February 10, 2011

The Show Must Go On: Larry Karisny Partakes and Presents at Smart Grid Summit in Miami

By Jaclyn Allard

TMCnet Copy Editor

Share

0diggsdigg

As TMC Smart Grid Contributor and founder of Intelligent Communications Partners, Jon Arnold (News - Alert), recapped from the recent Smart Grid Summit, “Leading the cybersecurity session was all-around good guy Larry Karisny of WirelessWall, along with speakers Tony Flick of FYRM Associates and Christopher Gorog of Atmel (News - Alert) Corp. Karisny has a strong background in this space, and cited extensive sources to document the threats, all of which were reinforced by Flick and Gorog’s technical expertise.”

Story continues below ↓

Karisny began his presentation, “How to Build Security with Intelligence,” and quoted a number of Smart Grid industry leaders including Vint Serf, the “Godfather of the Internet,” as well as Kim Zetter and Bob Lockhart, to name a few. Karisny from that point on took the Smart Grid Summit by storm, a highlighted speaker and moderator displaying his extensive knowledge of the smart grid industry.

Keeping newcomers to the Summit and fresh faces to the industry in mind, Karisny simplified the understanding of smart grid as a lot of networks, or a bunch of small clouds that are connected; however, this needs to be done on a layer basis. “Smart Grid is not your typical telco network; it is much more complex,” Karisny said.

As TMC’s (News - Alert) onsite editor, Stefanie Mosca, reported live from the show, all in all, Karisny left the audience with a number of suggestions on how to tackle smart grid security issues as they come, as well as offered proactive advice in targeting the security problems before they actually begin. Karisny highlighted that it is important to address the most crucial security issues first and using high-end, yet simple security solutions to do so.

Karisny admitted recently in an article that “To get the most out of an industry convention summit, be a moderator, speaker and audience participant. I had that opportunity at the Smart-Grid Summit in Miami Beach last week. While stranded visitors from the north enjoyed highs of 81 in Miami Beach, the summit proved to be one of the most informative smart-grid discussions ever.” And as Jon Arnold recognized, Karisny was all three – moderator, speaker and audience – helping to execute the Summit with so many stranded participants.

With all present parties pulling together, discussion such as building a strong grid foundation; power transmission and distribution; the growing voice of the customer; smart home killer apps, rural smart-grid opportunities, electric vehicles and public vs. private smart-grid networks continued with immense success.

Jaclyn Allard is a TMCnet copy editor. She most recently worked on the production team at Juran Institute, a quality consulting firm producing its own training and marketing materials. Previously, she interned at Curbstone Press, a nonprofit publishing press in Willimantic, CT, and fulfilled the role of Editor-in-Chief for the literature and arts journal published by the University of Connecticut. To read more of her articles, please visit her columnist page.

Edited by Jaclyn Allard

Smart Grid Security: Generally Speaking, the World Doesn't End

January 24, 2011 By Larry Karisny

An interview with Andy Bochman, energy security lead IBM Software Group/Rational, and editor of the Smart Grid Security Blog. Article courtesy of MuniWireless.

Karisny: There was a recent article in SearchSecurity titled, “IBM predicts rising mobile threats, critical infrastructure attacks in 2011." Are you sharing the same feelings of when, not if, it comes as it relates to a major breach of our electrical power grid?

Bochman: My focus in the last several years has been almost exclusively on critical electrical infrastructure, to include the current grid as well as the few dozen spots where the emerging smart grid is starting to show itself. The grid is so large and so complex that it doesn't take a Nostradamus to predict successful attacks on it in any coming year, especially as one of the primary enablers of new smart grid functionality involves massively interconnecting systems that were previously protected, at least in part, by their isolation.

