If you are a carpenter – round 32

May 21, 2008, we had a session at the Connectivity Week Industrial Track on cyber security of the Smart Grid. There were approximately 5 attendees including presenters. None were industrial or power plant end-users. Rather than hold such a poorly attended session, we spent the afternoon creating what would become the NIST Industry-to-Grid (I2G) Working Group. The I2G’s focus was to be large industrials and central station power plants as they were not represented by any other working group. The I2G started in the August 2008 time frame and has been holding weekly conference calls since.

One obvious need for I2G was participation from large industrial and power plant end-users. I went to several colleagues from large industrials to get participation. They were not interested. To this day, the I2G has ZERO participation from large end-users or power plant personnel. Rather, a number of the I2G participants are from those working on price signals for residential and commercial applications. Which brings me to the title of this blog – if you are a carpenter, everything looks like a nail. If you are a demand-side expert working with residential and commercial applications, everything looks like that. Those are not the primary needs for large industrials and power plants interfacing with the Smart Grid. Those are also not the primary needs to make large industrials and power plants more efficient and environmentally friendly. Since those needs don’t look like price signals (ie, nails), they were brushed off as not applicable. Why would any large industrial or power plant end user buy into a “standard” where they had no input or participation?

Since the Smart Grid is moving toward IP communications, a similar situation occurred at the IEEE P2030 meetings in Santa Clara. The IT community sees Windows, Internet, and IP communications (looks like a nail) and tries to tell the power system experts how to run the grid. The same situation is occurring with the NIST Security Working Group with IT “SCADA security” experts seeing Windows, Internet, IP communications, and cyber security (looks like a nail again) and tries to tell control systems people how to secure systems they know nothing about.

Rhetorical question - how can we keep “experts” who know nothing about the domain and its needs from continuing to speak as “experts” because they think it looks like a nail?

Joe Weiss