The other face of Smart Grid

The “smart” electric grid may be just a little too smart. Once a smart meter is attached to a home, it can gather a lot more data than just how much electricity a family uses.

It can tell how many people live in the house, when they get up, when they go to sleep and when they aren’t home.

It can tell how many showers they take and loads of laundry they do. How often they use the microwave. How much television they watch and what kind of TV they watch it on.

Almost 200,000 smart meters are now being installed between Fort Collins and Pueblo, and across the country 52 million smart meters will be installed by 2015, according to a Federal Energy Regulatory Commission estimate.

“This is technology that can pierce the blinds,” said Elias Quinn, author of a smart grid privacy study for the Colorado Public Utilities Commission.

“Insufficient oversight could lead to an unprecedented invasion of consumer privacy,” Quinn warned in his report to the PUC.

Law enforcement, government agencies and corporations, such as Microsoft and Google, already are eyeing all that data.

The transformation of the electric grid into a smart, sophisticated two-way energy and communication system is seen as a way to better manage power and improve efficiency.

The federal government has put up $3.4 billion to help speed smart-grid development.

The technology, however, poses new questions for consumer and privacy advocates, state regulators and federal officials.

How do you protect the information? Who should have access, and what happens if it falls into the wrong hands?

“Privacy and cybersecurity are among the greatest challenges in implementing the smart grid,” said Nick Sinai, energy and environment director at the Federal Communications Commission.

Tackling privacy issues

Federal agencies and some states — including Colorado and California — are now moving to deal with privacy and security risks posed by the smart grid.

The Colorado PUC opened a docket in August to gather comments on whether the state rules governing privacy are sufficient.

The commission is reviewing the testimony to decide whether further action is necessary, said PUC spokesman Terry Bote.

New rules are needed, said Bill Levis, director of the Colorado Office of Consumer Counsel.

“The Fourth Amendment guards against unreasonable search,” Levis said. “. . . But I don’t think the founding fathers could ever have thought of this kind of stuff.”

Sinai said one lesson from the Internet is that it is cheaper and more effective to build in privacy and security protections at the start.

In the meantime, utilities continue to install smart meters. Xcel is installing 23,000 smart meters in Boulder as part of its SmartGridCity pilot, according to company officials.

By the end of this year, all 96,000 Colorado homes and businesses served by Black Hills Energy will have smart meters, with the help of a $6.1 million federal grant.

Fort Collins has plans to install 79,000 smart meters with the help of $18.1 million in federal funds.

Colorado utilities, executives say, have been collecting and protecting customer data for years.

“The level of data we receive with the smart grid may change, but the privacy principle remains very much the same — specific data stays between us and the customer,” said Megan Hertzler, director of data privacy for Xcel Energy.

Still, Xcel is “getting a lot more requests for customer usage information now that it is seen as more desirable,” Hertzler said.

Most of the inquiries are from companies that want the information for marketing. Xcel has not released any of the data, executives said, and declined to name the companies making the requests.

The key differences between the meter on the side of most houses now and the smart meter deal with time and communication.

Meters are currently read once a month; smart meters take readings every 15 minutes. Future models may take readings every six to eight seconds.

And all that information doesn’t wait for a meter reader. It is instantaneously communicated to the utility by fiber-optic cable, broadband or Wi-Fi.

Advertisements

The smart grid flow of data must be protected from hacker’s eyes

Unlike the traditional power grid, a “smart” grid is designed to accommodate a two-way flow of both electricity and data. This creates great promise, including lower energy prices, increased use of renewable resources and, it is hoped, fewer brownouts and blackouts. But a smart grid also poses several potential security problems—networked meter data, power companies’ computers and those of customers could all be vulnerable to tampering.

A smart grid adds a layer of cybersecurity complexity to challenges that already existed with the traditional grid. In the past, a lot of cybersecurity efforts have focused on securing the bulk transmission system—from the utility company’s generating plants to its substations—because those locations are where the worst-case scenario could happen: a large regional blackout, says Don Von Dollen, a program manager at the Electric Power Research Institute (EPRI), a Calif.-based non-profit research center. The bulk transmission system remains the top security priority, but with the dawn of the smart grid, power companies now have to think more about protecting the network connections they have with individual customers’ homes, he adds.

With such scenarios in mind, NIST’s Smart Grid Interoperability Panel–Cyber Security Working Group (SGIP–CSWG) in February released the second draft of its Smart Grid Cyber Security Strategy and Requirements, a 305-page document the agency expects to issue formally by July. It identifies potential vulnerabilities and outlines “recommended requirements” that the North American Electricity Reliability Corporation (NERC) can choose to add to its critical infrastructure protection standards. These measures to protect the grid from cyber-tampering would be enforced by the Federal Energy Regulatory Commission (FERC).

NIST’s cybersecurity group draws its recommendations from a well-rounded core of more than 400 experts, including those from the Department of Homeland Security and the Department of Defense, as well as volunteers from academia, law firms, IT and telecommunication companies, and independent security specialists. Aerospace manufacturer Boeing and network technology provider Cisco Systems each have an employee serving as vice-chair of the group.
The document is short on answers regarding exactly how to solve these problems. “This is a starting point. It’s meant to give high-level requirements, not solutions,” says Lee. Rather, the intent is to get government agencies, utility companies and other businesses thinking more about security problems they may not previously have considered when components of the electrical grid were not hooked up to computer networks. NIST notes in this latest draft that without R&D advances to network security, local attacks can become distributed or cascading large-scale attack campaigns.