2010 saw a very single-minded Stuxnet penetrate, but not disrupt, many enterprises with industrial equipment, including the military and utilities. More broadly aimed variants of Stuxnet may in the works, or in the wild already. But I don't necessary forecast extraordinary trouble, as the promulgation of fear, uncertainty and doubt (FUD) doesn't help anyone. Some security professionals like to put folks into fetal positions with scare stories. But I prefer to remember what my broker tells his clients during downturns, "generally speaking, the world doesn't end."

Karisny: We have seen a multitude if IEEE standards, different directions NIST, FERC and NERC, and organizations like Grid Net and GridWise Alliance positioning for the multi-billion dollar power grid security market. With all this posturing does there seem to be any agreed-upon direction as to security models suitable for what you earlier called in a Huffington Post article CIP or critical infrastructure protection?

Bochman: I'd say that even though it's only a set of high-level guidelines, the embryonic NISTIR 7628 has the broadest fan base so far. I could be very wrong, but my sense is the NERC CIPs won't be with us for the long run. No one seems to value them. We're waiting for practical implementation guides from the NIST CSWG teams in 2011 before state PUCs and other U.S. and international grid security standards groups can point to 7628 as something approaching implementation-ready. As for enforceable standards, well, that's the GAO's primary complaint re: FERC. And FERC can't fix that -- only Congress can.

Karisny: There were big mistakes early on with smart meters security and now even questionable security in using ZigBee wireless network for the home Area Network (HAN). What was done wrong and how can we move forward on securing the demand side part of the smart grid?

Bochman: As the smart meter article noted, "Prominently missing are signed and encrypted firmware, secure (smart card) chips for key storage, unique cryptographic keys, and physical tamper protection." These omissions (and others) were symptomatic of the root cause: a rush to deploy ahead of firm best practices, security standards and business models. Some security pros may question my response, but I'd say we need to slow down a bit, breathe, review what we've done so far and check for gaps, before locking in standards, encouraging vendors to build to those standards, and encouraging utilities to deploy Smart Grid components in significant numbers. And yes, with millions of Smart Meters already out there, I realize this is a somewhat belated point!

Karisny: With all the complexity in security do you see any simple and economical solutions available?

Bochman: Not really. While the impulse to simplify is a good and desirable one from a business point of view, I'm afraid we're going to have to meet the complexity of the smart grid with complex security solutions. That said, some tried and true security tenets bear repeating:

• Defense in depth
• Least privilege
• Need to know

And this: in case those three don't work every time - have plans B, C and D tested and ready

Karisny: Is there some kind of new solution that can be started with migration paths to future security solutions?

Bochman: Sure, though it's clear that many "future proofed" solutions bring with them added risk. Let's say you want to make your smart meter (or any other smart grid device) software remotely upgradeable so you can add additional functionality or fix security problems on the fly and en masse. Remote control functionality always opens additional pathways for attackers, should they be clever enough to subvert whatever controls (or their lack) to prevent unauthorized access and use. For practical reasons, though, upgrade-able software and firmware is the only game in town, as fully manual updates to hundreds of thousands or millions of devices at a time would take a small army many months or years to accomplish.

Karisny: With all the guide line direction being given by a variety of organizations, is here any place to prove out these security solutions in an actual field test settings?

Bochman: Sure, and it's happening right now, in dozens of pilot deployments already under way, with many more slated to begin in 2011 and 2012. In addition, several universities (see: the Trustworthy Cyber Infrastructure for the Power Grid (TCIPG)) and DOE national labs like PNNL, INL and Sandia are doing substantial research involving security, often using test beds that simulate field conditions.

Karisny: With threats now of fines and security assessments taking place, do you see power companies getting serious about grid security in 2011?

Bochman: This is a tough question to answer without a qualification first. If you equate heightened NERC CIP compliance activities with "getting serious about security," then the answer is yes. However, one of the primary critiques of the CIPs as currently constituted in version 3 is that they are less than tightly aligned with the goal of making utilities demonstrably more secure against cyber threats. Some utilities complain that CIP compliance activities divert human and financial resources that could have been used to improve their organization's actual security posture. Some say the CIPs have increased security awareness and are helping. The ground truth is likely that both are right.

