A Cybersafety Culture Can Help Reduce Energy Usage Data Privacy Risks

Thanks to M2M and Smart Grid technologies, new energy usage data can be invaluable to help intelligently manage energy and reduce utility operations costs and consumer costs. However, new data means new privacy risks for consumers (residential, commercial, industrial, and agricultural), utilities, their vendor communities, and other entities that collect, transmit, use, and/or store that data. As noted in the new book Data Privacy for the Smart Grid*, the variety of entities with access to this data can blur privacy roles and responsibilities. Confusion about data privacy is not a good state of mind for consumers, utilities, vendors, or regulators. Privacy is an outcome of intelligent cyber and physical security technologies, policies and practices, and its protection has to become part of organizational cultures. Look at it this way. Utilities have worked diligently to instill “top of mind” safety procedures in their organizations, because of the many dangers associated with electricity, gas, and water services. We use this analogy in our guidance to utilities and vendors regarding data privacy. A cybersafety culture has to be embedded within utilities and vendors with access to energy usage data. Like safety procedures, regular exercises that identify all potential privacy risk and their mitigations must become an important habit of a cybersafety culture. Think beyond energy usage data too. EV charging, vehicle telematics, and digital health applications produce new data that has considerable privacy implications. Smart Grid technologies that are applied to water can produce new data about water consumption and waste water production that will have similar privacy concerns and risks, as well as other data that delivers personally identifiable information. How do you achieve a cybersafety culture? Here are three suggestions derived from our methodology:

  • Does your company have a privacy policy that explicitly describes treatment of energy usage data? If not, one should be developed. Why? Because consumers as data owners can voluntarily share their energy usage data with data managers that are not affiliated with utilities. Consumers need to exercise caution by carefully reading the privacy policies of the third parties they authorize to be data managers or custodians of their energy usage data.   And since we’re only human, this may not happen with the diligence nor frequency that would apply in a perfect world. The often blurry lines of privacy roles and responsibilities may lead consumers to believe their energy usage data is covered by the privacy policies of a utility when their selected data manager has completely different privacy policies. The lack of a good utility privacy policy ruins a perfectly good opportunity to build and maintain that trusted advisor relationship that is the apex of excellent consumer engagement.
  • Try the “chain of data custody” exercise. Can you accurately map out the sensitive data gathered, used, transmitted, or stored in your business processes and who has access to this data? The exercise results may astonish you.
  • Ask your employees who is the ultimate owner of energy usage data. If they don’t know, you have a training issue to address. The owner has ultimate control and decision-making authority over their data. Utility customers are explicitly identified as owners of energy usage data in some Sometimes energy usage data is narrowly defined as consumption data. As consumers transform into prosumers capable of generating kilowatts and negawatts (and new data), energy production data ownership must also be addressed.

These three steps help utilities and vendors develop cybersafety cultures that mitigate data privacy risks. And here’s one more suggestion – be prepared to over-communicate your energy usage data privacy policy. If you don’t have a policy, today’s the day to change that. * Published by Taylor and Francis Group. Co authors: Christine Hertzog and Rebecca Herold. ISBN: 978-1-46-657337-6. Available for pre-sale now.


Energy Data Privacy Risks – What You Don’t Know Can Hurt You

Wednesday is Data Privacy Day in the USA, and it should receive heightened awareness after the recent Sony Pictures cyberattack. While media attention focused on cybersecurity weaknesses, privacy is the natural consequence of good cybersecurity. Security – cyber and physical – is a strategy that ensures a privacy outcome.

Unfortunately, determined cyberattackers or the deliberate or careless actions of current or former employees can defeat the best cybersecurity and physical security systems. Mandatory privacy policies and protections minimize the risks that sensitive data will be exposed – whatever that data might be. Sensitive data such as social security numbers, bank account information, and personal health records are managed to protect privacy. Utilities already manage sensitive data too, but need to prepare for significant increases in privacy risks.

Sensors are gathering more and/or new types of data. Inexpensive data transmission and storage makes it possible to handle new volumes, varieties, and velocities of data. Smart Grid technologies can deliver new granularity in time-stamped data about consumer use of electricity, gas or water. More M2M technologies can generate location-based data that accurately maps activity over the course of a day.

All these converging technologies increase data privacy risks, and make the publication of Data Privacy for the Smart Grid* very timely. It’s a key reason I helped write it. The Smart Grid delivers a myriad of benefits to utilities and consumers, but it also creates new risks and new concerns about data privacy. Energy usage data is invaluable to help intelligently manage energy and reduce utility operational costs and consumer costs. Privacy risks emerge in questions of how that energy usage data is used, shared, stored and otherwise accessed.

