Smart Grid Communications Risk Management

The success of tomorrow’s smart grid depends on thoughtful accounting and management of emerging risks. The smart grid communication layer is arguably experiencing the largest degree of change. Communication security, reliability, and scalability should be managed during planning, procuring, and operating smart grid assets. Utility and Independent System Operator (ISO) executives can learn valuable planning lessons and best practices from recent smart grid pilots and technological innovations. This paper focuses on the risks and challenges of smart grid communications.

Security
Security is often management’s top concern when it comes to smart grid communications. These concerns were renewed last summer with the Stuxnet computer worm. Stuxnet is a malware that specifically targets industrial equipment through their programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems. This type of cyber attack is especially worrisome for managers of critical infrastructure. In the United States, a host of federal agencies took note of Stuxnet and expressed concern about the risk to smart grid. The U.S. National Security Agency (NSA), which already employs the most sophisticated protection schemes, took the extra protection of permanently disabling USB ports with rubber cement. 

The U.S. Federal Energy Regulatory Commission (FERC), National Institute of Standards and Technology (NIST), and Department of Homeland Security are reviewing their jurisdiction over smart grid communication infrastructure. Under its FERC mandate from the Energy Policy Act of 2005, the North American Electric Reliability Corporation (NERC) has also accelerated the development and enforcement of its Critical Infrastructure Protection (CIP) standards. Also, with a mandate from the 2007 Energy Security and Independence act, the NIST Smart Grid Cyber Security Working Group (CSWG) has updated a comprehensive report on security guidelines and testing for energy providers. 

Some of these organizations and agencies are considering implementing security standards similar to defense system requirements. NIST already issues the Federal Information Processing Standard (FIPS) 140-2 to accredited cryptographic modules within smart grid communications. Among utilities and other smart grid operators, FIPS certification may become a requirement.

Similarly, other private sectors are placing large investments on security infrastructure. Intel’s $7.8 billion acquisition of McAfee is just one example. Closer to energy, Tropos Networks has invested in its private network security and control capabilities for smart grid and received its FIPS 140-2 certification. More recently, Tropos has collaborated with Department of Defense energy managers to develop secure smart grid communications that comply with NIST’s and NSA’s Common Criteria and Information Assurance accreditations. These types of multi-layered accountability and review structures likely signal the direction of utility smart grid communication security. 

Another company, OnSSI, is helping smart grid operators comply with the physical security requirements of NERC CIP. Video surveillance can help meet CIP compliance but presents a communication and monitoring challenge for utilities and ISOs. OnSSI provides software that works well with a variety of smart grid communication technologies and allows operators to centrally manage video surveillance from diverse locations and vendors.

Although utilities, ISOs, and vendors are innovating around smart grid communication security challenges, system reliability continues to dominate the risk management discussion.

Reliability
Utility and ISO executives are conditioned to think in terms of reliability. Both groups typically have an explicit mandate to provide reliable energy service and are held accountable to strict reliability requirements. In 2010, FERC issued over $25 million in fines resulting from violations of Mandatory Reliability Standards. Outside of the bulk power system, public utility commissions have also shown a willingness to levy reliability fines or withhold rate increases.

In this environment, it is not surprising that utility and ISO executives view all new projects through the lens of reliability. Their challenge is to demonstrate to regulators, customers, and shareholders that new communication infrastructure is dependable and increases power system reliability. This dynamic often leads to a culture clash between utility executives and providers of commercial telecommunication networks. The latter group is frequently unaware of the underlying reliability requirements that drive communication quality of service mandates in the energy sector.

As a result, many utility and ISO executives are designing new private networks with inherent redundancy. A hybrid approach with multiple communication technologies at the physical layer is a common means to increase reliability, ensure diversity, and mitigate common mode risks. Some have found that decentralized control architectures reduce reliability risk. Redline Communications has partnered with other smart grid communication providers to enable such a hybrid architecture. The intent is to build a mesh network where justified by demand density and to traverse less dense areas with Redline’s WiMax and Point-to-Point technology.

Scalability
From a business and capital efficiency perspective, smart grid projects present a significant challenge. Power assets have long useful lives and are expensive to replace. As a result, most utilities and ISOs have elected to limit smart grid projects to community and application pilots. For example, Entergy New Orleans announced this week that it is deploying an AMI pilot as part of a U.S. Department of Energy grant. The pilot will use smart meters and Home Area Networks (HAN) to provide consumers more information about their energy use and enable smart thermostats. Several other pilots have been successfully implemented, but system-wide implementation remains uncharted territory for most applications and for most utilities and ISOs. 

In certain power system cases, the benefits of smart grid are not realized until the entire system is upgraded. For example, a majority of recent smart grid pilots have focused on advanced metering infrastructure (AMI). While AMI is a powerful technology, the economic benefits are multiplied when combined with distribution automation (DA). DA will be increasingly necessary as dynamic loads and generation like electric vehicles and renewables are added to the grid. The communication requirements for DA can be significantly different from AMI in terms of bandwidth, latency, and availability. This forces utility planners to make an important communications decision: design a narrow AMI-only communication network or try to design for all future smart grid communication needs.

Fortunately, at the communication layer, utility and ISO executives have more flexibility. Unlike generation or transmission assets, communication equipment has lower acquisition and implementation costs and can be phased in with less disruption to existing systems. Depending on the communication architecture, equipment can often be phased in as traditional assets are replaced. The result is a more linear investment over time.

In many utilities, decades of communication additions and expansions have resulted in fragmented networks supporting separate applications. Consolidating communications can often reduce operating and maintenance costs enough to justify new equipment in year one. Private network manufacturers and integrators often highlight this as a key advantage to utilities. For example, within its management and control system, Tropos Networks has chosen to establish multiple VPNs with unique quality of service for separate applications. This allows smart grid operators to run one network for multiple applications and add hardware as requirements increase. Itron’s Open Way system has been designed to enable AMI through such a flexible and scalable communication network.

The digitization of energy management generates more data over large geographic areas. This data moves from information to knowledge, and the communication architecture becomes critical in addressing security of that knowledge and ensuring reliability of the overall system. An increasing number of public and private telecommunication providers, manufactures, and service firms have discovered the smart grid communication challenges facing utility and ISO executives. The result has been a refreshing pace of technical innovation and new ideas.

Share your thoughts and insights on this article. Join the discussion at KEMA’s Utility of the Future blog.