Karisny: You have early on spoken in smart grid panels and have been a key speaker in various smart grid conferences. Is there any underlying security issue you have come away with when participation in these events and what are you upcoming speaking engagements?

Bochman: For me, the number one takeaway from the 2010 conferences was complexity. Trying to get our arms around the very many pieces of smart grid security challenge, including old and new technology, evolving business models, standards and guidelines, workforce awareness and training, the shifting threat landscape, recovery and survivability strategies ... it's just a heck of a lot to hold in main memory. But without consideration and attention given to all these things, you're not really doing the job.

I'll be a panelist at the Jan 31 FERC Technical Conference on the Smart Grid Interoperability and Security Standards. Will also speak at a few conferences over the next several months. Right now those likely include:

• Smart Grid Security East
• GTM's Networked Grid 2011
• Gartner Security & Risk Management 2011
• CleanTech 2011

Karisny: You have the most popular blog as it relates to smart grid security. What are you hearing from those who following your blog?

Bochman: Mostly a hunger for more and better knowledge, especially among folks who are new to the domain. That includes cyber security pros who want or need to learn more about the electric sector, and utility personnel who need to get smarter on security issues and approaches. The blog exists to serve the community by facilitating knowledge transfer and letting folks know about upcoming events like new legislation, standards, conferences, best practices and lessons learned, etc. And so far, according to the feedback I get from (usually) happy readers, it seems to be working pretty well.

Karisny: What are your 2011 forecast in critical infrastructure protection deployments and research throughout the year?

Bochman: With so many balls in motion, it promises to be a thoroughly exciting and challenging year in the smart grid security space. At IBM, we're putting the finishing touches on a white paper that considers the current and possible future of smart grid security standards. When that's done, I plan to help advance work begun last year on EV and V2G security. We've been getting a lot of questions on that topic the last few quarters and that may very well become a 2011 white paper as well.

Who Owns Smart-Grid Security?

December 8, 2010 By Larry Karisny

Bob Lockhart is an industry analyst with Pike Research, which just released a study of smart-grid security. This article courtesy of Muniwireless.

Q: Who do you see as the responsible party for securing the grid; power companies, third-party security vendors or government entities?

Lockhart: In countries where the power grid is a government monopoly it’s pretty straightforward. In the USA however, there is no responsible party for securing the grid. Lots of organizations have a say but no one “owns” security of the smart grid. Some have tried to put NERC in that role but NERC’s remit covers generation and transmission. Most of what constitutes the smart grid happens in distribution, which today is outside NERC’s scope.

NIST has published some very good standards for Smart Grid security including the recent NISTIR 7628 series but they remain only standards. The Bulk Electric System has nothing analogous to HIPAA for health care information or PCI DSS for payment card processing. Compounding the issue, there is a fair amount of personally identifiable information (PII) flowing through smart-grid management systems. That PII comes under the jurisdiction of personal data privacy laws, but we have no national privacy legislation -- each state has its own laws.

Q: Where are we today when it comes to securely adding intelligent infrastructure to our utility and power grids?

Lockhart: Behind and losing ground. As with nearly every technology, the focus in smart grids has been to get it working, then later realize that security is an issue. Two dynamics make this even worse: first many security providers have equated smart grid with smart metering, ignoring the major innovations necessary in distribution automation and substations. Second, there has been precious little attention paid to security of industrial control systems (ICS), such as SCADA, some of which are so old that they are still analog. Since most information security experts have an IT background they do not understand that IT security solutions may not work and may actually disrupt an ICS network.

Q: With billions already awarded in federal grants and billions more put in by the power companies, where are all the smart grid projects?

Lockhart: In my analysis I only looked at smart grid cyber security projects of which there are precious few being funded by ARRA, though there are some. In the case of cyber security it is often difficult to credibly forecast an ROI -- after all an effective security program is one that you never see. So given funds to invest and an enterprise’s need to justify the investment via some measurable return, many are going to minimize security spending unless it’s necessary to comply with a regulation such as NERC CIP.

