WWS 402J: Renewable Energy and the Electric Grid in the US

Professor Harold Feiveson

Security Realities for the Development of the Smart

Grid in the United States
Derek Grego
05/03/2011

This paper represents my own work in accordance with University regulations.

/s/ Derek Grego, 05/03/2011

 Grego 1

Contents
Executive Summary.................................................................................................................................2
Overview and Importance.......................................................................................................................3
Background..............................................................................................................................................4
Smart Grid Defined..............................................................................................................................4
Strengths of the Smart Grid.................................................................................................................5
Weaknesses and Threats.....................................................................................................................6
Findings and Recommendations............................................................................................................13
Information Sharing...........................................................................................................................14
Reserve and Redundancy..................................................................................................................15
Cyber Security....................................................................................................................................16
High Impact, Low Frequency (HILF) Events........................................................................................19
Conclusion.................................................................................................................................................21
Endnotes................................................................................................................................................23
Works Cited…………………………………………………………………………………………………………………………………………..23
 Grego 2

Executive Summary
The implementation of the smart grid raises questions about the security and reliability of

the new system. Everything from physical and cyber attacks, to electromagnetic pulse and solar

storms all pose potentially serious risks to a smart system. Some of these threats are present in

the current system as well and will require collaborative strategies to ensure the security of the

US bulk power system.

The following report outlines the strengths and weaknesses of the current grid and the

potential smart grid. It highlights critical risk areas that could be exploited under a smart grid

system and also analyzes the current grid with respect to these security concerns. It concludes by

outlining key findings and recommendations for the future of the smart grid and the US bulk

power system.

KEY FINDINGS AND RECOMMENDATIONS

- Information Sharing
o Information sharing will be critical across the entities responsible for the electric
grid and should remain a priority.
- Reserve and Redundancy
o Contingency planning for an emergency should include the capability to replace
damaged equipment.
- Cyber Security
o The field of cyber security should be dealt with from every available perspective.
Diplomatic agreements, government coordination, and industry regulation should
all be used to adapt to this quickly changing field.
- High Impact, Low Frequency (HILF) Events
o Industry regulators should remain conscious of possible events with grid wide
implications. Although unlikely, these events will have to be dealt with
separately to ensure the security of the power grid.
 Grego 3

Overview and Importance

The implementation of ‘smart grid’ technologies into the current electric infrastructure in

the United States has significant promise to increase efficiency and reliability but also poses

serious security questions. By Homeland Security Presidential Directive-7, the US electric

system has been identified as a primary concern of all infrastructure systems as a one of North

America’s Critical Infrastructure and Key Resource systems.1 The reliable and constant supply of

electricity is not only vital to maintain the current standard of living in the United States but

almost all industry, infrastructure, information and security entities are modeled with secure

access to electricity as a given. Therefore the need for a secure electric grid contributes to almost

all fields of US domestic policy.

The current grid system, through direct government and industry regulation has been able

to meet many security challenges by virtue of its excess capacity, detailed command systems,

and transmission redundancy. Excess capacity thresholds established and regulated by the North

American Electric Reliability Corporation (NERC)2 ensure that in the event of a failure of a

major generator there is reserve capacity in other generators to meet load demands. .3 Similarly,

the current bulk power system creates a large incentive for excess capacity because as the

demand for electricity varies throughout the day more producers are brought on line to meet the

increased demand at a higher price. Many plants lie dormant until a bulk power price threshold

is reached at which time they begin to sell power. This allows the market to bear significant

excess capacity that can be called upon in an emergency.

1
Homeland Security Presidential Directive-7. Department of Homeland Security. December 13, 2003.
http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm
2
“Reliability Standards” North American Electric Reliability Corporation Website. Accessed 4/28/2011.
http://www.nerc.com/page.php?cid=2|20
3
Ibid.
 Grego 4

Additionally, these communications are monitored and initiated by human controllers at

Regional Transmission Organizations (RTOs). This allows for executive control and support in

crisis management situations as well as prioritization of resources. Lastly, the grid has redundant

transmission and distribution routes built into it in order to incorporate the various producers and

markets. This ensures that the destruction of one line will not lead to compounding blackouts.

