Archive for the ‘SMART GRID’ Category

High Impact, Low Frequency Risks to the NA Power Grid

June 9, 2010 Leave a comment

NERC issued a report that speaks about the challenges posed by ‘High Impact, Low Frequency Risks’ on the Power Grid.

Although the report is not exclusive to cyber attacks, I will try and highlight the areas of interest to people like me, cyber security fanatics.

Attack Window

Attack Window

Snippet from page 10/11

The risk of a coordinated cyber, physical, or blended attack against the North American bulk power system has become more acute over the past 15 years as digital communicating equipment has introduced cyber vulnerability to the system, and resource optimization trends have allowed some inherent physical redundancy within the system to be reduced. The specific concern with respect to these threats is the targeting of multiple key nodes on the system that, if damaged, destroyed, or interrupted in a coordinated fashion, could bring the system outside the protection provided by traditional planning and operating criteria. Such an attack would behave very differently than traditional risks to the system in that an intelligent attacker could mount an adaptive attack that would manipulate assets and potentially provide misleading information to system operators attempting to address the issue.

it also adds:

While no such attack has occurred on the bulk power system to date, the electric sector has taken important steps toward mitigating these issues with the development of NERC’s Critical Infrastructure Protection standards5, the standing
Critical Infrastructure Protection Committee6, and a myriad of other efforts. More comprehensive work is needed, however, to realize the vision of a secure grid. Better technology solutions for the cyber portion of the threat should be developed, with specific focus on forensic tools and network architectures to support graceful system degradation that would allow operators to “fly with fewer controls.” Component and system design criteria should also be reevaluated with respect to these threats and an eye toward designing for survivability. Prioritization of key assets for protection will be a critical component of a successful mitigation approach.

The report reflects a significant shift in industry specific standards by referencing active security monitoring, security intelligence and specially designed forensics tools.

You can download a copy of the (120 pages) report here



Power Grid – Interactive Simulation

March 28, 2010 Leave a comment

Power engineering experts and educators from the Office for Mathematics, Science, and Technology Education (MSTE) and the Information Trust Institute (ITI) have developed these interactive lessons for the NSF, DOE, and DHS funded Trustworthy Cyber Infrastructure for the Power grid (TCIP) project to help teachers and students learn about the system that delivers electricity and the challenges for the future.

This interactive model can help non-techies in understanding the power grid and how Supply Vs Demand works.

You can interact by increasing or decreasing supply from a certain generator or increase the consumption of a residential town and see how this affects the entire system.

The Energy Grid interactive lessons

Power Grid Sims

Power Grid Sims

IEEE Launch a portal on SMART GRIDs

January 19, 2010 Leave a comment

On the IEEE Smart Grid Web portal all IEEE activities and assets converge into a single place where users can explore and understand all the different and particular aspects of the Smart Grid.

The portal also features a (buy online) option for more than 100 IEEE smart grid related standards, including those called out in the NIST Smart Grid Interoperability Standards Framework.

The portal is also offering an online registration process for stakeholders to become involved in the technical and public policy aspects of the smart grid and renewable energy as voluntary resources.

You can sign-up here

Categories: SMART GRID Tags: ,

Are Critical Infrastructure Cyber Attacks Really on the Rise ?

December 24, 2009 Leave a comment

Recently many argued whether Cyber-attacks against Critical Infrastructures are real and dramatically on the rise, as the media would like us to think. (The recent Brazil’s Power Outage made headlines around the world).

Others confidently backed this Cyber-attacks downplay assumption by their statistical perception of a recent report by the Repository of Industrial security Incidents (RISI), RISI which keep track of “reported/verified” security incidents in the USA since 1982, recently stated that the incidents count has reached 164 in 2009. That’s basically an average of 6 incidents per year.

And then they asked a question.

If the US recorded 8 or 9 incidents next year, can we confidently say that the Cyber Attacks rate is dramatically on the rise, and that we should be really worried?

The answer is simple, I agree that in most countries there isn’t enough data (on a national level) at hand to confidently confirm or deny anything.

While I personally believe that the rate of Cyber-attacks against Critical Infrastructures “World Wide” is definitely rising, simply because of the improved Means and Motives. (Its easier and more rewarding today than 5 years ago).

I feel that when we talk critical infrastructure we often overlook that our world is now more interlinked and interdependent than it ever was. So even in the imaginary case of Zero incidents taking place in the USA as an example, this doesn’t mean that everything is ok and that the ultimate goal of Critical Infrastructure Protection is served. Right now I can name a company in North Africa that’s providing Paris with 30% of its total daily natural gas consumption. And another company in the Persian Gulf that’s providing the UK with +20 % of its daily natural gas needs. “Not to mention Aramco’s crude oil exports to the US ad Japan”.

Who can argue that a Cyber-attack on any of the examples above is less important and ultimately less effective compared to an attack on a French or UK based plant.