Q: What is the best start for securing the grid network infrastructure today? Is it just a process of add as you go?

Lockhart: It’s the same as securing any other environment. You start with an assessment of risks against most valuable assets and prioritize security investment based upon the results of that assessment. Some of the quantitative risk assessment methods can take years to reach completion and are not realistic for the current situation but there are qualitative techniques that yield useful analysis in a relatively short time. The keys to success are getting a complete asset list and fully understanding risks to each. Again there can be problems if no one involved in the assessment truly understands industrial control systems.

So it’s not really possible to say, for example, that every utility should immediately upgrade its identity management capability or deploy security event management. Each situation will be unique and requires someone to seriously think about what is at risk and what needs to be done.

Q: Some people are saying we should be addressing the transmission and distribution side of the grid first before the demand side. What do you think about that as it relates to security?

Lockhart: Well ideally security would be integrated as part of whatever smart- grid projects are undertaken by a utility. If it’s smart metering, then securing consumer data and resiliency in the networks should be part of the project. Those are much more expensive to bolt on later. Likewise if it’s updates to the distribution grid, maybe smarter transformers, then secure communications and other measures should be built into those projects as well. So the ideal situation is that security rides along with smart grid projects as undertaken by the utility. When that doesn’t happen, then you have to go back to the security risk assessment discussed above, and address the risks as prioritized, maybe taking some low hanging fruit early on -- simple measures that can be implemented quickly and with little expense. Early success in a security program can bolster it immensely within an enterprise.

One area of security that gets too little attention in smart grids is employee awareness. It is critical for employees of utilities, systems integrators and other involved entities to understand what security is implemented, why it is there, and their responsibilities to support it. This requires a proactive education program. Whether we’re talking e-mails, Web courses, or stand-up instruction matters less than that the points are gotten across to the workforce.

Q: Is here a one-size-fits-all security approach or is layer security going to be the rule of thumb for the grid?

Lockhart: Again, countries with a government monopoly grid can take a one-size-fits-all approach. On the down side for them, that implies that a single attack against their entire national grid could be successful and there is probably a single point of attack for that grid. Here in the USA we have over 3,200 utilities -- some with millions of customers, others with a few thousand. So obviously they are not going to all be running on the same infrastructure and therefore the same security approaches will not work for all. It is not unthinkable that some smaller utilities will end up clients of service providers running cloud computing environments. Those will probably be private clouds, but still a centralized, third-party cloud. Personally I think that’s a good thing because small enterprises cannot afford as sophisticated security as a large-scale integrator of clouds will implement.

In either case layered security or defense-in-depth will be the preferred solution. In my studies and work with clients I’ve been emphasizing not only the need for well-known network and endpoint security controls but also that networks need to be resilient. Whether we’re talking smart metering or ICS, endpoints and central systems need to be able to survive several days or maybe weeks out of contact with each other.

Q: Are there already lessons learned from mistakes and some solutions found?

Lockhart: What I’ve seen is more an evolution of increased protection rather than a grand disaster followed by a step change in the level of smart-grid security. There is still quite a bit of disunity among the smart-grid community as to how bad things are or are not. That suggests to me that nothing truly terrible has happened to galvanize the industry. In my research when I ask how bad things are, answers range from no problems at all to critical.

But most of the lessons learned that I’ve seen are straightforward: better ways to identify and prevent fraud, nearly everyone understands the importance of encryption, and there is a slowly dawning awareness that the security-by-obscurity approach that protects most SCADA deployments is not going to be effective. But I do see more targeted point solutions than overarching grid-security programs.

Q: Is Stuxnet the warning shot of more cyber attacks and just how bad could thins get as it relate to our power grid?