The smart grid also has particular strengths that can increase reliability in the current

grid. It has promise to do everything from efficiently distributing electricity in a consumer

conscious manner, to allowing for better energy storage to accommodate renewable energy

sources, to ‘self-healing’ in the event of an outage or attack and providing forensic data analysis

of lapses in reliability.4

All of these elements have great promise to increase reliability and capabilities in a smart

grid system but there are vulnerabilities that would affect the Smart Grid just as much as the

current grid. Electronic components will always be vulnerable to electro-magnetic pulse in either

system. Also, the staff required to oversee and run the grid as well as the facilities themselves are

subject to attack. And lastly, both grids rely heavily on computer monitoring and data

transmission that needs to be protected for the grid to function.

Background
Smart Grid Defined
The Smart Grid is a concept for integrating new technologies into the electric grid. It is

comprised of a number of new innovations from demand-response monitors to improved

diagnostic data analysis and energy storage capabilities. The US Department of Energy (DOE)

and National Energy Technology Laboratory’s Modern Grid Strategy project along with industry

leaders have established seven characteristics and implicit goals of a smart grid.

4
“Smart Grid” Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm
 Grego 5

1. Self-healing from power disturbance events

2. Enabling active participation by consumers in demand response
3. Operating resiliently against physical and cyber attack
4. Providing Power quality for 21st century needs
5. Accommodating all generation and storage options
6. Enabling new products, services, and markets
7. Optimizing assets and operating efficiently5

Taken individually, each of these criteria yields volumes of technical data and implementation

questions. However, taken as a whole they represent a working model of the smart grid. More

directly related to cyber-security is the issue of incorporating computer analysis and digital

communication into smart grid practices. While this is implied in characteristic number seven,

the digital data collection and transmission poses unique strengths and weaknesses that affect

security policy for the smart grid

Strengths of the Smart Grid

In theory, the smart grid will expand upon the current grid monitoring technologies and

use real time data analysis to record and mitigate distribution and outage issues. The mountain of

data produced over time by producers, distributers and individual demand response units could

streamline production and distribution. Also, the smart grids storage technologies could not only

allow for further integration of alternative energy sources such as wind as solar, which rely on

intermittent weather patterns and therefore require storage for large scale viability.6 Lastly, smart

grid technologies have the potential for automation and self-healing processes which could ease

the load on electricity managers and regulators as well as provide a back up emergency

management system in the case of a personnel crisis.

One risk highlighted by the North American Electric Reliability Corporation’s (NERC)

High Impact, Low Frequency (HILF) Study is that of a pandemic, which could drastically inhibit

5
“Smart Grid” Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm
6
Ibid.
 Grego 6

the effectiveness of an actively managed grid.7 Smart grid technologies could replicate some

functions carried out by highly trained individuals in the event of such a personnel emergency.8

Weaknesses and Threats

While various elements of a smart grid system could prove advantageous from a security

perspective, data and decentralized control systems could provide access points for a slew of

cyber attacks ranging from personal data liability to denial of service. However, the Smart Grid

has will still be subject to certain threats that affect the security of the current grid. These

different threat types are outlined below.

Geomagnetic Disturbance (GMD), High Altitude Electro-Magnetic Pulse (HEMP)

The effect s of electromagnetic pulse on electrical systems has been well known and

documented since the early 20th century. However, recent research has revealed new elements

and dangers to particular systems associated with the electric grid. In particular, unprotected

wires in command and control centers which are used for data rather than transmission have been

showed to be vulnerable to electro-magnetic pulse.9 This vulnerability exits in the current the

grid and will likely only be compounded in the Smart Grid with additional monitoring devices in

the system. The nature of the threat detailed below illustrates the potentially devastating effects

of electro-magnetic events on the grid.