Utilities have prominent roles in the collection of energy usage data, but they may not be the only entities gathering, receiving, storing, or using that data. In the future it is very likely that businesses other than utilities may manage generation assets or water conservation equipment, sell electricity, or collect energy usage data directly from consumers. The variety of potential players coupled with new services and technologies can easily confuse everyone with blurry responsibilities for privacy protection and more exposure risks. Will consumers always know the “chain of data custody” for their energy usage data? The answer is no, and that has serious policy, process, and training implications for utility executives and vendors of solutions capable of gathering, transmitting, and using this data.

This is definitely a situation where what you don’t know about privacy risks can hurt you – in the forms of criminal or civil litigation and financial penalties, bad publicity, lost goodwill, and reputation damage. What steps should utilities and vendors take to protect the privacy of their customers’ energy usage data and the fallouts of failure? The answers are the focus of next week’s article.

*  Published by Taylor and Francis Group. Co authors: Christine Hertzog and Rebecca Herold. ISBN: 978-1-46-657337-6. Available for pre-sale now.


The Electric Utility Singularity

A singularity is a term that is used in mathematics, physics, and advanced artificial intelligence.   The definitions vary based on perspective, but in simple terms, it signifies the point where old rules break down.  This is exactly where electric utilities are now.  We are witnessing a massive utility singularity.  This event is brought on by a multitude of technologies, policies, and financial programs that will ultimately change today’s utility business model – whether investor-owned utility (IOU), municipal or publicly-owned utilities, and rural cooperative utilities.

This is not an obituary for utilities.  Nor are utilities the only sector facing a great singularity.  Consider the cable TV sector.  It is confronting its own death spiral as it continues to increase subscription fees on a declining customer base and encounters non-traditional competitors like Netflix and Hulu.  The current US cable TV business model based on supplying the overall deplorable state of bundled content that many consumers don’t want cannot survive.  Will utility leaders be able to ponder some pattern recognition of their business model and possibilities against other business sectors and make smart decisions to survive and thrive through a singularity transition?  I believe the answer is yes, but the number of utilities that do it will be like unicorns (the latest Silicon Valley buzzword describing startup companies that are exceedingly rare and capable of anything.)

The electric utility singularity has been looming for at least a decade.  Some business model rules started breaking down years ago with initial policy steps towards deregulation and decoupling.  Smart Grid technologies will be the real accelerant in terms of bending the revenues curves for utilities downwards.  Just look at the rise of solar technologies in the form of highly distributed rooftop photovoltaic systems or packaged solutions of advanced analytics, user interfaces, and mobile devices that make nanogrid (home-based) energy management available to the residential masses.

Even if utility resources do not think non-traditional entities can ever manage a grid to the same reliability, safety, and cost-effective metrics as the utilities themselves, that won’t stop new entrants from trying.  Some will fail, but many will succeed.  The winners will be specialists who forge partnerships with complimentary solutions and create their own packaged hardware and software ecosystems.  The winners will offer a different take on reliability.  Instead of being measured on downtime, which is essentially what traditional utility metrics of SAIDI (System Average Interruption Duration Index) and CAIDI*  (Customer Average Interruption Duration Index) measure, they will promise uptime.

Winners won’t be bound with the same constraints that are imposed on IOUs, municipals, or cooperative utilities.  That’s unavoidable, but that doesn’t mean utilities don’t have opportunities to develop strategic agility if they want to be survivors.  Here are three questions utility leaders should discuss internally and with important external stakeholders like regulators, public owners, and consumers:

  • How differently would we organize and operate if we managed to uptime instead of downtime?
  • Can we leverage a custodial stance on energy consumption data as a strength?
  • What do we really understand about consumer choice and perceptions of quality?

The electricity business sector will look very different on the other side of this singularity.  Utilities have a difficult journey ahead, but I’m optimistic that some will successfully make the transition.

* definitions for these terms can be found in the Smart Grid Dictionary 5th Edition.


Will Google Play By Utility Privacy Rules?

January 28, 2014 was Data Privacy Day.  Two recent news stories – the thefts of sensitive consumer data from national retailers including Target and Google’s $3.2B acquisition of smart thermostat maker Nest are stimulating much-needed discussion about the security and privacy of personal data.   Security and privacy are inextricably linked. In the active criminal investigations underway, authorities will examine the involved parties’ security protections from both of these angles.  We may discover that complacency and failures of imagination were unwitting accomplices to criminal entities.  Let’s not be similar accomplices to weakening our energy data privacy protections.

