Harking back to that saying again, “don’t put all your eggs in one basket”, microgrids offer a solution to some physical and cyber security concerns.  Placing generation sources throughout the grid and having the ability to “island” or isolate important electricity users in microgrids can at least reduce the impacts of a cyber strike.  Instead of completely disrupting all grid-supplied operations, these mission-critical functions could continue under their own power.  The US military is already planning microgrids for fixed and mobile bases, and has projects underway at Wheeler Air Base in Hawaii and Twentynine Palms Base in California.  These microgrids should have designs for complete power self-sufficiency that can last for months to address the worst-case scenario – the cyber equivalent of a Pearl Harbor attack. 

However, some security specialists point out that microgrids increase the “attack surface” by offering more points of access to the larger grid where the microgrid has communications connections, or even the electricity lines themselves.  And it’s true, communications systems, and these are mostly IP-based, do have vulnerabilities that can be exploited by hackers.  Therefore, microgrid designers and operators need to take precautions to ensure that the industrial control systems (also known as SCADA systems – Supervisory Control and Data Acquisition) and other points of cyber access must be as secure as larger grid operations. 

The traditional electrical grid used to rely on obscurity as a form of cyber security protection.  Closed systems and proprietary solutions made it difficult for hackers to gain access.  However, the Smart Grid is triggering an open and IP-based communications transformation in the grid’s transmission and distribution networks.  Therefore, the same security measures and practices that are being deployed in utility-scale grids must be adapted for use in microgrids.  However, where utilities have full time operations personnel devoted to security monitoring, microgrids may not have sufficient resources to duplicate this arrangement.  Microgrids need automated monitoring to detect intrusions and trigger immediate responses, and use best practices and frequent audits to identify and correct weaknesses in their physical and cyber security perimeters.      

Microgrids improve overall grid reliability and security.  They make it easier to quickly integrate renewable sources of generation into the grid.  The benefits that microgrids contribute to our overall electrical grid outweigh the security risks to it, but it does mean caution must be exercised in building out a microgrid infrastructure that is interconnected to the Smart Grid.

You can learn more about microgrid security at the Smart Grid Cyber Security Summit in San Jose on Tuesday and Wednesday.  I’ll be there moderating a session on microgrid security – see you there!

There was plenty of “whine” on November 4, or to be exact, at 4:55PM on November 3, when the CEA sent a 91 page document 5 minutes ahead of the 5:00PM deadline for comments on the California Energy Commission’s (CEC) proposed TV energy efficiency standards. In order to review this and other comments that arrived at this 11th hour, the CEC has postponed its hearing until November 18th.

The CEA comments oppose the proposed standards, citing that energy efficiency standards would increase the price of TVs. According to this industry association, the average digital TV uses the same electricity as two light bulbs – incandescent light bulbs. The average 42 inch LCD TV consumes 203 watts, and the average 42 inch plasma TV guzzles 271 watts. The average California home has three TVs. It appears that the CEA is strongly advocating for not only increased operating costs for consumers, but also construction of more expensive power plants and increased electricity rates to pay for increased power generation.

It’s a shame that the CEA can’t take the bold step of working cooperatively with the CEC to reduce consumers’ operating costs of TVs and reduce carbon footprints as well.

Smart Homes and HEMS in a Smart Grid

I attended a presentation by Vint Cerf, often called the “father of the Internet” last week, and part of his presentation covered sensors and actuators in homes, monitoring environmental conditions and sending alerts based on defined triggers. His example was his wine cellar. If the temperature goes above a threshold, sensors note the condition and send an alert to his mobile phone. An actuator could trigger a change in the air conditioning temperature to eliminate that threshold and alert.

This is the type of technology I want to see enabled on the one device I almost always forget to adjust before a trip – my hot water heater. Wouldn’t it be great if I could remotely set it to vacation mode and save energy and money – money that I could use for a future vacation? Wouldn’t it be even more wonderful if I had a powerful but easy-to-use Home Energy Management System (HEMS) that maintained a series of defined “Vacation mode” settings for my entire home? Instead of setting individual lamps on timers, having the ability to instruct my home to turn selected lights in selected rooms on and off on automated schedules would make my HEMS a handy preventive security system.

One way to achieve this is to make devices internet-enabled and addressable – maybe not all of them, but many of them. For utilities, one of the promises of the Smart Grid is the opportunity to expand and enrich their Demand Response (DR) programs. Through these DR programs, utilities can work with consumers to automatically power down pool pumps or refrigerator ice makers, remotely adjust HVAC temperatures up or down, and find other mutually agreeable actions that can pare down electricity demand at peak times. Some consumers are suspicious of any utility reach into their homes, so it will be very important for utilities to structure their DR programs so that consumers can override these automatic and/or remote controls – but at the price of higher peak electricity rates as a result of that ability to override.

