The US Power Grid and Cybersecurity

Over time, with new knowledge and awareness about carbon emissions and climate change, we have started to make smarter energy consumption choices worldwide.  Nations are broadening their use of alternative and renewable energy sources and programs such as LEED encourage better building efficiencies.  Here in the US, the electric grid is changing, too.

“Smart grid” technology, as it is called, organizes a nation’s electric grid a manner similar to the way the Internet connects web users.  Instead of providing merely a one-way transmission of electricity from power plants to buildings, smart grids allow for feedback communication, as well.  Information flows back and forth between provider and recipient, and the system automatically tailors itself to improve distribution efficiency.  Real-time energy use can be monitored, power outages can be quickly detected, and consumers can make more informed decisions about their utility consumption.  In theory, smart grids are win-win for pretty much everyone.

With this migration toward a digitalized electric control system, however, we also face a host of new challenges.  One of the main concerns that has raised a number of eyebrows is that of cybersecurity.  A complex, computer-based infrastructure opens the door to new vulnerabilities and access points.  These need to be addressed and adequately protected; otherwise, they could be exploited by ill-willed individuals looking to damage to the US.  Awareness of this security matter has spread significantly over the past few years, and more and more voices are speaking out and calling for action.

Last year, there was a push to pass a bill that would bolster the cybersecurity of some of our key national infrastructures, but it was blocked in Senate.  More recently, President Obama issued an executive order calling for transparency and information sharing between the government and private sectors in order to better protect the country against possible cyber invasions.  The order also makes a request for voluntary submissions of cybersecurity “innovations” that could be widely adopted throughout the energy sector—in particular, those with a smart-grid focus.

As validation for the reality of this threat, consider an incident that took place a few years back.  In 2010, a Chinese graduate student published an article with the journal Safety Science, which outlined how someone with the right knowledge could bring down the entire United States power grid through a cascading failure-based attack.  Though the student was merely releasing an academic paper and had no malicious intent, he did reveal significant weaknesses in our system.  Should someone want to cripple the US through a nation-wide, prolonged blackout, the possibility of his/her success exists.

Reports of cyber attacks on government divisions and national infrastructure are increasing.  The energy sector, in particular, has fallen under fire.  The Department of Homeland Security (DHS) announced that in 2012, our energy systems were the targets of 40% of cyberattacks aimed at “critical infrastructure.”  Additionally, head of DHS Janet Napolitano has warned the country against a “9/11 in the cyber world.”  She has stated that attacks are “increasing in seriousness and sophistication” and a successful one could “paralyze the nation.”

Technologically, the upcoming years will be critical for the US.  We face a host of interconnected challenges, many of which combine energy production, energy distribution, and national security.   As many are realizing, it is imperative for us to tighten up our cyber systems.  With the Internet and digital connectivity playing such a key role in the world today, we have to take extra steps to protect not just our physical systems, but our cyber ones, as well.



Filed under Uncategorized

2 responses to “The US Power Grid and Cybersecurity

  1. hzellner2013

    Really good post! I just wanted to make a comment on the idea that smart grids would lower US electricity consumption. In Dr. Spence’s Energy Policy and Regulation class last fall, he mentioned that some studies have shown that while consumption is reduced in the beginning, smart grid users end up using more electricity (but at non-peak hours, so it’s cheaper). I’ve been searching around for one of these studies, but can’t seem to find them. If anyone has read something about this or remembers, please post it!

  2. Great sources. I was specifically captivated by the section on privacy issues in the article written by the Institute of Electrical and Electronics Engineers (IEEE)- “Smart-Grid Security Issues” [1]. The U.S. had more than 8 million smart meters installed in 2009 [2], reaching more than 33 million in 2011 and accounting for 23% of all U.S. electrical customers [3]. Our up and coming smart grid is not only a target for terrorist attacks, but also for possible third-party surveillance, behavior tracking, identity theft, espionage, and even censorship [4], making “futuristic” movies like “The Net” (1995), “Minority Report,” and “I, Robot” (2004) seem like more of a reality.

    Regions like the Northern District of Illinois have already filed complaints stating “smart-meter installation program violates citizens’ Fourth Amendment right to privacy and freedom from unreasonable searches” [5]. Since there are no federal regulations set in place, resolutions to such complaints will set precedence to the potential development (or lack of) our smart grid. Though California has led U.S. states by addressing regulation of privacy concerns through the California Public Utilities Commission (CPUC) and the National Institute of Standards and Technology (NIST), specifics on how to protect individuals is still unclear. The issue may not be the regulation, but rather the breaching of the data collected by our smart grid[6].

    In 2009, IOAvtive Inc. revealed the ability to inject a worm into the grid that could control critical infrastructures and government agencies [7]. Security measures become even hazier with the potential development of phone applications, Cloud platforms, and other data interfaces. It is possible that consumer misconfiguration can make their system more vulnerable, allowing hackers to “generate bogus usage data or control signals” [8].

    Foreign leaders who are further along the process of smart grid penetration include the European Union and Canada, specifically Italy and Ontario [9]. In 2012, the EU estimated that only 10% of the households were connected to the smart grid and are pushing for an 80% penetration rate by 2020 [10]. The European Commission has recommended that 1) “security features are built into smart metering systems before they are rolled out,” 2) only the bare minimum data is collected, 3) “data should be rendered anonymously” and 4) a data protection impact assessment template should be developed [10]. The European Data Protection Supervisor (EDPS) has criticized that “the Commission has not provided more specific, more comprehensive and practical guidance in the recommendation itself” [11].

    The EDPS, Telecom Italia and Ontario have learned and suggested:

    – Transparent and clear definition of collection and scope of data, including the distinction between technical data and personal data [12, 13];

    – Choice and consent issues, including guidance on the legal grounds for data management (e.g. frequency of meter readings, retention periods, etc.) [11, 13];

    – Direct access, disclosure and ability to modify/remove data for consumers [11, 13];

    – Privacy by design, where the privacy and security issues should be designed from the beginning, before the deployment of any technology [12, 14];

    – Mandatory application of privacy-enhancing technologies (‘PET’s) and other ‘best available techniques’ for data minimization and collection of relevant data only [11, 13];

    – Clear definition and division of roles and responsibilities regarding ownership, possession and access to data, read and change rights, management, accountability, etc. [12, 13]; and

    – Limiting the use of wireless and public Internet as a preventative action [13].

    Understanding the lessons learned from the E.U., Canada, and California, it is apparent that a uniform and standardized measure should be pursued as a means to provide utmost security for our growing smart grid. It seems that federal regulation could provide the legal guidance and rule needed. In the U.S., where personal privacy and state independence is placed on a pedestal and a fine line exists between just enough government involvement and too much government meddling, it is hard to predict the right actions that could be convincing enough to win the support of a great majority of the American people. Nevertheless, the benefits that could be reaped from further developing our smart grid are significant and should be reason enough for us to have greater urgency in resolving these security and privacy issues, not only as a measure against terrorist attacks but also as a means to continue to protect the privacy of individual Americans.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s