Where ARE the experts?

Where are the experts? Several weeks ago, a conference was held by the Brookings Institute and Google on plug-in electric vehicles. In addition to the topic of plug-in vehicles, there was a discussion on cyber security of the electric grid by some very important industry, media, and government individuals. The video starts with R. James Woolsey, ex CIA Director, giving full credence to the bogus National Journal article blaming Chinese hacking for the Northeast and Florida outages. As can be seen from the attached conference minutes, Woolsey interviewed a panel of energy experts. However, this panel of energy experts did not have anyone directly from the control system cyber security community. Consequently, the answers are very interesting and also very questionable. Specific “questionable” comments are: Thomas Friedman, pointed out that our current grid’s inefficiencies are theoretically preventing mass disruption.  Answer: Has he heard about the Northeast Outage and the Florida Outage? Both had cyber aspects (no, it wasn’t the Chinese). Additionally, these weren’t the only large outages caused by cyber incidents. The grid’s inefficiencies are not directly related to cyber vulnerabilities. Vaswani adds… “The truth is, we’re not that secure now, but it’s been less of concern since currently most of the grid has only a fairly limited amount of networked control.” Answer: What grid is he referring to - the existing grid has a significant amount of networked control. As Sue Tierney, Managing Principal at Analysis Group, pointed out, the trend toward distributed generation is making the grid harder to take down. Answer: Automated Metering  Infratsructure (AMI) is extremely vulnerable where it connects to distribution systems. I have given several presentations at Smart Grid conferences on the cyber vulnerability of distributed generation and demand side management. Ironically, I just had a discussion Friday with members of the ISA S99.05 Leadership Committee about the continuing need for awareness, especially for those in “Washington”. Joe Weiss Cleantech Terror Alert: Hacking the Grid Written by Craig Rubens Posted June 26th, 2008 at 12:00 am in Policy Science fiction writers speculate that robots will eventually take over our networks, but conspiracy theorists say our current grid is under attack from foreign hackers—conspiracy theorists and high-level intelligence officials that is, according to the cover of the National Journal. The article alleges that Chinese paramilitary hackers were responsible for two massive U.S. blackouts. The theory had enough credibility for former CIA Director-turned-venture-capitalist James Woolsey to ask a panel of energy experts what is being done to secure the grid at the Google/Brookings plug-in electric vehicle conference in Washington this month. Video of Woolsey’s question and the panel’s response below. So just how secure is our grid? Does making our grid smarter and more interoperable increase our risk? The panel’s moderator, Thomas Friedman, pointed out that our current grid’s inefficiencies are theoretically preventing mass disruption. But the shift to IP-based, smart-grid services leverages all of the security technologies that have been developed in the IP space. Still, industry sources echo the panel’s response and say Woolsey’s is an “extremely legitimate question.” Silver Spring Networks CTO Raj Vaswani , who was not on the panel, tells us that “IP networks are decades ahead of any proprietary solutions.” But he concedes that securing the grid is different from securing Internet services. “The threat model is extremely complex because you’ve got devices sitting out in the field potentially for years with no physical security.” Vaswani says this isn’t suddenly a new issue with the smart grid becoming a hot topic. “It’s wrong to think we’re secure now and installing these services would somehow make us less secure,” Vaswani adds. “The truth is, we’re not that secure now, but it’s been less of concern since currently most of the grid has only a fairly limited amount of networked control.” While the Administration has never officially said China had anything to do with the blackouts, DOE representative Andy Karsner laid out what he saw as the potential of such attacks in terrifying terms: “This isn’t the cyber-hacking that you think of just for passwords. This is the capacity to destroy hardware in your home, at airports, at military bases, your car, if its connected through the grid.” But it’s getting better. As Sue Tierney, Managing Principal at Analysis Group, pointed out, the trend toward distributed generation is making the grid harder to take down. With more solar panels on individual roofs and cars soon plugging into the grid to push and pull electrons, the importance and vulnerability of central substations decreases. “The sky definitely isn’t falling,” Vaswani says. “And if we are doing this right, we’ll be shoring it up.”