There is another very important point about this future vision of a Smart Home in a Smart Grid – and it covers Internet security. Mr. Cerf pointed out that internet security is in definite need of research and development, and he’s right. If we are going to make a home truly Internet-enabled, as homeowners we’ll expect that our homes can’t be hacked with the unfortunate regularity that befalls our computers. HEMS solution providers need to consider appropriate security designs and processes into their software and hardware that consider worst-case scenarios. As we all know, one negative incident in the USA, one highly publicized negative incident, could set back the HEMS industry for years.

Check out the Global Smart Energy Bilateral Trade and Investment Opportunities event on November 13 in Monterey. The agenda is filled with Smart Grid sessions that cover national and global perspectives.

I asked this question because this n application will be ubiquitous in homes in the next few years.  The answers I received included an R&D shop’s solution (which might be proprietary), feedback about sensitivity of usage data, and a reference to the UtilityAMI Home Area Network System Requirements Specification.  

Let’s talk about the sensitivity of usage data – how much energy you use.  This is often cited as a security concern – if people can capture the data about the electricity you are consuming, they can tell if you are home or not.  I guess that’s true, but they would have to know an awful lot about my typical electricity use.  What if I’m a careless energy consumer that leaves computers, TVs, cell phone chargers, and lights on all the time – whether I’m home or not?  In this example, will there really be a significant difference in my KWh if I leave town for a week?  Maybe from a stratospheric bill to merely sky-high. 

In a world with more microgrids, the bad guys looking at my usage data would not know that a sudden decrease in my energy bills might be due to my brand new mini-wind turbine and solar panel installation. 

I do think people would be very touchy about the confidentiality of this information – I might not want my neighbors to know that I’m an electricity guzzler.  However, I don’t think extrapolating my usage data is a worthwhile criminal enterprise for people looking to make an illegal buck.     

More malicious activities would involve comprising the integrity of my usage data.  Although I can’t see what monetary gain a hacker would reap from modifying this data, they could certainly stress me out if my next utility bill was in the stratosphere.  Ditto if they messed with my microgrid data, depriving me of that cash that I was expecting from the utility based on their purchase of my microgrid’s generating capacity. 

So usage data may not be the most important data to secure in a HEMS application.  However, financial data and personal identification data like Social Security Numbers might be connected somewhere in a HEMS application to a utility, and therefore may be vulnerable to unauthorized access or compromised integrity.  That could be a problem.  We read stories all too often of the global criminal networks engaged in buying and selling credit cards and identification information.  This is a potentially huge liability for utilities, but they are working to address it through groups like the UtilityAMI OpenHAN Task Force.   

The UtilityAMI OpenHAN (Home Area Network) Task Force has defined 4 sections under the security category for guidelines that promote open, standards-based interoperable HANs.  Any HEMS application would be part of the HAN, and governed by the security guidelines under development by this group and other knowledgeable organizations.  The OpenHAN Task Force defines the following four subcategories: Access – the control and confidentiality of data and information; integrity – the ability to ensure protection of data (in storage and in transit) from unauthorized users; accountability – the date/time/user event info to audit a system; and, registration – the authentication of identities that are established within a HAN and known to a utility.   This is a great construct for utilities and vendors to ensure that all software is designed and deployed to ensure security as well as interoperability.

This Task Force takes a utility-centric view, which is perfectly reasonable considering that utilities have a great deal at stake in getting the right specifications defined for future Smart Grid operations.   The work that this Task Force has been doing is also shared with the ongoing work that NIST is taking in conjunction with EPRI to develop interoperability and security standards. 

I’ll lead a discussion about software characteristics – especially at the user interface in HEMS applications – for the Smart Grid at the Green Software Unconference on August 19^th in Mountain View, CA.   .   Join me there – click here to learn more about the agenda and how to register.

The National Institute of Standards and Technology (NIST) is diligently working on Smart Grid standards with a focus on interoperability and security.  There is a two-day workshop going on right now between NIST and vendors of Smart Grid solutions to develop these standards.    

Some may argue that proprietary solutions are inherently more secure than open solutions. Unfortunately, proprietary systems are just that more vulnerable to any threat.  Let’s use an example from biology.  Which organism is the stronger – the one that is out in the environment, exposed to various germs that improve its immune system and ability to combat infections, or the one that lives in a bubble and is prey to the first biotic threat because its immune system has no defense experience?  We all know the answer to that question. 