7
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.
8
“Smart Grid” US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm
9
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. Pp 61-72.
 Grego 7

Geomagnetic Disturbance (GMD) is caused by solar storms and the associated inflections

in the polarized electromagnetic field of the earth.10 This disturbance creates geomagnetically

Case Study: Quebec 1989

On March 13th, 1989 a severe geomagnetic event took place focusing around Quebec
Canada. At 2:44 AM it caused the shutdown of the entire Quebec grid and the loss of almost
10,000MW of generation. The approximate strength of the storm, measured in nT/min was about
500nT/min and had damaged transformers as far away as New Jersey.
What is most concerning about the 1989 storm was how a majority of the damage occurred
on equipment associated with 735kv transmission grid as opposed to the smaller distribution grid.
The storm created a 15% asymmetry in load on the grid and quickly overloaded transformers before
they could be taken off the grid.

Source: see endnotes

It is theorized that future potential storms could reach a magnitude of up to ten times the
power of the 1989 storm. If this happens large transmission lines could be the primary factor in
collecting and concentrating this energy that has the power to sweep across the grid and shut down
generation and transmission facilities.
i
induced currents (GIC) which are absorbed and concentrated in large scale power systems.11

These currents have the potential to overload transformers and compensators in large scale

electrical systems causing hardware damage and transmission outages.12 Significantly, high

10
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. p. 61
11
Ibid.
12
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. Pp 62-65.
 Grego 8

voltage transmission lines are less resistant proportionately to GIC compared to lower voltage

lines.13 The larger voltages and capacities of these lines also serve to concentrate GIC more

effectively over space and increase the likelihood of transformer overload on the grid.14

Since GMD occurrences are forces of nature and completely unavoidable, protection

efforts in this category should focus on three critical steps; detection, preparation and mitigation,

and recovery/restoration. By detecting geomagnetic storms early enough, some actions could be

taken to prevent a cascading failure of key components of the grid. Solar storms, take mere

minutes to reach the earth however, with training and preparation this could be enough time to

isolate and protect key areas of the grid.15 Next, proper insulation and shielding of critical control

components and facilities should be incorporated to disperse the effects of the storm. And lastly,

any transformer, transmission line, or facility should have reconstruction and replacements plans

and procedures in place to account for loss of grid hardware.

The detonation of a nuclear weapon in high atmosphere, a so-called High Altitude

Electro-Magnetic Pulse (HEMP) is capable of radiating electromagnetic waves similar to those

emitted by GMD. Since HEMP weapons would require advanced nuclear weapon designs and

sophisticated delivery and targeting systems, they could likely be traced to their perpetrator and

their use deterred in the same manner as deterrence more generally. A HEMP weapon would

appear completely infeasible by any non-state group. Also, the actual effects on the greater

electric infrastructure of the US have been debated as different levels of mitigation to GMD

events already are in place. However, while further insulation and shielding standards could

effectively mitigate both GMD and HEMP occurrences, unique policy to the threat of HEMP

13
Ibid. pp 69-73.
14
Ibid.
15
Ibid. p. 19.
Case Study: Tres Amigas – A compound vulnerability Grego 9

The Tres Amigas Superstation is a proposed bridge between the three independent
power grid in the US; the Western, Eastern, and Texas interconnections. The facility would be
constructed near the Texas-New Mexico border and would allow for power transfers across all
three grids.

Source: http://www.tresamigasllc.com/about-overview.php
It would rely on new large capacity transmissions lines linking all three grids in one
location. As illustrated, these large capacity lines can concentrate and transfer geomagnetically
induced current which can knock out transformers and transmission infrastructure. Any project
that calls for these large transmission lines will require a close examination of insulation
techniques to ensure it can withstand feasible amount of GMD. Also, a combined facility such as
this would be an appealing target to a traditional or cyber attack, which merits enhanced security

should be the focus of international policy. A focus on prevention, deterrence, and detection

should effectively deal with the unique threat posed by HEMP.

