Sunday, March 22, 2009

Smart Grid Vulnerabilities Might Make us Nostalgic for the Dumb Grid

Last week CNN raised an important and very timely point about the upcoming version 2.0 electric grid: that it may be too easy for bad guys to hack into, take out big parts of it, or otherwise manipulate its behavior.

Maybe the analogy isn't entirely apt (I'm still learning), but let's give it a shot. The US telecommunications industry transformed its infrastructure over the past several decades by replacing mechanical switches with modern computer networking equipment over fiber optic lines. I don't know about you, but cell coverage notwithstanding, my mobile phone, VOIP office phones and home landlines are reliable as I need them to be. The telcos appear to have secured their systems well, and/or have made them resilient and resistant to attack using redundancy and self-healing methods.

Drawing lessons from that highly succesful conversion, US regulators and the power industry are seeking ways to improve the reliability, efficiency and flexibility of the current electric genatration, transmission and consumption system, which is basically unchanged from what was in place nearly a century ago.

However as they do this, they need to be mindful that to be effective, security cannot be bolted on after system is deployed, but rather has to be a fundamental objective of the initial design. If they neglect security up front or get it wrong:
Experts said that once in the system, a hacker could gain control of thousands, even millions, of meters and shut them off simultaneously. A hacker also might be able to dramatically increase or decrease the demand for power, disrupting the load balance on the local power grid and causing a blackout. These experts said such a localized power outage would cascade to other parts of the grid, expanding the blackout. No one knows how big it could get.
Absent solid security from the get go, as the title of this post suggests, DOD and the rest of the nation may rue the day when we tried to gain advantages over our current brittle but generally available grid by overlaying internet technologies on a massively complex critical infrastructure system that has life and death consequences for many of its users.

No comments: