Special Analysis: February 17, 2010. © 2010 ISSA Indo-Pacific Pty. Ltd.

The Future of Electricity Grid Security: Threatening Clouds on the Horizon?

Analysis. By Andrew Pickford and Yasmine Yakushova.

“This world — cyberspace — is a world that we depend on every single day... It’s the broadband networks beneath us and the wireless signals around us... and the massive grids that power our nation... Yet we know that cyber intruders have probed our electrical grid and that in other countries cyber attacks have plunged entire cities into darkness... Protecting this infrastructure will be a national security priority.”

– Remarks by US President Barack Obama, Securing our Nation’s Cyber Security, The White House, May 29, 2009.

Executive Summary

· Electricity networks are changing at a fast rate due to a convergence of technologies and trends, most significantly with the advent of cheap “cloud computing”.

· The commercial rollout of smart grids and integration of communication systems with traditional electricity grids is emerging as a critical area of cyber security, with benefits from greater efficiency driving the agenda, as opposed to security protocols.

· Consumer preferences, driven by new technologies and market frameworks, will largely determine the functions, usage patterns and appliance options of smart grid applications, which will, in turn, define security parameters.

· The electricity grid threat matrix will evolve over the next decade, with physical security now very important and software security becoming increasingly critical.

Convergence of Technologies and Trends

Whereas, in the past, electricity grids, telecommunication networks and software have been largely separate, they are now converging at a very fast rate. Innovation in these technologies would be more rapid, but for the existing monopoly market structures present in many Western nations which exist alongside regulatory systems that seek a set, stable rate of return for an asset based on linear views of technological change. For instance, technological advances envisaged by Google and General Electric in the US, capable of modernising grid systems into intelligent, self-healing and automated computer controlled networks which could seamlessly integrate renewable power generation and two-way information flows, have the potential to make electricity usage highly more efficient. However, these advancements face resistance from utilities, profiting from shifting huge quantities of electricity through generation, transmission and distribution.¹ Without significant interest or investment from the traditional electricity sector, such fossilised market structures continue to impinge on the revolutionising of the grid.

Nations with old grid and generation legacy systems, largely static market structures and lethargic regulatory systems, limit:

· The deployment of smart meters² and a truly smart grid³;

· Electricity being able to be sold in novel bundles, such as how mobile phones are now traded; and

· The potential for the grid to be able to disaggregate into smaller, more resilient (and self-sufficient) cells.⁴

While the post-World War II model of electricity systems has remained dominant for a number of decades, a number of simultaneous pressures are changing technological options and business models. This will see the fundamental nature of the grid change, while for the general public there will not be a radical change in the physical appearance of what are viewed as simply “poles and wires”. Similar changes have occurred in the telecommunications sector with consumer driven preferences driving mobile and new data delivery methods. Existing telecommunications infrastructure — while still useful and indeed critical — now competes with technologies not dreamt of when the first phone lines were laid. A similar transformation will occur in the electricity grid during the 2010s. Some of the key trends impacting on the electricity grid include:

1) Cloud computing⁵: While the introduction in the 1980s of computer systems and IT systems, and then dot.com applications of the 1990s were important, in the 2010s, as the cloud computing⁶ revolution matures, the impact will be far greater. In many ways, cloud computing and the unleashing of collective micro-processor power, almost infinite storage options and reduced reliance on physical assets with highly mobile data are ready-made to facilitate what may be referred to as a smart grid. This will allow for much more efficient system and customer management of electricity.

2) Grid Software: Innovations in electrical grid software are increasingly directed towards facilitating the development of systems which enable more efficient and reliable power distribution. As communication and remote management technologies improve, so does the ability for software programs which optimise efficiency, security or pricing options depending on the aims of the user, system manager and the utility. Such software can have major disruptive impacts on how consumers use a service. For example, Google altered how most people use and access the Internet. As the cost of electricity increases, the economic incentives to implement grid software, which is increasingly sophisticated, will increase, as will the effort around design, programming, maintenance and monitoring of the software.