The USA enacted the Energy Independence and Security Act (EISA 2007) that spurred much of the Smart Grid policies and activities ongoing today.  This legislation acknowledged that smart meters could create new energy data and the need for policies to protect this new data’s privacy.  Since then, Public Utility Commissions in various states have penned privacy guidelines that define what investor-owned utilities (IOUs) must do with energy data derived from smart meters.  For example, in the state of California, smart meter data is owned by the individual consumer (your meter, your data).  Whether that smart meter data remains with the utility or if the consumer authorizes it to be shared with a third party in the form of Green Button data, the California Public Utilities Commission (CPUC) stated it will ensure equal regulatory treatment for third parties who acquire usage data from the utility via a smart meter or through an internet-connected device.

However rules like this do not apply to situations where consumers supply different energy use data directly to businesses.  This is the Nest scenario with their learning thermostat.  In this case, the thermostat gathers sufficient data about user temperature preferences correlated with time and activity sensors to make inferences about future heating and cooling preferences.  This is an “unregulated” peek inside the home at user behaviors.  A number of Nest customers are asking for ZigBeeR or Zwave connections to smart meters to leverage this data along with their learning thermostat data.  If Google/Nest were to do that, in states like California that could mean they would have to abide by the privacy rules governing utilities.

Consider the language of California’s AB 1274.  This bill prohibits the state’s IOUs and publicly-owned utilities “from sharing, disclosing, or otherwise making accessible to any 3rd party a customer’s electrical or natural gas usage data without obtaining the express consent of the customer and conspicuously disclosing to whom the disclosure will be made and how the data will be used. The bill would require a business and a nonaffiliated 3rd party, pursuant to a contract, to implement and maintain reasonable security procedures and practices to protect the data from unauthorized disclosure. The bill would prohibit a business from providing an incentive or discount to the customer for accessing the data without the prior consent of the customer…”

Today, Nest has a privacy policy in place that states it would not provide consumer data to another third party without that consumer’s consent.  Read it.  It’s a reasonable policy, but as we’ve experienced before, privacy policies are subject to change without advance notice.

Nest is already dabbling in a demand response program called Rush Hour.  Google has had interests in energy management in the past.  It will be interesting to watch how this acquisition unfolds in terms of future energy services.  But if I was a California utility lawyer, I’d act like I’m from Missouri, the “show me” state and line up tough ßdisclosure requirements on how smart meter data is used if asked by Google/Nest to provide it.  And if I was a Nest customer, I wouldn’t be complacent – I’d be monitoring that Nest privacy page.


Renewable Energy – Breaking the Fixation on Fossil Fuels

There’s an interesting thought exercise titled Renewable Energy: Shifting Sources of Power initially published in the Government Gazette and reprinted in the Energy Post about the role that renewables can play in global energy policies.  This article triggered some thoughts about what renewables do and should mean to energy policies in the USA.

We should think about a day when most of our energy sources for electricity and transportation are renewable sources rather than fossil fuels. Why?  Because this is an achievable goal.  R&D in solar continues to push the harvest efficiencies of materials upwards so we can expect to see more bang for the buck in equipment.  The pace of improvements in solar technologies and decreases in manufacturing and deployment costs is impressive.  Other innovative technologies offer new ways to harvest energy from water, providing generation opportunities beyond big dams and other traditionally centralized infrastructure.  R&D in energy storage will increase solution options and decrease prices – so the trends that we’ve seen in solar will occur in energy storage – sooner and faster than most projections.  And fortunately, we are now seeing financial innovations that are also accelerating the pace of adoption of renewable generation amongst residential, commercial, industrial, and agricultural customer categories.

Continuing with that thought exercise, the establishment of renewables as the majority source of energy for electricity production has major implications on politics – from the local to the global levels.  In the USA, it has profound implications on today’s political power infrastructure, national and state energy policies, and our centrally-sourced electricity generation business models.

But all this begs a more fundamental question – why does so much of US energy policy still fixate on fossil fuels?  Why not plan an orderly transition to clean renewables, which guarantee energy, economic, and environmental security?