Coordinated Cyber and Kinetic Attack

Large scale kinetic attack threats have existed as long as production facilities and

transmissions lined have comprised the grid. An effective attack on one or more facilities could

potentially knock out production capacity and transmission reach. Due to the physical

restrictions of electricity distribution, a smart grid would most likely have similar vulnerabilities.
 Grego 10

The same security standards in place today should suffice for the physical security of smart grid

assets. In actuality, a responsive smart grid would by definition be able to respond more

effectively to loss of production or transmission routes than the current system.16However,

vulnerabilities in the information sharing, transmission, and processing inherent in the smart grid

could raise new vulnerabilities. NERC has highlighted eight unique capabilities of cyber attacks

that could potentially be used against a smart grid: Distributed Denial of Service (DDOS) Attack

—attackers flood network resources to render physical systems unavailable or less than fully

responsive for a period of time

1. Rogue devices—an unauthorized device accesses the system, manipulating it or

providing incorrect data to system operators
2. Reconnaissance attacks—probing of a system to provide attackers information on
capabilities, vulnerabilities, and operation
3. Eavesdropping attacks—violations of confidentiality of communication within
network
4. Collateral damage—unplanned side-effects of cyber attacks
5. Unauthorized access attacks—attacks where the adversary exercises a degree of
control over the system and accesses and manipulates assets without authorization
6. Unauthorized use of assets, resources, or information—attack in which assets,
services, or data are manipulated by an authorized user in an unauthorized manner.
This can result in system operators being given inaccurate information from a
“trusted” source, and thereby being misled into making decisions based on this data
that result in impacts to the system
7. Malicious code (Malware)—viruses, worms, and Trojan Horses17

16
“Smart Grid” US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm
17
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. P. 29
 Grego 11

An attack which used a variety of these methods could pose a serious threat. Even a coordinated

Case Study: Stuxnet Vs. The Playstation Network

As discussed, cyber vulnerabilities can take on many forms and many motivations. Two
recent prominent events have highlighted the need for a dynamic cyber security strategy for the
safety of the smart grid.

First, Stuxnet was a computer worm that infiltrated and infected uranium enrichment
facilities in Iran. It targeted Supervisory Control and Data Acquisition (SCADA) used by the
Siemens hardware and resulted in the destruction of centrifuges and large set back to the Iranian
nuclear program.

Second, on April 20, 2011 the private network used by Sony’s Playstation gamers was
hacked by what appears to an individual or small group. This was not a common Denial of
Service attack designed to shut down a system, rather it was a sophisticated infiltration of the
network’s secured information that may have resulted in the leak of user credit card
information, addresses, etc.

These two separate reflect the diversity of the challenges of cyber security. Stuxnet was
state-run operation with clear political aims while the Playstation hack seems to be contributable
to a small motivated group. These both illustrate the diverse types of cyber threats that exist and
stress the importance of a flexible security plan for both the individual consumer and the grid as
a whole.
denial of service attack could potentially create load asymmetries in the grid to disrupt or

interrupt service. 18

The field of cyber security is quickly changing and relatively new. Data heavy industries

such as banking and finance have implemented secure data servers and protocols to ensure

connections. Given the consolidated nature of the grid compared to the spread out and

decentralized structure of these other industries it is likely that the Smart Grid may be able to

secure its data as good as if not better then these other industries.

Personnel Vulnerabilities – Staff and Data

18
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. P. 29
 Grego 12

The last vulnerability posed by smart grid implementation pertains to individuals and

customer data. NERC’s research has focused on the threat of pandemics. However targeted

attacks on personnel have a just as much power to affect to the security of today’s grid as well as

the smart grid. Any shortage of the already limited staffing of electric grid coordinators and

engineers could drastically hinder the effectiveness of the over 1,800 separate entities that make

up the command and distribution wing of the current electric grid.19

Therefore, essential personnel records and strategies should be developed to ensure that

critical individuals are given precedence for evacuations, vaccinations, and emergency

notification as NERC suggests20 but additional physical security, resources, and background

checks should be allocated for people with significant influence in the system to protect them

from potential epidemics, emergencies, or directed threats.

Also, the implementation of the smart grid poses security concerns for the private

consumer as well. Separate from the macro-level grid oriented attacks of denial of service attacks

and like, personal data recorded on the smart grid could be accessed by unauthorized people if it

is not secured properly. It has been theorized that simple demand-response data could also reveal

personal data to criminals pertaining to anything from the time people leave their homes,

schedule a vacation, and pay their bills.