3) Grid Innovation in Developing Nations: In nations where there is not a pre-existing grid and associated electrical engineering culture, the innovation and use of GPS, distributed generation and IT applications has seen so-called developing nations now at the cutting edge of electricity management and grids. With this trend, and shift of the manufacturing of electricity grid assets to places such as China and India, Western nations could soon become importers of grid technologies and its components, as there is little benefit from industry incumbency and few entry costs for new competitors.

4) Realistic Mini-Generation Options: For the first time, cost-effective mini-generation options will reverse the expansion of the grid, based simply on economics. An example of a new type of generator is a small nuclear reactor which meets market requirements, as opposed to military needs. This Toshiba model, with output of 10,000 kilowatts, is presently going through the approval process by the US regulatory board as early as the North American Autumn of 2010 to introduce this plant to market.⁷ Should this Toshiba 10 megawatt plant become an off-the-shelf, commercial option, it could become a very attractive option for isolated communities and remote mining operations. Once increasingly expensive transmission options are considered as an alternative, this could actually accelerate the disconnection from larger grids and (along with storage options) facilitate more micro-grids.

5) Storage Options: Advancements in a variety of stationary and aggregated plug-in hybrid electric vehicle (PHEV) batteries could soon enable electricity to be captured, stored in greater quantity and returned to the grid at critical times, improving grid reliability and efficiency. Some stationary battery models already being installed (such as Japan’s NGK Insulators Ltd.’s sodium-sulphur NAS batteries⁸) have the capacity to stabilize the grid during peak hours or power disruptions. Bulk storage devices⁹ which can improve the utilisation of intermittent generation sources are also gaining momentum. Integration into the grid of PHEV batteries able to assist in increasing local grid electricity storage will be somewhat tied into developing cheaper and more durable lithium-ion battery technologies or replacements, as well as consumer choice in, and uptake of, electric cars. As widespread rollout of electricity storage will be positioned in the context of lowering production costs for both stationary and PHEV batteries, as well as adapting market regulation to facilitate the entry of non-generation assets into the grid, large-scale installations may initially be inconsistent and limited, but in time could facilitate disaggregation of the grid.

6) Electric Cars: Much of the discussion around electric cars has to do with carbon benefits and greater energy independence. However, the key area in which the electric car may have an impact is forcing radical changes to electricity use, storage and consumption. While the standards for electric cars batteries, grid connection and charging protocols remain unclear, the potential for a smart meter in a car interfacing with the grid could produce profound consequences. Where there are fluid electricity markets, charging at variable time of use fees, actions by consumers using their electric cars (and in time old batteries) to reduce exposure to high electricity tariffs will produce major challenges to the existing system. The possibility of electric cars smart charging through the grid¹⁰, even potentially supplying power, could facilitate integration of consumer-owned storage and generation assets with the grid. Providing that policy makers do not look for the next “silver bullet” and restrict a potentially wide-ranging future electric car market, they could play an integral role in the realisation of smart grids.¹¹ However, if the deployment of electric cars continues to accelerate past software security, this could have significant bearing on the network by increasing entry points for hostile action on critical infrastructure.

Smart Grids and Communication Integration

With the evolving amalgamation of IT and communications technologies with the grid, electricity markets are beginning to shift in reaction which will precipitate unchartered impacts back onto the grid. Business models, integrating software expertise and grid applications, that seek to hasten grid modernisation, may increase. For instance, to maximise efficiency of its own power consumption, Google has applied for a wholesale electricity trading license which could, if granted, disrupt current US utility dominance. Whether this eventuates and accelerates smarter energy platforms’ incorporation into the national network remains to be seen, although it could significantly affect market structures regarding grid innovation.

An example of the impact of the above trends can be seen with recent developments of Xcel Energy, a US electricity and gas utility located in the mid-west. Xcel Energy has led plans to transform Boulder, Colorado, into the US’ first Smart Grid City and create a series of micro-grids based around localised generation points.¹² Xcel Energy’s deployment of GridPoint’s smart grid software has facilitated the assimilation of smart grid technologies, such as smart meters and entry points for PHEVs, and enabled web-based energy control hosted through virtual cloud services. As communication software, cloud computing, web-based data connections and consumer control form a point of confluence, this brings into question at what pace and point of success will similar network models follow?