From an energy security perspective, here’s a quick compare and contrast:

  • Renewable energy sources like solar and wind are free and freely available around the globe.  Fossil fuels have extraction and transportation costs, plus costs associated with military protection*.
  • Renewable energy sources have stable extraction costs – once the equipment is installed, the costs of operating and maintaining the equipment is very predictable.  In contrast, fossil fuels have always demonstrated extreme price volatility that jeopardizes economies and countries.   In the USA, electric utilities are cautioned against assuming that natural gas prices will always be as low as they are today.
  • Renewable energy sources like solar and wind do not emit CO2 gases.  All fossil fuels do – even natural gas.  Efforts to capture or sequester carbon create additional external costs that must be factored into fossil fuel prices.
  • Renewable energy sources (with the exception of hydro) do not require large quantities of water that then has to be expensively treated to make it potable again.  In hydro’s case, the water use is a “pass-through” that doesn’t alter its quality.  There’s plenty of concern with fracking – it consumes water, and the lack of transparency from the extractors about the chemicals injected into the earth raise legitimate concerns about the potential for polluting ground sources of water.

The reasons for the fossil fuel fixation include the usual political gridlock and out-sized influence of campaign contributions, but we also have too many stakeholders in the USA who can’t think bigger than the mere substitution of one expensively extracted fossil fuel for another.

We have an opportunity to re-imagine and re-engineer our energy infrastructure into clean sources that are widely available and offer wide market participation.   It won’t always be the easy path, but it is the logical one to deliver energy, economic, and environmental security.

*  Imagine what it means for the USA if the Navy’s Fifth Fleet is no longer needed to protect Middle East shipping lanes for oil transportation.  Wouldn’t American taxpayers be delighted to no longer foot the $60-80 Billion annual cost for that?


Smart Grid Trends to Watch: ICT Innovations and New Entrants

The convergence of information and communications technologies (ICT) with the traditional operations technologies (OT) is an ongoing Smart Grid trend.   Within the USA and its 3000+ electric utilities, Smart Grid investments focused on optimization of transmission and distribution grid operations through machine to machine (M2M) communications and forays into data analytics for applications ranging from revenue assurance to voltage conservation.

This ICT/OT convergence trend is encouraging new entrants into the vendor ecosystem that supports electric, gas, and water utilities.  One of the latest entrants is Dell Computers.  Dell made two announcements in the past two months that illustrate how ICT companies are exploring Smart Grid market opportunities.  2013 will be the year to watch their strategies and progress.

Dell recently unveiled their Smart Grid Data Management Solution which combines high-performance computing, networking and storage to manage data for review and action in utility operations.  Leveraging domain expertise and the PI System™ from OSIsoft, they developed and tested a reference architecture in a simulation environment that modeled a utility’s transmission grid operations.  Transmission grids have been one of the early beneficiaries of the Smart Grid through products called Phasor Measurement Units (PMUs), which are extremely high speed monitors that sense changes in transmission conditions.  Taking hundreds of measurements per second from multiple PMUs leads to large quantities of data that challenge existing data storage practices in utilities. Dell’s solution coupled with OSIsoft’s solution provides faster updates and makes actionable data available to staff, applications and business systems.  It’s an excellent example of how M2M communications and data management technologies can become ubiquitous in the Smart Grid.

This is a noteworthy collaboration between a traditional ICT vendor (Dell) and a traditional OT vendor (OSIsoft) that is focused on grid operations.  But Dell has also signaled its intent to get involved in the consumer side of the electricity value chain by joining the Pecan Street Inc. Advisory Board.  Pecan Street is an energy and smart grid research and development organization, and serves as a living laboratory with a community microgrid characterized by residence-based solar generation, electric vehicles (EVs), energy efficiency and energy management solutions for homes.  The project is conducting research in the brave new world of consumer/prosumer evolutions and their energy interactions through data analytics.

While the term “big data” is used in this project, its volumes are dwarfed by the volumes of data that are generated by today’s PMU deployments.   Similarly, if smart meters ever provide data to utilities at 15 minute intervals, that would constitute really big data, at least as analytics providers in financial services or telecommunications would define it.  It’s more accurate to describe the Pecan Street project as one that offers horizontal complexity and scalability as the types of devices, with all their variations in hardware, firmware, and software will need to be managed in addition to the networks that connect them.  There aren’t too many analytics companies out there that can offer this expertise, and the best ones are proven performers in other industry sectors outside of electric utilities.

However, Dell has proven abilities in the arena of data management, and they understand a thing or two about consumers after successfully building a competitive business that sells direct to them.  So their moves into the Smart Grid sector portend more than a continuation of the ICT/OT convergence trend.  It also highlights another trend – that of businesses (others are Verizon and Comcast) that are experienced in consumer retail operations and engaged in exploratory activities to directly engage with electricity and water consumers.  Traditional utilities may discover that their business models are disrupted more by this second trend than the first.  Of course, this second trend is a riskier play, and it is too early to tell if these new players will become intermediaries between consumers and utilities.  It will be interesting to watch Dell in 2013 and see how these trends progress.