Monday, October 3, 2011

Interoperability and Cyber Security

This week I moderated a panel discussion at an ABB sponsored event for utility executives that addressed interoperability and cyber security issues. (Read more on this panel at Greentech Media.)

We planned our event and discussion a few months ago, but the timing coincided with the release of position statements from the GridWise Alliance and its Interoperability and Cyber security Work Group (ICWG). This month, the ICWG completed position statements on both interoperability and cyber security. In addition, the ICWG is currently developing the agenda for a briefing on Capitol Hill that will educate members of Congress and their staff on the work the industry is doing address cyber security issues.

GridWise Alliance Principles for Grid Interoperability
The position statement that provides the GridWise Alliance principles for Grid Interoperability is available here.

Key points from the statement include the comment that “a more interconnected, automated, and information-rich electricity delivery system provides the opportunity to deliver a safer and more reliable interoperation, and to mitigate threats to the grid and electric user’s privacy from accidental and intentional harm…. The Smart Grid Policy Center defines interoperability as ‘the seamless, end-to-end connectivity of hardware and software from end-use devices through the T&D system to the power source, enhancing the coordination of energy flows with real-time information and analysis.’1 The GridWise Alliance believes that with sound planning, thorough design, and coordinated execution, a safe, secure, and reliable smart grid can be achieved.”

Outlined below are the key principles endorsed by the Alliance for interoperability.

1. Promote stakeholder neutrality and utilize non-discriminatory language.
2. Minimize intellectual property encumbrances.
3. Develop standards based on protocols and support formal testing.
4. Incorporate plans for ongoing evolution.
5. Create standards that are cost-effective to implement, enhance, and maintain.

GridWise Alliance Principles for Cyber Security
The position statement that provides the GridWise Alliance principles for Cyber security is available here.

The Cyber security position statement notes that “from smart meters to smart appliances to more intelligent control of distribution, transmission, and generation, an advanced grid offers the potential of improved utilization of all generation and storage resources, increased operational efficiency and reliability, and enhanced opportunity for customers to make choices about energy use…. A more interconnected, automated, and information-rich electricity delivery system also provides the opportunity to deliver a safer and more reliable interoperation, and to mitigate threats to the grid and electric user’s privacy from accidental and intentional harm…. The GridWise Alliance believes that with sound planning, thorough design, and coordinated execution, a safe, secure, and reliable smart grid can be achieved.”

The five key principles endorsed by the Alliance for cyber security are:

1. Involve all stakeholders and take full advantage of and be aligned with existing recognized processes and work.
2. Utilize a comprehensive risk management approach.
3. Provide clarity to all stakeholders.
4. Construct a cyber security framework that is focused specifically for electric grid applications.
5. Create and adopt uniform verification and test procedures for standards and guidelines.

If I go back to my panel discussion again, the two panelists were Paul Molitor from NEMA and Mark Browning from ComEd. We did not issue any position statements on interoperability and cyber security for the smart grid, but Paul and Mark made some great points on the two issues. For interoperability, we discussed the key concepts in the Smart Grid Interoperability Panel (SGIP) process for Testing and Certification:

1. The process is ISO-based
2. Best practices for governance, lab qualification, technical design, and cyber security are incorporated
3. The process defines the roles and responsibilities for the Interoperability Testing & Certification Authority (ITCA)

For cyber security, some of the key learnings and observations included:

1. Clarity of roles and responsibilities is critical
a. Information Technology (IT) vs. Operational Technology (OT)
b. IT vs. Business
c. Vendor Relationships

2. Security design and security support
a. Design security in from the beginning
b. Security designs must be end-to-end
c. Plan for the on-going care and feeding – upgrades, patches, and life cycle investments
d. It is not just about technology – proper controls are a necessity

3. Resources
a. Hiring and retaining qualified security resources
b. Volume of work continues to grow (e.g. NERC CIP, Smart Grid, etc.)

To wrap up, I am not a member of the GridWise Alliance ICWG, but I am a member of the GridWise Alliance Implementation Working Group. We are working on a white paper that addresses the smart grid value proposal which should be released in November. I’ll have some comments on that work when it is released.

2 comments:

  1. Hello guys!
    How I can improve security on this software
    pos-ar.com/
    that I use in my office.
    I need to hear clarity answer and professional recommendation. What is your opinion about this issue?

    ReplyDelete
    Replies
    1. This comment has been removed by the author.

      Delete