Software must be open and interoperable, or else as consumers we will all pay the price in higher utility costs, more expensive solutions, and less reliable energy networks.  It must also be secure.  Security has become a hot button issue, as noted at the recent Black Hat conference, where 2 sessions identified vulnerabilities in smart meters and network configurations and 1 session focused on weaknesses in Zigbee, a wireless networking specification favored for Home Area Networks (HANs).    

Security concerns cover everything from physical access to a meter all the way to the sophisticated types of attacks perpetrated on Internet-connected sites and networks .  Let’s face it, anything can be vulnerable, so it’s a matter of reducing the losses suffered at any point of attack.  Our centralized grid worked very well, but it is the wrong overall network architecture for the bi-directional flow of electricity and information that is the essence of the Smart Grid.  A distributed architecture – one that accommodates distributed generation – minimizes the security risks by spreading generation, transmission, and distribution functions – even down to microgrid proportions.

What are some of the other common software characteristics for Smart Grid solutions in addition to being open and secure?  It should be scalable.  If it is meter software, it should work from hundreds of meters up to millions of meters.  If it is a utility billing or enterprise resource planning type of solution, it has to manage large amounts of data, and filter the meaningful data for that utility’s operations. 

Smart Grid software also has to be flexible with regards to latency of data.  Some applications will require real-time data, while others can take data at times of least network traffic to avoid congestion situations.  For example, the sensors that monitor transmission conditions for lines or equipment need real-time communications back to operations centers.  Electricity usage information from my meter may not need real-time communication capabilities, but might need to be sent more frequently than once a month. 

Smart Grid software solutions also need to incorporate Web design principles where appropriate to offer the most intuitive user portals for sharing information and managing distributed generation arrangements with utilities.    Many of these characteristics will be covered at the upcoming Green Software Unconference on August 19^th in Mountain View, CA.  I hope to see you there!

It’s a tough job – and the Commissioners are asking good questions such as “What should they do to encourage utilities to deploy Smart Grid solutions in absence of firm standards for interoperability and security?”  “What are the benefits that new technologies bring to consumers, and what are the costs to consumers?”  How do they prioritize all the many efforts that can be deployed in the Smart Grid arena to maximize beneficial impacts?  Here are three topics that are getting lots of time in their sessions. 

Smart meters – interoperability

Everyone is concerned about standards for interoperability for meters – ensuring that meters from different manufacturers deliver common data that can be managed by Home Energy Management Systems (HEMS).  Consider the implications of interoperability decisions.  The right decisions mean that consumers get more information and control of their energy consumption at the right price points.  The wrong decisions can mean increased consumer costs for energy and services that are not as information-rich as they could be.  No commission wants to structure regulatory policies that influence utility choices of technologies that are proprietary and unable to connect to the larger regional grid.  Commissioners are careful to want to avoid picking winners and losers in technology solutions, but understand that they need to help utilities make smart decisions that reflect not only the regional interests but national grid interests as well. 

Smart Grid – security

Critical infrastructure – ranging from transmission lines and distribution substations to the internal computer networks and software that manages customer information and billing – is the focus of many discussions about secure protection.  As the Smart Grid will use more networked applications for demand response and energy efficiency programs as well as more automation and optimization of transmission and distribution systems on a greater interconnected scale, it is vitally important that networks are secure and architected to provide layers of authorized access to private virtual networks.  There are a lot of potential threats to overall grid reliability and stability out there, and the public utility commissions and staff are well aware that their policies can have national security implications.

Smart energy devices – registration

The Smart Grid will have smart energy devices – specifically meters and energy storage devices, such as electric vehicles or home batteries.  Some Commission staff members are talking about numbering plans for these devices, because whether these are IP addresses or phone numbers, it entails literally millions of new addresses or numbers to be allocated for their use.  In addition to fixed devices like meters, electric vehicles (EVs) and plug-in hybrid electric vehicles (PHEVs) will also require addresses or phone numbers to support roaming charges – so no matter where your electric car is charging or discharging, the debit or credit is posted to your utility account. 

Fascinating stuff, and there are no easy answers out there.  What are the implications for you, dear readers?  You need to be aware of the decisions that your Public Utility Commissions are making since they can impact your energy bills, and give you a bigger role  and better tools in consuming energy in smart and sustainable ways.  The Commissioners and their staffs want your educated feedback to help them ensure that your regulated utilities are effective and active participants in building the Smart Grid and giving you the energy services you want and need.