Consumer Preferences and New Market Frameworks

There is a great deal of speculation about new technologies redefining societal habits, especially in the use and consumption of electricity, transport and communication technologies. Two main themes emerge from a review of earlier periods of innovation:

· Consumers will use new products how they want to as opposed to how engineers expect them to. When a new product is invented, commercialised and released, much of the scientific and technological community apply a very mechanical filter in terms of how it should be used. Consumers, guided by belief systems, peer groups and human emotions will often employ new products in vastly different ways to which they were intended. It is for this reason why a review of the earlier commentaries on forecast car use appears amusing. The industry leaders and engineers of the day applied what they would view as a rational, common sense approach to the “horseless buggy”, but people decided on their own preferences, usage patterns and ownership modalities. The same was true with mobile phones, as it will be with electric cars, community and household electricity storage devices, and, in time, flexible electricity contracts delivered through smart grids. Any forecasting of the future use of technologies will generally be a transposition of contemporary prejudices and biases as applied to new technologies.

· Historical market and regulatory frameworks will determine initial usage patterns of a new product, however, over time, consumer preferences will dictate the shape of both. When a new product is introduced to the market, it is often done by entrepreneurs. While innovative, these individuals and start ups do not have the resources or political lobbying power to change market settings or regulatory processes. They will simply fill a need and allow consumers to shift to a product which better serves their need than an existing product. As this product begins to be adopted by the wider community, it will force a change in market structure and also force regulators to play catch up. The transition from mobile phones being a niche product to one that is now displacing fixed line phones is a case in point of changing the market and regulatory frameworks.

In terms of electricity delivered to consumers, currently done via the grid, it is quite probable that we are entering a phase where people will start using new products, such as electric cars and smart meters, in ways different to how their inventors expect. This will initially be done through traditional market frameworks and also under very traditional regulatory settings. As the new products reach a tipping point in terms of adoption, under what will become a newly defined consumer usage preference, major market and regulatory changes will occur.

In the case of electricity, the potential of real time, cost reflective pricing¹³, made possible by successively cheaper smart meters and utilities seeking to improve profitability by smoothing demand curves and optimising expensive capital assets, is now a reality. Once cost reflective pricing is introduced, and becomes accepted, it will generate a wide range of radical, but very practical applications for consumers, such as home generation, storage and offset options.¹⁴ This will be like the difference between the original dot.com revolution and what is widely referred to as Web 2.0.¹⁵ The dot.com boom bought great hype, but did not necessary fundamentally change how business was conducted. That was the late 1990s and early 2000s. By the mid to late 2000s, the internet technologies were refined, consumers had started using them in ways they were comfortable and market structures and business models¹⁶ were redefined, hence Web 2.0.

Electricity usage and consumption patterns are at a stage akin to the dot.com boom. While there are many “revolutionary new products” they are simply fitting into existing market frameworks and there is no real fundamental change. However, closer to 2020, we will see a transformation in the electricity sector similar to Web 2.0.

Smart meters, storage devices (such as electric cars), micro-generation and, importantly novel consumer contracts — for example linking electric car purchase to an electricity contract — will be rolled out in a way which fills consumer needs and is no longer defined by outdated market structures and even more outdated regulatory settings.