Lockhart: Slammer and Blaster, each 7-8 years ago, should have been warning enough -- even if they were not directly aimed at grids. I recently blogged Stuxnet and I think the security community has its head in the sand. If my analysis is correct then Stuxnet was developed late in 2007 or early in 2008. We security experts call Stuxnet state-of-the-art because we arrogantly think we know everything that’s happening, but we don’t. The Stuxnet code and attack could be three years old -- that’s two iterations of Moore’s Law. If true, then things probably have already gotten much worse than we understand. We’re just blissfully ignorant of how bad.

Q: In summary, where we are today as it relates to the smart grid? Where do we need to be in a fast track short-term solution and what do you think the future of smart-grid security will look like?

Lockhart: If Stuxnet is any indication, then the serious attackers are way ahead of us and can pretty much operate with impunity. Less sophisticated attackers may be able to hold a grid to ransom if it is not well protected. Some security vendors seem focused on finding problems that suit their existing offerings rather than seeking how to protect our grids, although there are some exceptions. One utility complained to me, “If one more security vendor walks into my office and asks me what keeps me awake at night…”

Here in the USA our patchwork grid may protect us for some time to come. I’ve asked several utilities and smart-grid experts if an attack could wipe the entire U.S. electrical grid. The common answer has been something like, “If only we were actually that well integrated. But no.” Still, any one grid could be successfully attacked so no one can really rest.

It’s hard to prioritize remedies outside the context of a risk assessment, and that’s going to be unique for each utility. But if I had to prioritize anything in general I’d look at better resiliency throughout networks -- both IT and ICS. And I would like to see IT and operations staffs at utilities work together more effectively. I can’t see any other way to get a whole-picture view of the grids and what really needs to be done.

Unfortunately we may see continued selling of point solutions for quite some time to come. There are people taking a holistic view of smart-grid security, including some utilities’ chief security officers, systems integrators, and even some of the smart-meter manufacturers with their bundled solutions. However there is quite a bit of point selling going on out there. Utilities expect a meter -- smart or otherwise -- to have a service life of 20 years. What is going to happen in smart metering when that expectation collides with Moore’s Law? Certainly that could drive another round of point-solution selling.

Will Security Start or Stop the Smart Grid?

November 18, 2010 By Larry Karisny

With billions of dollars of public and private smart-grid investment in place and billions of dollars in network hardware and software in forecast shipments, will the smart grid be stalled by security concerns? Current smart-meter deployment trends and reported security breaches seem to point toward the possibility. In fact a recent Pike Research report “Smart Grid: 10 Trends to Watch 2011 and Beyond,” states that “security will become the top smart-grid concern” rating it number one the 2011 grid trends.

Making the Dumb Grid Smart
With all due fairness, the power and utility companies had a difficult start when it came to securing the smart grid. Their basic network grid topology was built on stand-alone facilities offering limited if any interactive networked intelligence from the substation, distribution and transmission side with even fewer capabilities on the user-demand side. With limited network capabilities in place, power companies pushed to offer end-user network intelligence for every user on the demand side of the grid.

This approach may seem backwards for most network and security people, but was necessary to quickly show smart-grid utility ROI and power generation savings. The basic demand-side theory was that if you could gather intelligence from the power grid demand side first, you could immediately reduce peak load consumption offering tremendous capital and raw material recurring savings. The problem was that these end network communication devices were rushed out without sufficient security and breaches became evident.

Consider this power-grid communication infrastructure, and then try to securely deploy an interactive network to a real-time database connected to every electricity user. Quite a daunting task.

Security Breaches Confirmed and the Criminal Element Defined
Security breaches in power plants have now been documented and the recent Stuxnet attacks have been called “without precedent” and “a game changer” by Sean McGurk, head of the Department of Homeland Security's Cybersecurity Center. Pike Research reported, “The technical analysis on Stuxnet continues, and it appears to be a very sophisticated attack not aimed at the electrical infrastructure. But if nothing else, the threats security experts have been warning of for years have now moved from theory to reality. Since the industry is taking greater notice, especially regulators and government (including the U.S. Congress), utilities will need to determine what cyber security measures are required -- even as standards and regulations are still evolving.