This vulnerability requires that secure communications between demand-response

systems and utility providers become a primary concern of smart grid implementation. Also,

compartmentalization of this data should be utilized to ensure that hole in one small area remains

confined to a limited area and a widespread connection patterns vary in encryption patterns and

purposes. Lastly, isolation of Supervisory Control and Data Acquisition (SCADA) should be

19
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. p. 23.
20
Ibid. pp 46-51.
 Grego 13

isolated from internet servers as much as possible and the possibility of a separate secured

network along the lines of the Departments of Defense’s Secure Internet Protocol Router

Network (SIPRnet) should be considered and investigated for large scale and inter-grid

information transmission.

Findings and Recommendations

If the proper steps are taken, it is fully possible for the smart grid to just as good as or

better than the current grid in dealing with the threats detailed above. As it stands, the present

grid is vulnerable to all the threats covered in this report just as the smart grid would be. The key

areas in which the security of the smart grid differs however is in cyber security for consumers

because the current grid already relies heavily on secure communications to function, and the

further expansion of high capacity transmission lines exemplified by the Tres Amigas project.

Either way, the recommendations listed below would enhance the security of the current grid and

smart grid initiatives.

- Information Sharing
o The US DOE, NERC, and FERC should work with their Canadian counterparts to
ensure a framework for the creation of cooperative research and standards.
o The US DOE and FERC should work with NOAA and NASA to create a grid wide
warning system for geo-magnetic spikes and other atmospheric events in line
with FERC’s recommendation.
- Reserve and Redundancy
o FERC should implement the spare parts database in line with the findings of their
task force.
- Cyber Security
o The US DOE should submit to congress an initiative to commit to an international
definition of cyber attack, crime, and war.
o The US DOE should attempt to target a portion of Smart Grid stimulus grants to
offset security costs in the development of new technology.
o NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.
- High Impact, Low Frequency (HILF) Events
o NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.
 Grego 14

o NERC should direct and oversee the implementation of higher insulation

standards for command and control connections.
o The US DOE should mandate and oversee national contingency training
standards and drills across all essential grid entities.

Information Sharing

The US DOE, NERC, and FERC should work with their Canadian counterparts to
ensure a framework for the creation of cooperative research and standards.
Securing the smart grid will require pooled knowledge and experience from government,

industry, and private technology firms. Therefore it is imperative that the US DOE, its Canadian

counterpart, and industry leaders have a means to cooperate and coordinate on research and

mechanisms for dissemination of critical security information.

Among other benefits of this combined effort superior encryption techniques, enhanced

security software, and better smart meters could be developed by private research firms. The

smart grid will be more dependent on dispersed control elements than the current system,

exacerbating issues of interoperability. The electric industry as a whole will have to establish its

own system of interoperability standards, but government should also play a monitoring role to

ensure the security of the grid. .

The US DOE and FERC should work with NOAA and NASA to create a grid wide
warning system for geo-magnetic spikes and other atmospheric events in line with
FERC’s recommendation.
To respond to major system wide threats such as GMD, HEMP, and combined Kinetic

and Cyber attacks the smart grid will have to rely on fast and accurate detection mechanisms in

order to ensure the protection of as many key components as possible. Rapid dissemination of

changing atmospheric conditions and problem outages could effectively reduce the impact of

natural disasters and malignant threats.21

21
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. pp. 18-19
 Grego 15

Therefore, the US and its Canadian partners should establish a system of information

sharing and dissemination between organizations with pertinent perspectives over threats to the

electric system. Most notably in the US this would encompass the Department of Defense,

Department of Homeland Security, and the Department of Energy concerning domestic kinetic

and cyber threats and National Aeronautics and Space Association (NASA) and National

Oceanic and Atmospheric Administration (NOAA) concerning GMD and HEMP threats.

Given the two governments interconnected grids, similar incentive for cooperation, and

diplomatic ties, it would be beneficial to the security of the entire North American grid to have

both governments and their grid monitoring bodies working together to ensure a rapid system of

information dissemination in the event of an emergency.

Further, interagency alarm systems should be established similar to those in Quebec after

the GMD storm of 198922 to ensure immediate notification and action throughout the entire

affected area that can be triggered from central monitoring agencies (NOAA) to further establish

quick and effective response protocols.