What does this mean? Firstly, as with the early stage of the dot.com boom, there will be a frenzy of being at the crest of the wave of this “paradigm shift”. A number of platforms and products will compete to define standards and sustainable business models, and some governments will “back the wrong horse” in pushing a particular technology, or define a system which locks a society into a particular, and ultimately unsuccessful, standard. Western nations will be constrained due to extensive (and old) electricity infrastructure. This will limit radical immediate options; although some climate change advocates wish to impose significant transformations to the system, despite the large costs. In the now developing nations, where societies are enthusiastically embracing Western middle class lifestyles, a clean sheet approach will see significant innovation and novel approaches to electricity provision. During this period, the markets for physical electricity infrastructure assets, and, over time, electricity software, will be focused on developing nations, with the prospect of say Delhi or Beijing, by the mid-2020s, being more influential in electricity standards than North America or Europe is today. The People’s Republic of China is already becoming central to new High Voltage Alternating Current technologies.¹⁷ While this may seem a lower order security issue, it raises significant challenges, especially as the threat matrix evolves.

An Evolving Security Matrix

The analysis in this paper points to fundamental changes to the electricity grid around the year 2020. The current transition and introduction of new products points to superficial change, which gets confused as a substantial departure from the past. This acceleration of the deployment of new systems will see the grid move in ways unexpected, even to the point where it may no longer be required in locations. The example most frequently used during this paper is telecommunications. The question is then, what will the grid security matrix look like and how will it change over time?

While the smart grid may reach its highest level of rollout around 2020, it will be this following decade, the 2020s, when the system and market finds an equilibrium in terms of new settings. As this occurs, the business model will become commoditised and the software driving the interconnected, but independent, micro-grids will become the key focus. In this scenario, the New England blackouts of 2003¹⁸ caused by a tree falling on a key transmission line, would only result in a minor, localised disruption, whereas a cyber attack could shutdown a nation’s grid and subsidiary micro-grids.

The emphasis of software grid security risks may accelerate more than forecast, especially if there is a dominant provider, such as Microsoft is to PCs. The vulnerability to faults and weaknesses could potentially reach a continental or global level. In this case, the evolution of grid software, and grid software providers, should be closely monitored and consideration given to control over software code and ownership modalities.

The other security question is what company or companies will build, update and monitor the smart grid, smart meters and, highlighted above, the software. We are now at a point where many of these technologies are already being deployed without necessary attention given to improving security against hostile infiltration. For example, the use of SCADA¹⁹ (supervisory control and data acquisition), where connecting the Internet and localized networks, can increase the potential for external access and electronic attacks.

Societies need to be very conscious of the fact that there is a very real escalation of security risk when going for smart grids and metering, despite the obvious boost to energy efficiency. However, this is not being discussed. The Russia and Estonia mock cyber attack and grid vulnerability are only now being discussed together. The most public review of this was a much quoted, but rather simplistic article in the Wall Street Journal, titled: “Electricity Grid in US Penetrated By Spies”.²⁰ Like this article, and subsequent commentary, much of the analysis on future grid security suffers from:

· An overwhelming focus on technological options and not consumer preferences;

· Limited understanding by security analysts of how grid and electricity systems actually work;

· The distortion of the energy debate by renewable energy enthusiasts who have little interest in economics, system stability or security issues;

· A shortage of technologically savvy, skilled analysts which understand electricity systems and security issues that are not confined to trying to find a Cold War framework where it does not exist; and

· An overwhelming focus by many security analysts on what is termed, non-traditional state actors, which use 9/11 as a reference point for the 2010s and 2020s²¹, often ignoring the emerging threat matrix and new, hybridising actors.

By avoiding these pitfalls in analysis, and using an evolving grid security matrix, analysts, utility and government officials can understand the challenges ahead, without viewing the future through rose coloured glasses or in overly optimistic terms. To help with this process, engaging psychologists in understanding consumer behaviour trends will be as critical as talking with electrical engineers about “the next big thing”. Importantly, the consumer and economic benefits of the rollout in new technologies must be accompanied by a discussion on the impact this will have on the threat matrix. In strategic terms of the potential of foreign enemies engaging in cyber warfare, as President Obama foreshadowed, it may be worth re-reading a now 40-year old book, The Strategy of Technology.²²

While written in the context of the Cold War, The Strategy of Technology is particularly relevant for analysis of electricity grid security and how defending this will become part of the 21st Century “Technological War”, which will not be between superpowers, but rather between new and existing power centers competing for regional dominance. The authors of The Strategy of Technology noted: “Technological War can be carried on simultaneously with any other forms of military conflict, diplomatic manoeuvres, peace offensives, trade agreements, détente, and débacle. It is the source of the advanced weapons and equipment for use in all forms of warfare. ... Technological warfare combined with psychosocial operations can lead to a position of strategic dominance.”²³

Footnotes:

1. Peter Waldman, “Google’s Power Play”, Portfolio, February 10, 2009, at www.portfolio.com/news-markets/national-news/portfolio/2009/02/10/Googles-Pursuit-of-Green-Energy/index.html [accessed January 22, 2010].

