Interview with Samuel Sciacca
Samuel Siacca discusses how issues surrounding cybersecurity and privacy are impacting Smart Grid's success.
Question: What is your role with Smart Grid?
I am a Smart Grid consultant to various organizations and companies in the utilities industry, including electric utilities themselves and vendors.
Question: How will customers and businesses experience the benefits of Smart Grid's decentralized power generation, distribution and consumption?
There are essentially two ways this will happen. First, Smart Grid will give individual customers and companies connecting to the network the ability to participate in the generation and/or the storage of electricity. One of the biggest challenges of connecting to a co-generator or a storage facility today is the fact that the grid's distribution facilities have not been designed for bi-directional power flow.
One of the pricipal focus points of Smart Grid is to facilitate bi-directional power flow at the distribution level. Decentralized power generation, along with improved communications, will make the network more bi-directional in nature. This means many more people will have the opportunity to participate.
Secondly, decentralized power generation is going to lead to the proliferation of micro-grids. The overall network will be connected together much as it is today, but it will have the ability to be broken up into smaller grids. That's going to help tremendously with network reliability, especially in the event of a major incident or disaster.
Question: What kind of privacy and security issues does Smart Grid present?
Let's talk about cyber-security first. As we put generation in many places we are going to need communications to control all of these systems and keep them orchestrated in a coordinated system. Like any other communications networks, the control systems can be compromised intentionally or unintentionally.
Cyber-security helps to ensure that communications are open enough so that everyone can participate and transmit information back and forth, and yet secure enough to provide the necessary reliability. So, we also are tasked with making sure that communications can't be tampered with, or unintentionally compromised, in ways that could impact our ability to put power on the system.
Utilities already are very concerned and very aware that they need to secure their communications networks and data processes from problems that could be caused by disgruntled employees, external forces or unintentional mistakes. When you start controlling more and more assets in a digital, automated manner, it becomes easier for someone's finger hitting the wrong key to have a greater impact.
In the past, we controlled the electric system with screwdrivers, pliers and big cable cutters. It was possible, to make a mistakes that would have had a major impact on the system. Fortunately, utilities were able to prevent such problems through work rules, worker training, and managerial oversight. In today's environment, with control systems programmed via keyboards, and often remotely, it is easier for someone to inadvertently and significantly compromise the electric infrastructure.
Another issue is tampering with intelligent electronic devices for commerical gain. As devices and meters become more programmable, there is greater potential for these devices to be compromised. This has the potential to create signifcant financial loss for electricity providers.
Question: What other issues does cyber-security entail?
Growing automation and autonomous control of our systems presents us with an increasing challenge when it comes to managing all of the devices connected to the network. Sometimes it helps to think of it less as cyber-security and more in terms of cyber-integrity. We need to make sure that all of these wonderful automation systems that we have put in place continue to be maintained and upgraded. People soon realize that todays networks are more delicate mechanisms than they have had in the past.
It is easy to sometimes forget about things like software changes and upgrades, which occur frequently. The problem is that all of these upgrades have to be tested to make sure that everything is still working with all the connected systems. You also have to take into consideration the fact that when utilities expect newly installed technology systems to last 10 to 20 years. But today’s technology usually lasts far less time than that. Over the years it takes the average utility to deploy new technology across its network, it is likely that five to 10 versions of firmware could be released for the same device.
In addition, as their systems become more critically dependent on communications, utilities can expect to suffer a greater impact on network integrity and security if their communications networks fail during an incident. For example, last year in New England there was a major snowstorm in October. First it knocked out power to 800,000 customers from falling trees and branches. After about two days without power, the affected the area started losing Internet because the battery backup systems supporting Internet and wireless communication technologies began to fail.
Communications problems can occur from a storm, solar radiation, a virus in the communications system or even an upgrade to a system. And then there is the cloud. The cloud is a physical thing, but utilities do not have the visibility they need to see what is going on in the cloud. It is difficult to determine whether or not all the pieces that are supposed to work together are functioning properly. Therefore, they need to have action plans in place to mitigate all of these situations and do their troubleshooting.
Question: What kinds of privacy issues are utilities facing with Smart Grid?
Privacy is going to be a major challenge to Smart Grid in terms of its acceptance by the user community. We can use Smart Grid to do things like look at loads on the network and adjust people’s thermostats to help control power and identify where we can make adjustments. However, that comes at the cost of people's privacy.
