I asked this question because this n application will be ubiquitous in homes in the next few years.  The answers I received included an R&D shop’s solution (which might be proprietary), feedback about sensitivity of usage data, and a reference to the UtilityAMI Home Area Network System Requirements Specification.  

Let’s talk about the sensitivity of usage data – how much energy you use.  This is often cited as a security concern – if people can capture the data about the electricity you are consuming, they can tell if you are home or not.  I guess that’s true, but they would have to know an awful lot about my typical electricity use.  What if I’m a careless energy consumer that leaves computers, TVs, cell phone chargers, and lights on all the time – whether I’m home or not?  In this example, will there really be a significant difference in my KWh if I leave town for a week?  Maybe from a stratospheric bill to merely sky-high. 

In a world with more microgrids, the bad guys looking at my usage data would not know that a sudden decrease in my energy bills might be due to my brand new mini-wind turbine and solar panel installation. 

I do think people would be very touchy about the confidentiality of this information – I might not want my neighbors to know that I’m an electricity guzzler.  However, I don’t think extrapolating my usage data is a worthwhile criminal enterprise for people looking to make an illegal buck.     

More malicious activities would involve comprising the integrity of my usage data.  Although I can’t see what monetary gain a hacker would reap from modifying this data, they could certainly stress me out if my next utility bill was in the stratosphere.  Ditto if they messed with my microgrid data, depriving me of that cash that I was expecting from the utility based on their purchase of my microgrid’s generating capacity. 

So usage data may not be the most important data to secure in a HEMS application.  However, financial data and personal identification data like Social Security Numbers might be connected somewhere in a HEMS application to a utility, and therefore may be vulnerable to unauthorized access or compromised integrity.  That could be a problem.  We read stories all too often of the global criminal networks engaged in buying and selling credit cards and identification information.  This is a potentially huge liability for utilities, but they are working to address it through groups like the UtilityAMI OpenHAN Task Force.   

The UtilityAMI OpenHAN (Home Area Network) Task Force has defined 4 sections under the security category for guidelines that promote open, standards-based interoperable HANs.  Any HEMS application would be part of the HAN, and governed by the security guidelines under development by this group and other knowledgeable organizations.  The OpenHAN Task Force defines the following four subcategories: Access – the control and confidentiality of data and information; integrity – the ability to ensure protection of data (in storage and in transit) from unauthorized users; accountability – the date/time/user event info to audit a system; and, registration – the authentication of identities that are established within a HAN and known to a utility.   This is a great construct for utilities and vendors to ensure that all software is designed and deployed to ensure security as well as interoperability.

This Task Force takes a utility-centric view, which is perfectly reasonable considering that utilities have a great deal at stake in getting the right specifications defined for future Smart Grid operations.   The work that this Task Force has been doing is also shared with the ongoing work that NIST is taking in conjunction with EPRI to develop interoperability and security standards. 

I’ll lead a discussion about software characteristics – especially at the user interface in HEMS applications – for the Smart Grid at the Green Software Unconference on August 19^th in Mountain View, CA.   .   Join me there – click here to learn more about the agenda and how to register.

The National Institute of Standards and Technology (NIST) is diligently working on Smart Grid standards with a focus on interoperability and security.  There is a two-day workshop going on right now between NIST and vendors of Smart Grid solutions to develop these standards.    

Some may argue that proprietary solutions are inherently more secure than open solutions. Unfortunately, proprietary systems are just that more vulnerable to any threat.  Let’s use an example from biology.  Which organism is the stronger – the one that is out in the environment, exposed to various germs that improve its immune system and ability to combat infections, or the one that lives in a bubble and is prey to the first biotic threat because its immune system has no defense experience?  We all know the answer to that question. 

Software must be open and interoperable, or else as consumers we will all pay the price in higher utility costs, more expensive solutions, and less reliable energy networks.  It must also be secure.  Security has become a hot button issue, as noted at the recent Black Hat conference, where 2 sessions identified vulnerabilities in smart meters and network configurations and 1 session focused on weaknesses in Zigbee, a wireless networking specification favored for Home Area Networks (HANs).    

Security concerns cover everything from physical access to a meter all the way to the sophisticated types of attacks perpetrated on Internet-connected sites and networks .  Let’s face it, anything can be vulnerable, so it’s a matter of reducing the losses suffered at any point of attack.  Our centralized grid worked very well, but it is the wrong overall network architecture for the bi-directional flow of electricity and information that is the essence of the Smart Grid.  A distributed architecture – one that accommodates distributed generation – minimizes the security risks by spreading generation, transmission, and distribution functions – even down to microgrid proportions.

What are some of the other common software characteristics for Smart Grid solutions in addition to being open and secure?  It should be scalable.  If it is meter software, it should work from hundreds of meters up to millions of meters.  If it is a utility billing or enterprise resource planning type of solution, it has to manage large amounts of data, and filter the meaningful data for that utility’s operations. 

Smart Grid software also has to be flexible with regards to latency of data.  Some applications will require real-time data, while others can take data at times of least network traffic to avoid congestion situations.  For example, the sensors that monitor transmission conditions for lines or equipment need real-time communications back to operations centers.  Electricity usage information from my meter may not need real-time communication capabilities, but might need to be sent more frequently than once a month. 

Smart Grid software solutions also need to incorporate Web design principles where appropriate to offer the most intuitive user portals for sharing information and managing distributed generation arrangements with utilities.    Many of these characteristics will be covered at the upcoming Green Software Unconference on August 19^th in Mountain View, CA.  I hope to see you there!

Fortunately, there are very smart and dedicated people working with great speed and purpose on establishing standards for interoperability and cybersecurity.  The National Institute of Standards and Technology (NIST) has a leading role in developing national Smart Grid interoperability standards for the USA.  Working in close coordination with major stakeholders like utilities and industry vendors, NIST has a 3 phase plan to build consensus on existing standards for interoperability and cybersecurity and an interim roadmap; facilitate public/private panels to drive harmonization of standards and evolution of technologies to those standards; and then develop a plan for a test and certification framework.    The interim roadmap was published late last week and is available for public view at http://www.nist.gov/smartgrid/InterimSmartGridRoadmapNISTRestructure.pdf.  It’s an interesting read!

Now on to standard thinking.  We all have great expectations of the technological advances that the Smart Grid can deliver.  It appears that at least some technology vendors and utilities have great expectations of consumers too.  At a recent conference, an oft-cited example of demand response and how price changes will drive consumer behavior concerned laundry.  In this example, it was predicted that consumers will choose to do their laundry at midnight when rates are lowest rather than another time of day (or night).  Hello???? Here are three reasons why this is a really great example of bad standard thinking:  1)  who is getting up at 1AM to move clothes from the washer to the dryer?  Or is that what the live-in maid is supposed to do?  2)  many multi-tenant communities (like my condo association) don’t allow laundry after 9pm because of noise.  3)  Midnight is not the best time to line-dry clothes – especially for consumers who are fortunate to have outdoor lines.  I don’t know about you, but I like to hang laundry outside in daylight hours when I can see what I’m doing. 

So here’s my plea to the technology vendors - get past the standard thinking.  Its not about what the technology can do, its about what people can and will do with the technology.