can help the government achieve its "Power for All" plan by 2012.
As we know it, the smart grid collects and analyzes data about power transmission, distribution, and consumption-in near-real time, provides predictive information and recommendations to utilities, their suppliers, and customers on how best to manage power and promises a more efficient way of supplying and consuming energy. Increased connectivity in the smart grid gives consumers greater ability to control their power consumption and provides grid operators more visibility and control over power supply, its quality, and costs.
However the critical nature of the technology and the services in the smart grid make it a prime target for acts of terrorism and vandalism. Therefore an intrinsic security strategy is required to safeguard this infrastructure. Such a vision must include sound design for proactive security and resilience in the event of a security breach.
Unique security challenges
The smart grid presents unique security challenges. They include:
Scale: Since the communications infrastructure necessary to support the smart grid is huge, securing such a network presents challenges of segmentation, identity management for multiple entities, management of keys for data integrity and confidentiality, and requires integrating multiple wired and wireless communications mechanisms.
Legacy devices: Many devices in the smart grid have service lives measured in decades. Therefore any attempt to design security must enable integration of legacy systems and provide a long-term migration strategy to smarter devices.
Field locations: The power grid contains millions of field devices, such as meters, transformers, and switches. While their physical security is an important design consideration, their potential vulnerability requires that network security design does not rely on them for grid integrity.
Being in the early phase of smart grid implementation vendors today are deploying security controls using a variety of standard and proprietary mechanisms. Governments and industry bodies are working to create and update security regulations and standards which will continue to evolve as smart grid technology develops.
Securing the Smart Grid
To achieve the level of interoperability and security needed for the smart grid, its data communications network architecture must be built using standard protocols like the Internet Protocol (IP). As utilities plan for a long-term transition to the smart grid, devices that have serial interfaces can be adapted to integrate into a larger IP-based communications network with proper authorization and protocol management.
Employing a zone based model helps utilities manage different parts of the grid, and provide protection that is independent of topology or network transport. These zones can be categorized as customer operations, corporate, telemetry and control systems. Each zone is comprised of field devices, systems, transmission media, and data centers which serve the specific operational functions of that zone; and implement a basic set of security features common to all zones and those specific to that zone.
The customer operations security zone contains devices and processes that extend energy management to customers. It defines policies and procedures for customer energy management, demand response, load shedding, and automated meter reading. Included here are smart meters, customer portals, and response systems that collect and process customer data. To provide security, access to home systems and the data gathered by them must be limited to authorized people and devices. Customer energy management systems must ensure integrity of command and meter data, authenticate devices, and protect the grid from compromised devices.
The corporate security zone includes all of the features and functions of the customer operations security zone plus security for IT functions vital to a business, such as email, internet, telephony, messaging, and a wide variety of corporate applications. To meet these requirements, consistent security policies must be applied across the entire product line in the smart grid.
The telemetry and control systems security zone defines the processes used to manage the routing of energy from the generation plant to the consumer. It contains data centers involved in the generation, transmission, and distribution of energy, along with intelligent end devices to control energy flow and ensure grid reliability. Information collected and processed here supports equipment maintenance, troubleshooting, load capacity, and power re-routing in the event of outages.
To protect the integrity of telemetry data and control, utilities must ensure technician and device authentication, computer health verification, correlation of alarm data with other sensors to prevent false positives, regulatory compliance and enable forensic analysis. Data encryption, intrusion detection and prevention and secure sharing of information between various data centers are critical.
As organizations make the transformation to smart grids, they need a foundation of converged IP networks, proven security principles, industry-leading networking equipment and software with integrated security capabilities to build end-to-end, secure grids. The maturity, reliability, and success of these products and services can shorten the learning curve for grid operators and allow energy companies to evolve operations to meet new standards and regulations.