About a year ago, a utility in a major metropolitan area installed uni-directional smart meters that simply watched power usage on a "real time" basis. The CEO of the utility said that even though they weren't looking for personal information, it quickly became apparent that the utility could tell when people woke up, went to work, showered, cooked breakfast or dinner, and when they were on vacation.
While that kind of information is useful for the utility and the applications that would legitimately use that data, most people would not want their utility or other third parties to know all these things. It's a targeted marketing dream, but it could be a consumer's nightmare.
All of this really gets down into mining of data and generating targeted advertising. In my opinion, I think we will continue to see companies like Google, Facebook and Yahoo take an interest in Smart Grid, due in part to the potential for generating a new and detailed information set of personal demographics based on electric usage.
Question: What are utilities doing to come up with solutions to these privacy issues?
There are some fledgling efforts in which people are beginning to look at this. The California Public Utility Commission has a group that is specifically looking at the privacy issues associated with electric usage. I'm sure that is being replicated by other public utility commissions.
There are other groups, such as the IEEE, looking at how that data collected by smart meters could be made available anonymously. Even without knowing who it correlates to, the information is still extremely valuable. There are both technology and regulatory issues to be sorted out.
Question: Are there still interoperability issues with Smart Grid?
Yes. There is a big issue with system-to-system communications. As I said before, Smart Grid is a system-of-systems. The key to its success will be utilities' ability to make those systems share information with each other in a manner that enables them to make smarter and more timely decisions. In the past this has been done via customization and very specific software routines. Smart Grid needs to standardize these interfaces so vendors know what to build, utilities know what to buy and everyone knows exactly where to put their efforts in terms of developing an interoperable communications infrastructure.
Question: What is being done to ensure that happens?
The IEEE Power and Energy Society and IEEE SCC 21 have created numerous interoperability standards. We are pretty far along when it comes to interoperability standards for generation systems and controlling transmission and distribution systems. However, there is still a lot of work to do on the consumer side of things. IEEE 2030 was the first effort worldwide to attempt to define these interfaces, and work continues to expand on IEEE 2030 for more detailed defintion of interoperability.
For example, we don't have interoperability among smart meters. Each vendor’s system is proprietary. Vendors' systems are not likely to interoperate in the short term because a Smart Meter system is really comprised of two interelated elements — the smart meter itself and the data gathering system. Today's business model requires utilities to buy their smart meters from the same vendor of the data gathering system in order to communicate with them.
Even some of the equipment that goes into substations and on distribution poles has some of the same interoperability issues because it, too, is proprietary. This is primarily because the suppliers have not been presented with a business case model that makes universal interoperability appealing to them.
While the power that each individual utility provides is the same, each utility’s network is unique. Systems can be interconnected electrically, but control over the devices in each utility's network varies. If a system loses its communications capabilities, the systems adjacent to it cannot access these controls.
Question: Do you think the consumer understands how a successful Smart Grid will benefit them?
No. In some Smart Grid pilot programs, utilities are seeing many different levels of motivation on the consumer side. There is one segment of the population that can be appealed to by telling them that their use of Smart Grid will shut down a coal or oil powered plant and make way for more power from photovoltaic sources. There is another segment that is looking for innovation. They are enthralled with technology. There is a far bigger sector that thinks it all sounds like a good idea, but wants to know what it really means in terms of dollars and cents.
If a $200 smart meter only saves a homeowner about $20 to $30 a year, that is a 10-year return on their investment, far too long to get a lot of interest by the general economy. Personally, I think that if most of the smart meters going in today hadn't been put in with a 50% subsidy from the government, we wouldn't see as many installed as we have already.
Question: What is the most important message about Smart Grid that needs to be communicated to the world?
The most important message that I typically preach is that Smart Grid requires a Smart Community. In other words, people need to be engaged and see themselves as part of the solution. If we put all of this technology in place, but end users do not adjust how and when they use power I don't think we are going to see the magnitude of the benefits that we are hoping to see.
In Germany, the government's decision to retire all nuclear power plants in ten years is having a major impact on end users. The average German believes that the decision to retire the nuclear power plants will lead to costlier power and less reliable power. However, the average German also believes that retiring the nuclear power plants is the responsible thing to do. This is a Smart Community . For Smart Grid to succeed in other areas, we will need this kind of community involvment for the betterment of all.
Samuel Sciacca currently serves as chair of two IEEE working groups that deal with cyber-security for electric utilities: the Substations Working Group C1, which is working on P1686; and the Power System Relay Committee Working Group H13, which is working on PC37.240.