(graphic) Source: Symantec

Network intrusion detection experts like Josh Wright from InGuardian early on confirmed smart-meter security vulnerabilities and now have detected vulnerabilities in wireless Zigbee systems that are targeted to be the premier network technology in smart-grid Home-Area Networks (HAN). In his recent presentation the Killer Bee, Practical ZigBee Exploitation Framework, Wright clearly demonstrated current Zigbee security concerns in a variety of smart-grid end user devices.

These vulnerabilities and need corrections were further documented in another Pike Research report, Smart Meter Security. The report assesses the security risks to Smart Metering, using ISO 27002:2005 as a baseline to identify topics for consideration. The study reviews Smart Metering against all 11 security clauses of ISO 27002:2005 to identify six key security opportunities including event correlation improvements, security software on meters, identity management and authorization, network resiliency, meter worm prevention, and end-to-end data encryption.

With known vulnerability, who wants to hack the grid anyway? Mike Ahmadi -- organizer of the Smart Grid Security East Conference and vice president of operations for the security firm GraniteKey -- targets the accessibility of data then adds volume to dollars in a formula that will attract organized crime. “I think about this a lot when I consider smart grid technologies, as well as health-care information technologies. As these technologies grow we are going to see new sources of information emerge, and in our inherent somewhat lackadaisical manner of dealing with security at the decision-making helm of our corporate culture, we will create plenty of early opportunities for aggregation and inference. The quicker an attack leads to cash for the attacker, the greater the likelihood that the attack moves from theory to reality."

He goes on, “This is, however, only part of the theory. The other part has to do with volume. For organized crime to get involved, the volume needs to be big enough to take the risk. Remember, organized crime is just as concerned with risk as corporations are. Therefore a quick path to cash that does not include a large enough volume is not necessarily a win for organized crime.” The smart grid certainly qualifies the volume requirements.

Big-Time Security and Big-Time Bucks

For every problem there lies opportunity which is clearly documented in Pike's smart-grid security revenue projections. With opportunities come different approaches and major companies and even smaller companies are offering their opinions on what the appropriate methodologies are when addressing smart grid security.

Grid Net just released a white paper “Assuring a Secure Smart Grid,” which opens with: “To build a secure, resilient, mission-critical smart-grid network, utilities require technology that is secure, reliable, and self healing. The growth of the Smart Grid and the advanced security technology will necessarily go hand in hand. The electricity grid is the foundation infrastructure on which rests not only economic performance, but also public and personal health, safety and welfare. Without robust security in place, the Smart Grid will not -- and should -- be built and deployed.”

By applying over 40 standards, Grid Net's approach to smart-grid security is “multi-layer.” The core architecture delivers an end-to-end secure solution, which begins with PolicyNet SmartNOS and Smart Grid devices (smart meters, routers, inverters and customer devices), proceeds to data encryption for both data storage and data transport on the network, and concludes with PolicyNet SmartGrid NMS at the Utility NOC. The PolicyNet software suite is based on three foundations -- Architecture, Process, and Response -- that take a “defense-in-depth” approach to security to provide robust end-to-end security.

SmartSynch came out with a hardware solution called the GridRouter which is a smart-grid solution that serves as an IP-addressable, external interface offering WAN, LAN and HAN connectivity to a variety of smart grid devices. The GridRouter acts as a wireless pipe capable of transmitting and receiving data over public wireless networks using Internet-based or other open standards. Through the GridRouter and its use of public wireless networks, utilities can quickly and affordably spot-deploy smart-grid applications, including load profile and control, power quality monitoring, distribution automation, and standby generator control. The GridRouter also enables utilities to support homeowner-focused smart-metering programs such as demand response, demand-side management and real-time pricing. It uses an IPsec Security Platform using Public Key Infrastructure (PKI) VPN Subtunnels to Connected IP end-devices with Digital Certificates and AES 256-bit Encryption connecting VPN Tunnels to Each GridRouter Port.