I believe that when thinking about Critical Infrastructures and judging whether attack rates are on the rise or declining it’s only wise to aggregate global statistics to get the true picture of the threat on the ground because in many ways this ecosystem works similar to the modern financial world. And focusing only on local statistics will often give a false feeling of security.

As an example, In the last Brazilian black out Every one seemed to neglect the fact that while two major Brazilian cities suffered, the entire country of Paraguay plunged into darkness. Does Paraguay’s Cyber-attacks clean sheet mean anything here?

I can also see this occurring in the entwined electrical grid of many EU countries and between several former Soviet Union countries.

Another example that comes to my mind comes from the communication sector, back in 2007 when on two separate occasions (one of them few days before the 2007 Gaza strip war) there was a major Internet blackout across the Middle East after targeting the region’s 3 main Internet Sub Marine fiber cables (although several hundred miles apart), this incident didn’t only affect the region but had cascading effect that reached up to the shores of India costing the country’s IT outsourcing economy millions of dollars in lost bandwidth. Was there an Attack on Indian critical infrastructure ?…No , did India suffer ?…Yes.

This is a global threat/issue and should always be treated as such. localized statistics while important are only part of the big picture.

Sub Marine Internet Cables

Sub Marine Internet Cables

(End to End) Smart Grid Leading Players by Market Segment

November 2, 2009 Leave a comment

SMART Grid Big Guns


The FACT that about 18 companies from the IT industry (Including: Google,Microsoft,IBM,CISCO,SAP,HP,Oracle and Intel) show up there mean that the competition is really heating up for the 3.4B $ stimulus/Appetizer package and that we are in for a whole new genre of vulnerability bulletins.

Source: GreenTechMedia

Categories: SMART GRID Tags:

Smart Grid & Privacy

October 11, 2009 Leave a comment

Another MSNBC article Talking about how the avalanche of data expected to be generated by consumer smart homes can be used knowingly or unknowingly to reconstruct your daily/private life.

Utility companies, by gathering hundreds of billions of data points about us, could reconstruct much of our daily lives — when we wake up, when we go home, when we go on vacation, perhaps even when we draw a hot bath. They might sell this information to marketing companies — perhaps a travel agency will send brochures right when the family vacation is about to arrive. Law enforcement officials might use this information against us (“Where were you last night? Home watching TV? That’s not what the power company says … ”). Divorce lawyers could subpoena the data (“You say you’re a good parent, but your children are forced to sleep in 61-degree rooms. For shame …”). A credit bureau or insurance company could penalize you because your energy use patterns are similar to those of other troublesome consumers. Or criminals could spy the data, then plan home burglaries with fine-tuned accuracy.

The Full article can be read HERE

Smart Grid Companies are asking for a Dedicated Wireless Spectrum

September 1, 2009 Leave a comment

In a recent FCC workshop several utility companies lead by AEP (American Electric Power) brought up “Again” the idea of having the government allocate a certain wireless spectrum (calls for following the Canadian footsteps of allocating the 30 MHz ranges ) specifically for utilities to use for smart grid purposes. This would mean either restricting that spectrum to a few select groups, or making it completely off limits for other types of companies and organizations working on things other than smart grid technology.

The workshop agenda posted some other important questions like:

-What are the pros and cons of the various types of networks?
-How much bandwidth is needed to support Smart Grid communications? Do current networks meet these needs?

More on the topic

    Comments: Going through several presentations from the workshop I want to highlight the following:

– Its clear that telco giants like AT&T are leading a band advocating for using the public wireless network for the Smartgrid describing the wireless public network as “secure” and “reliable” , with one of the presentations saying that “Adding all possible meters in the United States = %0.0002 increase in AT&T network traffic”. ( which might be true and more cost efficient than other alternatives but it sure sounds like putting all the eggs in one basket.)

AEP’s Position on Dedicated wireless:
– Needed to support the growing voice and data needs for existing SCADA, voice dispatch, AVL, and mobile data applications for the field workforce “So news like Energy Utility laptop stolen will now have a whole different and scary meaning

-Needed to support the new and expanding “Smart Grid” data needs of AMI, and DA

-Dedicated spectrum is much less likely to receive interference and has a remedy procedure if interference is experienced

-Dedicated, licensed spectrum would likely allow for higher transmitter power, reducing the amount of infrastructure required to serve a given area, when compared to unlicensed solutions

-Harmonized with the Canadian grant of 30 MHz at 1.8 GHz

-Common spectrum allocation with Canada supports economies of scale for equipment and service providers lowering overall cost of ownership to utilities and ultimately lower rates to rate payers

-Quicker time to have equipment available since manufacturers will be making equipment for Canadian utilities “ummmm

-The allocation of 30 MHz will support many utility critical infrastructure systems. (AMI, DA, SCADA, Voice Dispatch, Mobile
Data, and AVL)