2. Smart meters are advanced electronic, two-way communication electricity monitoring devices, designed to make energy usage more efficient and economically viable. They enable customer control over energy usage, providing real time updates on electricity prices and detailed electricity management information. Smart meters can be installed as part of traditional electricity networks or smart grids and are being increasingly deployed in states such as Canada, the United Kingdom and Italy.

3. Smart grids refer to technologically superior, decentralised and complex power networks which facilitate more efficient and reliable electricity generation, transmission and distribution between localised points of entry and national networks. These intelligent, self-sufficient network control systems (smart grids) could offer benefits of real time management of electricity distribution and adjusting flows in response to peak load impacts, interruptions in generation or transmission, and redistributing electricity accordingly in order to achieve a more efficient power system. Smart grid technologies have the potential to integrate localized renewable generation sources and storage units into power grids, as well as facilitating greater consumer –grid interaction and mitigating excess physical infrastructure additions.

4. See Andrew Pickford and Yasmine Yakushova, “A Watershed Time in Planning Future Energy Infrastructure Requirements”, Defense & Foreign Affairs Special Analysis, December 2, 2009, Volume XXVII, No 66.

5. The term ‘cloud computing’ can be applied broadly to hosted IT services delivered via the Internet (or the “cloud”). Cloud services, typically Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS) and Platform-as-a-Service (PaaS), offer access to software applications, vast amounts of data centralisation and virtual computing services through an off-site third party provider. Cloud computing limits the need for customers to acquire additional IT infrastructure and allows them to pay only for the services they require. The 2000s saw a relatively swift expansion of cloud computing services, such as with Amazon Web Expansion, Google and IBM, although security concerns prevail over exposed web portals connecting to centralised data compilations being vulnerable to unauthorised access.

6. Cloud computing has been facilitated by cheap IT, essentially free broadband data communication and a de-linking of physical electronic assets with data storage and use.

7. This is not an isolated trend with Mitsubishi Heavy developing a reactor with output of around 350,000 kilowatts and Hitachi is developing reactors with output of 400,000-600,000 kilowatts in conjunction with General Electric. Elaine Lies, “Toshiba, others developing small nuclear reactors: report”, Reuters, October 23, 2009, at http://www.reuters.com/article/GCA-GreenBusiness/idUSTRE59N0CN20091024 [accessed October 25, 2009].

8. Each of these NAS batteries are capable of delivering one megawatt of power and are being installed by the US American Electric Power utility to improve wind generation efficiency, costing approximately $27-million per six megawatts of storage capacity. Matthew L. Wald, ‘Utility Will Use Batteries to Store Wind Power’, The New York Times, September 11, 2007, at http://www.nytimes.com/2007/09/11/business/11battery.html ?scp=1&sq=utility+will+use+batteries+to+store+wind+power+&st=nyt [accessed January 21, 2009]; and “NAS battery supplied to MTA New York city Transit bus depot in the United States”, NKG News, February 4, 2009, at www.ngk.co.jp/english/news/2009/0204/html [accessed January 23, 2009].

9. Bulk storage units aim to have the capacity to provide base load electricity from stored energy, derived, for example, from solar power, rather than sporadic contributions to the grid in stabilization. Pending further refinement and reduction of manufacturing costs, examples include compressed air energy storage (CAES) and flow battery systems with the capacity to generate between two kilowatts and two megawatts for up to 24 hours.