Reserve and Redundancy

FERC should implement the spare parts database in line with the findings of
their task force.
Even if all known strategies of security and risk mitigation are implemented that certain

breakdowns in the grid can and will happen eventually. A catastrophic GMD event will be

impossible to prevent or completely shield the grid from and outages and unscheduled equipment

failures happen even when all due care is taken to prevent them.

It is therefore necessary that critical replacement components are available to deal with

crises in the grid. NERC’s recommendation of reopening the Spare Parts Database which

22
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. pp. 62-65.
 Grego 16

provided grid distributing bodies a central database of all reserve components nationwide23

should be carried out. This would allow a critically damaged area to benefit from the stocks of an

unaffected are in the event of an emergency.

Many of the major components in the grid, transformers, static var compensators, etc.

have replacement times ranging between 1 to 2 years and for many of them there is little or no

capacity for producing them domestically.24 While it may be uneconomical to push for the

opening of new production plants as NERC suggests25 the industry should be pushed to enforce

its own replacement parts threshold as it does for production capacity.26

Cyber Security
The US DOE should submit to congress an initiative to commit to an
international definition of cyber attack, crime, and war.
The field of cyber security is evolving rapidly. With new areas and issues a dialogue is

often needed to standardize discussions and negotiations in order to create transparency and

clarity in diplomatic agreements.

Therefore, the US should take the lead in committing to an international definition of

what constitutes cyber war, a cyber crime, and a cyber attack. This differentiation would aid

policy makers but it would also empower domestic security bodies to deal with each of these

threats in varying degrees of magnitude. Since cyber attacks are difficult to trace and analyze, a

framework for differentiating different cyber threats would give the public and decision makers a

better grasp of different threats.

23
“Spare Parts Database Task Force.” North American Reliability Corporation Website. Accessed 4/20/2011.
http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf
24
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. p. 98
25
Ibid.
26
Ibid.
 Grego 17

For example, a cyber crime would likely deal with personal information loss or

demographic data. A cyber attack would possibly be a worm or virus attack at a specific plant.

And lastly, cyber war would be a coordinated attack against grid level systems at such a

magnitude that it would have needed the support of a country or state government. (See Stuxnet

vs. Playstation Network)2728

 NERC should oversee the compartmentalization of information collection and

access and form an exploratory task force on the feasibility of implementing a secure SIPRNET
type network for the smart grid.
The smart grid places significant emphasis on information sharing and feedback.

However, from a security perspective this means that breach in security at the lowest level

(home, business, etc.) could potentially spread to the entire system.

It is therefore necessary that standards are created to compartmentalize the data screen

and encrypt it differently at every level to ensure that data remains secures. Essentially, this

means data sent from a home would first be collected on a municipal level, encrypted and send to

a higher county wide collection point or substation, and then encrypted again for the next level

up and so on.

Encryption is almost a ubiquitous process in the internet age. Everything from email to

online purchases is protected through various encryption techniques. However, different

practices layered on top of each other have the potential for miscommunication and overlap.

Therefore, the coordinating bodies of the North American electric grid and the US and Canadian

governments should investigate different information collection techniques for smart grid

implementation and evaluate them with security of information as a main concern.

27
Robert McMillan (16 September 2010). "Siemens: Stuxnet worm hit industrial systems". Computerworld.
Accessed 4/24/2011/.
http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_industrial_systems?
taxonomyName=Network+Security&taxonomyId=142
28
Thomas, Keir. “Sony Makes it Official: Playstation Network Got Hacked.” PC World. 4/23/2011. Accessed
5/1/2011. http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_network_hacked.html
 Grego 18

Also, isolation of Supervisory Control and Data Acquisition (SCADA) should be isolated

from internet servers as much as possible and the possibility of a separate secured network along

the lines of the Departments of Defense’s Secure Internet Protocol Router Network (SIPRnet)

should be considered and investigated for large scale and inter-grid information transmission.

The US DOE should attempt to target a portion of Smart Grid stimulus grants to
offset security costs in the development of new technology.
Much of smart grid implementation is based on efficiency and cost-effectiveness. These

new technologies are competing with old ones to show that over the long run, an investment in

the smart grid technologies will pay off for individuals and governments alike. However, this

cost restraint has led to a reduction in research and development of security measures in smart

grid technologies in an attempt to minimize overall costs.29

Effectively, the elements that make smart grid technologies so appealing (information

sharing, real time feedback, etc.) have also posed security risks whose mitigation requires

additional security measures as opposed to their predecessors.