WirelessWall offers a standards-based, FIPS 140-2 solution to securing at Layer 2 with a unique approach -- implementing an IEEE Robust Secure Network for everything. According to CTO Phil Smith, “WirelessWall is elegance through simplicity. It can best be described as WPA2-Enterprise in software (AES 128-bit CCMP, 802.1x and EAP-TTLS mutual authentication).” Billed as a high-throughput and lightweight encrypting firewall, a central part of the WirelessWall advantage is providing uniform security across multiple domains which in the case of Smart Meters, would be HAN (Zigbee) and backhaul (Wi-Fi, WiMax, broadband, Mesh, etc.). Smith goes on to say, “without WirelessWall, it is like the Tower of Babel. Management complexity makes it operationally infeasible and cost prohibitive to use different security methods for each type of network. Inconsistency and complexity lead to vulnerabilities. Our strength is securing end-to-end at Layer 2 to provide cohesion, uniformity and interoperability."

FYRM Associates offer a completely different approach in addressing smart-grid security needs. Tony Flick has worked for over eight years in the security industry and is currently a Principal with Tampa-based FYRM Associates. In his book Securing the Smart Grid, Flick says a different approach needs to be taken in addressing smart grid security.

“A secure smart grid can be implemented through effective security controls," said Flick. "By focusing on security controls, rather than individual vulnerabilities and threats, utility companies and smart-grid technology vendors can remediate the root cause issues that lead to vulnerabilities. As history has shown, these security controls are much more difficult and sometimes impossible to be added on; they need to be integrated from the beginning to minimize implementation issues. Additionally, new threats and attacks will arise and thus, the operating effectiveness of the implemented security controls must be assessed on a regular basis to ensure smart grids are protected against the ever-evolving threat landscape."

Conclusion
Every security approach has advantages and disadvantages. Some have complexities that will add cost to development and product while others may put loads on the network that can affect recurring cost in bandwidth and potentially unacceptable network latency. Some may be simple but are only part of the required solution while others will require continued upgrades.

Security solutions may differ, but the clear message in the smart grid is to get effective security deployed and get it deployed now. With billions of dollars in deployments on hold there must be a concerted effort to fund immediate, short- and long-term security solutions for the smart grid or the smart grid "ain't gonna get smart any time soon."

GridNet: A look under the Smart Grid Hood
September 10, 2010

By
Larry Karisny

"Our goal is to become the leading provider of universal smart-grid operating systems for any device and any broadband technology." -- GridNet Founder and CEO Ray Bell (pictured).

Google the words "Smart Grid" and you will get more organizations and explanations than you may want. From government policies to standards groups to organizations to new publications, everyone seems to have an opinion of what the smart grid is suppose to be. The Wikipedia definition is: "A smart grid delivers electricity from suppliers to consumers using two-way digital technology to control appliances at consumers' homes to save energy, reduce cost and increase reliability and transparency. It overlays the electricity distribution grid with an information and net metering system."

An organization called GridNet has envisioned the smart grid as smart devices everywhere, to manage energy resources. It says that soon, there will be a connected broadband real-time, all-IP network of “smart” devices from substation infrastructure to distribution infrastructure, to meters exchanging information and price signals with buildings and homes equipped with distributed generation (e.g. solar PVs), energy storage, smart devices/appliances, and electric vehicles to enable utilities and their customers to optimize energy resources and consumption. So what does this all mean and is GridNet the answer to the constantly evolving architecture of the smart grid.
To get a better answer I had the opportunity to interview Ray Bell, Founder and CEO of GridNet.

Q: The Smart Grid seems to mean a lot of different things to a lot of people. Can you define what it means to you?

RB: It is the seamless integration of a power grid, a communications network, and the necessary software and hardware to monitor, control and manage effectively and efficiently how we create, distribute and consume energy in homes, offices and the transportation industry.