10. Smart charging will be where the grid and electric cars communicate to enable electric car batteries to charge at lowest-cost times based on the possibility of utilities raising peak hour electricity rates to mitigate strains on the grid.

11. The Editors, “The Future of Cars”, Article 743, Scientific American, November 2009, pp 88-92.

12. Stephanie Simon, “The More You Know...” The Wall Street Journal, February 9, 2009, at http://online.wsj.com/article/SB123378462447149239.html [accessed January 20, 2010].

13. Whereas in analogue grid systems, where utilities charge customers based on periodic meter readings of static electricity prices, cost reflective, real time pricing will allow for electricity to be billed specifically based on how much was used and when. This will be facilitated by smarter technologies which enable utilities to track electricity usage in real time and charge accordingly in response to when energy prices rise and fall, as well as interactive digital meters which relay real time electricity rates to customers.

14. While regulation may limit the formal introduction of variable tariffs, industry will move to defacto price decimation on the various points on the demand curve. The cinema industry has accelerated its use of this model and it can be done through indirect price mechanisms with the same effect (i.e. limiting vouchers and concessions at certain times of the day and for peak viewing such as Saturday nights).

15. The dot.com revolution (or dot.com “bubble”) refers to when, in the late 1990s, there was huge a jump in Internet stock prices related to the increasing popularity of Internet services. This crashed in connection with the fall of the US NASDAQ in the early 2000s, leaving the telecommunications industry in major debt and disarray. The so-called Web 2.0 era refers to the renewed mass market interest in (and consequential high prices of) Internet companies, based on more interactive, dynamic product delivery which has also been facilitated by wide-spread broadband access. However, again, surges in the value of these companies are based on their perceived ability to attract mass audiences and fulfill advertising obligations, rather than generating revenue. Brad Stone and Matt Richtel, “Dot-com fever stirs sense of déja vu”, The New York Times, October 16, 2007, at www.nytimes.com.2007/10/16/technology/16iht-bubble.5.7918040.html?pagewanted=1&_r=1 [accessed January 22, 2010].

16. This is still occurring in the newspaper business with significant adjustments remaining to be implemented.

17. This refers to the 1,000 kilovolt Ultra High Voltage (UHV) transmission demonstration project in the People’s Republic of China (PRC). This project began as a review of various historical studies which the State Grid Corporation of China used to begin its own research and development on more than 200 key technologies such as voltage standards, electro-magnetic environment, overvoltage and insulation co-ordination, lightning protection, high altitude, heavy pollution, large power grid control and voltage control. Tinbiao Shu, ‘A Milestone in Global Power Industry: Chinese UHV AC Demonstration Project Commence Operation’, Electra, No 242, February 2009, pp 4-7.

18. Jaime Holguin, “Biggest Blackout In US History”, CBS News, August 15, 2003, at www.cbsnews.com/stories/2003/08/15/national/main568422.shtml [accessed January 23, 2010].

19. SCADA (supervisory control and data acquisition) systems monitor and supervise physical processes through the acquisition, management and deployment of data and automated instruction abilities. Hardware components consisting of remote terminal units, which control and operate simple physical devices, are directed by supervisory software, which then communicates with human-machine interface points and displays essential information for system controllers. SCADA systems can administer and control industrial and smaller-scale operations, such as electricity networks. Since originally designed, there has been an increasing amount of connection between SCADA networks and points of entry to the Internet, which, coupled with widespread installation, exposes control systems and physical asset operation.

20. Siobhan Gorman, “Electricity Grid in US Penetrated By Spies”, The Wall Street Journal, April 8, 2009, at http://online.wsj.com/article/SB123914805204099085.html [accessed January 21, 2010].

21. John M. McConnell, “Fragile web”, Jane’s Intelligence Review, January 14, 2010.

22. Stefan T. Possony, PhD; Jerry E. Pournelle, PhD and Col. Francis X. Kane, Ph.D. (USAF Ret.), The Strategy of Technology, Dunellen, The University Press of Cambridge, Massachusetts, US, 1970.

23. Ibid.