Because smart grid technologies with substandard security measures are already on the

market, the US government should mandate information security standards on all electric grid

products and should allocate a portion of the current smart grid subsidies to offsetting the

research and development costs of producers of smart grid technologies in order to ensure they

are safe and competitive at the same time. This would ensure that new smart grid products, like

various smart meters, would meet the highest level of security needed without inflating the costs

to the point at which they become inhibitive.

NERC should work with industry leaders to create a best practices forum for the
purpose of pooling collected knowledge on massive data encryption.

29
Hathaway, Melissa. “Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure.” Scientific
American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com/article.cfm?id=power-hackers
 Grego 19

The smart grid will rely on millions of data transfers everyday to function the way it has

promised to. Each one can be potentially used against the grid or its customers by malignant

actors. However, hope lies in the fact that other industries have incorporated data exchange

systems just as active while still remaining secure.

The current banking and securities exchange systems in the US transmits mountains of

data, both numerical and personal across different entities and businesses everyday with

relatively few incidents of electronic breaches in security.30 The same security measures that

have worked for years for banks could also work for the smart grid.

The US DOE should work with electric industry leaders and the leaders of industries

which have already implemented significant data transfer systems to facilitate discussion,

cooperation, and dissemination of best practices between industry leaders to ensure that the

transfer of data over the smart grid is as secure as the transfer of data between people’s bank

accounts.

High Impact, Low Frequency (HILF) Events

The US DOE and NERC should devise a plan for grid automation in the event of
a national emergency.
HILF events pose a system wide threat to the grid. Both the current grid and a future

smart grid will be somewhat vulnerable to unlikely but possible events that would require grid

wide mitigation strategies. This makes funding an issue for countermeasures to HILF events

important because these events can never be completely prevented or mitigated.

One such event is a pandemic in which functioning populations would be sharply

decreased affecting the numbers of engineers experienced enough to run the system. . The smart

30
“Cyber Security for the Banking and Finance Sector.” Wiley Handbook of Science and Technology for Homeland
Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.
http://www.fsround.org/hyperlink/hhs460.pdf
 Grego 20

grid could drastically reduce the risk associated with this shortage through levels of automation

and computer control of the grid system.

The US DOE should ensure that all automated functions of the smart grid have manual

oversight and override functions. But in an emergency situation when the managers of these

systems become compromised, the US DOE should ensure that there are automated measures in

place to keep the grid running effectively with limited personnel.

NERC should direct and oversee the implementation of higher insulation

standards for command and control connections.
Another major risk to the grid system is induced current along power lines from a GMD

or HEMP event. NERC research has shown that major transmission and distribution lines are

effectively resistant to induced current.31 However, many common components used in command

and control centers such as computer and control board wiring do not have the shielding and

protection found in transmission lines32

The smart grid compounds this issue because the command and control functions would

be expanded to include data centers and more advanced smart monitoring systems. Now an

induced current would have a much greater effect on these more diverse systems simply through

higher exposure of data centers and networks.

The US DOE and industry leaders should examine the shielding methods used across the

industry for current command and control centers as well as developing smart grid technologies

in order to ensure that critical components could survive or could be quickly repaired or replaced

in the event of an induced current scenario.

The US DOE should mandate and oversee national contingency training

standards and drills across all essential grid entities.

31
“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. pp. 61-73
32
Ibid. pp. 79-93
 Grego 21

Possibly the most critical element of HILF preparation will be universal contingency

training on a grid wide scale. It is unlikely that a HILF event will only affect one regional

transmission organization or a handful of producers. HILF events will produce large regional,

trans-regional, or grid wide effects that cannot be mitigated by one operating entity.

Therefore the US DOE should mandate grid wide contingency planning and emergency

drills that incorporate every level from production, transmission, and distribution. These drills

should occur on a yearly basis and proper contingency instructions should be distributed to all

concerned entities.

