The 2011 GAO Report on the Status of the Smart Grid
In January 2011, the US Government Accountability Office issued a document entitled, GAO Report #GAO-11-117, “Electricity Grid Modernization.” Some of the principal conclusions of that document were as follows:
“Consumers are not adequately informed about the benefits, costs, and risks associated with smart grid systems. … This lack of awareness may limit the extent to which consumers are willing to pay for secure and reliable systems, which may cause regulators to be reluctant to approve rate increases associated with cybersecurity. As a result, until consumers are more informed about the benefits, costs, and risks of smart grid systems, utilities may not invest in, or get approval for, comprehensive security for smart grid systems, which may increase the risk of attacks succeeding. [emphasis added]
Utilities are focusing on regulatory compliance instead of comprehensive security. … Specifically, experts told us that utilities focus on achieving minimum regulatory requirements rather than designing a comprehensive approach to system security. In addition, one expert stated that security requirements are inherently incomplete, and having a culture that views the security problem as being solved once those requirements are met will leave an organization vulnerable to cyber attack. Consequently, without a comprehensive approach to security, utilities leave themselves open to unnecessary risk. [emphasis added]
There is a lack of security features being built into smart grid systems. … For example, our experts told us that certain currently available smart meters have not been designed with a strong security architecture and lack important security features, including event logging and forensics capabilities which are needed to detect and analyze attacks. In addition, our experts stated that smart grid home area networks — used for managing the electricity usage of appliances and other devices in the home — do not have adequate security built-in, thus increasing their vulnerability to attack. Without securely designed smart grid systems, utilities will be at risk of not having the capacity to detect and analyze attacks, which increases the risk that attacks will succeed and utilities will be unable to prevent them from recurring.” [emphasis added]
Need for Consumers to Become More Aware
As stated by the GAO report, there is a concern that consumers are not aware of the benefits, costs, and risks associated with smart grid systems. The utilities will advertise the benefits of the modernization effort but will say little, if anything, about the new and added risks associated with the supposed “smart” grid. Unless consumers become aware of the added risks, they will not know enough to demand enhanced security, both for themselves and society. So what can we do? We have to start somewhere, and the moderator for this website is accumulating some of the relevant information. Hopefully others will read and “spread the word.”
Peer Reviewed Literature Regarding Smart Grid Vulnerabilities
Based upon what will be presented in the paragraphs (and webpages) that follow, it is clear that there are many vulnerabilities to the smart grid. The paragraphs that follow may tell you much more than you ever wanted to know about the smart grid. Some of it is a bit technical and maybe even a bit scary. Hopefully, our respective utility personnel and their consultants are addressing the issues to be described. But as these smart grid system continue to be implemented, what assurance do we have that the issues have already been addressed prior to implementation? From my perspective, as website moderator, I have my doubts.
On the other hand, based upon the information presented on this website, I have no doubt that as the smart grid is being implemented for each utility customer, it imposes significant new privacy and data security risks for which the customer has had no opportunity to provide informed consent. In most cases, the customer has had no opportunity to “opt-out” of the smart grid network, and if he or she does have that option, a penalty fee will likely be charged for any such “opt-out” provision.
A new peer-reviewed journal was initiated in 2012. Its name is International Journal of Renewable Energy and Smart Grid (IJRESG). The Journal is published by ETP, Engineering and Technology Publishing. This new journal is considered an online open journal and is intended to serve as a forum of scholarly / researcher / academician research related to Renewable Energy and Smart Grid research. The first issue of the Journal (Vol. 1, No. 1), was issued in September 2012. That issue focused on smart grid issues. Four (4) articles from this Journal will be highlighted in this posting.
It is acknowledged that Engineering and Technology Publishing retains copyright interests for the cited manuscripts, which includes the sole right to reproduce and distribute cited articles. That said, each article is available for viewing “free of charge” at the specific links provided in this website where the PDF file for each manuscript is stored. In addition SkyVision Solutions received permission to publicly display selected quotations from said articles mentioned below on this website provided that said Works are each identified by title and as articles published by ETP, Engineering and Technology Publishing. Such display on this website is strictly for noncommercial purposes (correspondence on file dated April 12, 2013).
The articles to be highlighted are:
Article 1: “Smart Grid Security: Threats, Vulnerabilities and Solutions”
Article 2: “A Survey on Threats and Vulnerabilities in Smart Metering Infrastructures”
Article 3: “Fuzzy-Based Optimization for Effective Detection of Smart Grid Cyber-Attacks”
Article 4: “Security Is Not Enough! On Privacy Challenges in Smart Grids”
Refer to the appropriate nested webpage to review each article’s content.
As a part of describing the threat potential to the smart grid, published articles will generally categorize the type of “actors” and “motivations” for attacking the smart grid and smart meters roughly as outlined in the slide below: