CES 2011: Pinpointing Problems With Smart Grid Security
Photo by Rennett Stowe via Flickr Creative Commons
As the smart grid rolls forward, we're seeing an upswing in wariness from consumers, utilities and other organizations who have serious questions about the security of our grid. Indeed, security has been an ominous issue that no one wants to ignore as the smart grid develops, yet few can really address the scale, let alone the solutions. Adrian Turner of Mocana, a device security solutions company, met with me to talk about some of the risks associated with having everything connected, from our devices to our homes. The company has developed the industry's only device-independent Smart Device Security platform, which secures all aspects of IP-enabled devices like smart meters. Here's what he has to say about grid security. The conversation with Turner was nothing if not unnerving as he pointed out manufacturers' rush to connect devices to the internet without solid security in place, and what the flaws in our security systems mean for the smart grid. The most alarming example he used is that of Stuxnet.
Stuxnet is a new attack on connected devices. Turner stated that it's the first example of malware released, almost certainly, by a nation state. While it's still speculative, the sophistication of the malware points to a national investment in its creation, and it's already infected some 45,000 industrial control systems. Stuxnet makes a device such as an actuator or valve act in a way it isn't supposed to. What exactly does that mean? Well, Turner pointed to the San Bruno explosion in September as an example.
In fact, Turner wrote a piece for the Mercury News about how San Bruno could be the first of many such disasters should we not focus more on security of connected devices.
The U.S. government, motivated by national security concerns, is beginning to increase incentives for educational institutions and students to take this on. IT security industry organizations should be educating consumers and industry alike about the urgency. Consumers and policymakers need to make all those benefiting from the Internet of Things -- device manufacturers, network service providers and institutions -- accountable for securing data and services.
With so much emphasis on the deployment of the smart grid to reduce dependence on foreign energy sources -- in large part motivated by national security concerns -- it is essential that all of these new network nodes on the energy grid be protected. It's not just power plants. Smart meters and other lower-profile networked devices could be used to invade or attack the grid, leading to military, social or economic disruption.
To Turner, San Bruno is a wake up call for us. But fortunately, he feels confident that there are many stakeholders who hold similar concerns about security, including utilities. He noted that currently utilities are 99.97% reliable. That 0.03% failure costs the US government $150 billion a year. Clearly, security is a top concern.
The challenges for security come with having different stakeholders with different motivations. Who exactly is responsible for the safety and security of devices? Turner notes that there could be a push-back from utilities to other companies that provide the products and services used within the smart grid that it is their responsibility to ensure security. As far as government bodies go, the US government has a role in security in that it has stimulus funds invested in it, Turner notes, but it will be more involved in driving standards and acting as a checkpoint for progress than for determining what the market will do for the smart grid.
So far, consumer concerns have revolved around health and privacy. Privacy, Turner states, is more about policy. Security is the mechanics. He thinks that as far as privacy goes, utility information will probably be handled much like medical information -- it is owned by the patient, held by the doctors, and can only be revealed under certain conditions. Security, on the other hand, should be an even bigger concern.
One of the challenges in the forward momentum of the smart grid is ensuring that everything can talk to one another, from utilities to meters to appliances and devices and so on. But this connectivity is why security is crucial. Before rushing to make everything connect, we have to consider how it connects, and minimize as much as possible the threat from hackers.
I asked Turner what about the security of connected devices keeps him up at night. He stated that our reliance on connected devices is growing, which means everything -- from medical devices to cars -- have to work all the time. Security has to be so much tighter now because the stakes are higher if something fails.
That's why security around the smart grid is a very big part of the slow movement forward -- there's very little room to get it wrong. Luckily, it's the next big topic of conversation when it comes to the smart grid.
View more photos from CES
Follow Jaymi on Twitter for more stories like this
More from CES 2011
CES 2011: TreeHugger Bringing You Cleantech and Green Gadgets from Las Vegas
CES 2011: Samsumg Shows Off Earth Friendlier Phones
CES 2011: Solar-Powered Coolers and Totes from Traveler's Choice
CES 2011: Does The Sustainable Planet Zone Need to Disappear?
CES 2011: What Does the 3D TV Rush Mean For Our Energy Consumption?
CES 2011: Smart Plugs and Energy Monitors from Intelligy, Current Cots, Modlet and More
CES 2011: Powerful Bike-Powered Light and Charger by Jooyn