As the smart grid continues to develop these drills will become ever more important to

test and assess the capabilities of the ‘self-healing’ smart grid. They could be effectively used to

determine the best products and practices moving forward and could supply important data about

the resiliency of the grid.

Conclusion
The implementation of the smart grid has significant potential to increase the efficiency

and security of the electric grid in the United States. However, if done improperly or hastily this

transition could leave the US electric grid more vulnerable to cyber infiltration, physical attack,

and disruptions due to natural phenomena.

The findings and recommendations outlined above will only serve to alleviate some of

the concerns regarding the smart grid and are by no measure an exhaustive or authoritative list.

Rather, in such a rapidly changing field constant reevaluation and adjustment will have to be

made frequently to ensure the grid remains reliable. .

 Grego 22

By focusing on four critical areas of policy, information sharing, reserve and redundancy,

cyber security, and the possibility of HILF events, the US government and key decision makers

will be better equipped to deal with policy and public concern over the smart grid.

Most Americans will be blind to the changes made in the smart grid as well they should.

The current system has supplied reliable electricity to homes and businesses for almost a century.

The success of the current grid raises the expectations and narrows the acceptance of growing

pains of the smart grid system. However, to move effectively into the new era of energy

management security and reliability must remain a focus of the electric sector.
 Grego 23

Endnotes
i
1). Quebec 1989 case study cited from: “High-Impact, Low Frequency Event Risk to the North American Bulk
Power System” North American Electric Reliability Corporation. pp. 61-73

Photo from: http://www.google.com/imgres?

imgurl=http://c2h2.ifa.hawaii.edu/images/outreach/spaceweather/quebec_superstorm.gif&imgrefurl=http://c
2h2.ifa.hawaii.edu/Pages/Education/space_weather_geomagnetic.php&usg=__PrqU5IRFtFeT4BJ2i-
JN9tsJYaA=&h=449&w=63 2&sz=33&hl=en&start=0&sig2=EZ3SGBwmyROzqd54jF86UQ&
zoom=1&tbnid=Ib4IaDQTLDww-M:&tbnh=117&tbnw=164&ei=seO_TbrLC8eatwfL8 5i_BQ&prev=/search%3 Fq
%3Dmetatech%2Bquebec%2B1989%26um%3D1%26hl%3Den%26sa%3DN%26biw%3D1280%26bih
%3D685%26tbm
%3Disch&um=1&itbs=1&iact=hc&vpx=125&vpy=93&dur=330&hovh=117&hovw=164&tx=187&ty=67&page=1
&ndsp=24&ved=1t:429,r:0,s:0

2) Tres Amigas Case Study cited from: “Overview of Tres Amigas.” Tres Amigas LLC website.
http://www.tresamigasllc.com/about-overview.php. Accessed 5/2/2011.

3) Stuxnet and Playstation Case study cited from:

McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010. Accessed
4/24/2011/. http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_
industrial_systems?taxonomyName=Network+Security&taxonomyId=142

Thomas, Keir. “Sony Makes it Official: Playstation Network Got Hacked.” PC World. 4/23/2011. Accessed
5/1/2011. http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_network_hacked.html

Works Cited

“Cyber Security for the Banking and Finance Sector.” Wiley Handbook of Science and Technology for Homeland
Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.
http://www.fsround.org/hyperlink/hhs460.pdf

Hathaway, Melissa. “Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure.” Scientific
American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com /article.cfm?id=power-hackers

“High-Impact, Low Frequency Event Risk to the North American Bulk Power System” North American Electric
Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.

Homeland Security Presidential Directive-7. Department of Homeland Security. December 13, 2003.
http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm

McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010. Accessed
4/24/2011/. http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_
hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142
“Reliability Standards” North American Electric Reliability Corporation Website. Accessed 4/28/2011.
http://www.nerc.com/page.php?cid=2|20

“Smart Grid” Department of Energy Website Accessed 4/30/2011. http://www.oe.energy. gov/ smartgrid.htm

“Spare Parts Database Task Force.” North American Reliability Corporation Website. Accessd 4/20/2011.
http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf

Thomas, Keir. “Sony Makes it Official: Playstation Network Got Hacked.” PC World. 4/23/2011. Accessed
5/1/2011. http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_net
work_hacked.html