Q: How do you define GridNet as an organization as it relates to supporting the needs of the smart gird?

RB: GridNet delivers the first and only Universal Smart Grid Operating System for any device and any broadband technology.

Q: The initial focus of the smart grid is on the demand side. Some people think this may be the cart before the horse. Why demand side first?

RB: We are focused on both the supply and the demand. In fact, today there are many more benefits to achieve on the supply side. The demand side is about the customer, which is why many people are focused on it. It is a journey. The adoption of innovation will take time. The key elements for the solutions to choose are real-time communications (e.g. broadband), full Internet protocol support, and government-compliant cyber-security standards. Anything less than those three means a poor choice.

Q: There are two thoughts on how the demand-side smart grid will be run; by the power company or by the customer. Which do you think will ultimately control energy consumption and savings?

RB: We believe in an open market with multiple choices for customers -- by the serving utilities and independent energy services providers. Customers will need the best value and services possible while maintaining data privacy and security.

Q: GridNet partners seem to be a who’s who of smart grid industry players. How have these companies been selected and how do these companies collaborate in building the GridNet model?

RB: Our strategic investors and key partners are Intel, GE, and Cisco. In addition to them, we have partnerships with Telecom Carriers (Clear, Sprint, Seven, Austar), Software Companies (Oracle, eMeter, EMC), Original Device Manufacturers (Motorola, Samsung, Huawei, Mitsubishi, Freescale, Beceem, PowerSense), and Systems Integrators (IBM and Logica). We are very focused on top-tier partners. There are more to come.

Q: You have recently announced the entry of Oracle as a GridNet partner. What does this mean to your organization?

RB: Together, Grid Net and Oracle Utilities have complete solutions for utility customers. The combined solution will operate on a common data model and integrate easily with Oracle Utilities products providing utilities with a wealth of information that will help them improve network performance and customer satisfaction. This partnership accelerates our go-to-market significantly.

Q: GridNet is being called the salvation of WiMax. What is the fit between WiMax and the Smart Grid and will this save WiMax?

RB: We believe that 4G wireless technologies deliver the capabilities and services for customers and utilities to realize the dream scenario of real-time, all-Internet protocol, scalable, reliable, clean and affordable energy for all. WiMax and LTE (Long Term Evolution) share very similar attributes. We support both 100 percent. And we also support 3G.

Q: There is a lot of concern about security when it comes to wo-way interactive smart-grid communications. Issues with smart meters have already confirmed security problems on the smart grid. How is GridNet planning on addressing these security concerns?

RB: Our security technology is second to none in the world. It is the only end-to-end NIST, NERC CIP, and FIPS compliant solution for the smart grid available today. Grid Net’s approach to Smart Grid security is “multi-level/multi-layer,” which is why our smart-meter and smart-router technology contains secure data encryption, and secure data transport via secure broadband communications networks. Moreover, we are committed to continuous standards-based innovation, to ensure that succeeding generations of our solutions will contain the latest security enhancements and improvements.

Q: With over 20 major partners, is there still a piece to the GridNet puzzle that you are looking for?

RB: Our goal is to become the leading provider of universal smart grid operating systems for any device and any broadband technology. Hence, we have barely begun. Stay tuned.

Q: Can you give us some predictions on where the smart grid is going and when we some of its benefits will be recognized?

RB: Broadband smart grids will dominate. We believe in open markets and multiple offerings for customers powered by open standards-based solutions that enable efficient and effective secure, scalable, reliable, clean and affordable smart grids.

With a lot of people going a lot of different directions and regulations and standards surrounding the smart grid, GridNet just may be the organization that will rise to the occasion by just doing it. They have the corporate clout and top industry professionals to get the job done, but can the rabbit beat the tortoise? It will be interesting to watch GridNet and see if just plain corporate ingenuity can win over slow-moving government and power-company bureaucracy and regulation