Securing the Smart Grid
Everything, it would seem, is getting “smarter.”
From our phones, to our televisions, to even our washers and dryers, companies are constantly finding new ways to connect technology we currently use and make it more efficient, ultimately enabling better usage.
Essentially, making it work smarter, not harder.
However, with increased connectivity, comes increased risk for breaches in security. Bigger networks mean bigger risks as hackers can gain access to a wider swath of whatever they’re targeting.
For renewable energy utilities, this is quickly becoming a potentially devastating problem in the form of increasingly connected smart grids, and one that they are rushing to solve.
Threat Level Rising
A report on smart grid security risks by Dr. Isaac Ghansah defines a smart grid as a “modernized electricity network which is being utilized as a way of addressing energy
independence, global warming, and emergency resilience issues.”
One of the several key characteristics of a smart grid the report identifies is its “operating resiliently against physical and cyber attack.” This is especially critical since smart grids are considered one of the 18 critical infrastructures by the U.S. Department of Homeland Security. Many of the other critical infrastructures depend on smart grids for operation, making their security paramount.
Unfortunately, Dr. Ghansah’s report outlines a number of potential security threats to the smart grid. First, smart grids are multi-layered networks, and the each layer could become an avenue for a cyber attack. While the threat may not be as big in the residential arena, it is a huge factor for large-scale power operations. As substations and other energy structures become more connected and automated, the level of vulnerability increases greatly. If someone wishing to do damage gained access to one level of the smart grid, they could potentially gain access to much more. As grids get bigger, so does the problem. The issue itself isn’t exactly new, though.
While the Dr. Ghansah’s report is from 2009, attacks against smart grids were already a major cause for concern. He claims that the DHS gets daily reports of countries—possibly China and Russia, among others—infecting various grids such as water, electric, and waste. The CIA has also reported hackers causing blackouts in exchange for extortion money to turn the lights back on.
A Most Pressing Concern
Now, the situation is reaching a point where further lack of serious action could prove catastrophic. A report released on July 2 of this year by Bloomberg Businessweek discussed the revelation that several back-door attacks that have occurred within the past 15 months. Hackers “Dragonfly” and “Energetic Bear” were able to gain access to U.S. and European power networks relatively easily due to the system’s vulnerability.
The “Dragonfly” incident was particularly troubling because of its broad scope. A group of hackers, believed to be in Eastern Europe, ran a spam campaign against several power companies in February of last year. They gained access to the networks of three unnamed power companies. According to Bloomberg, the majority of the incidents were reported in Spain, the U.S., France, and Italy, though 84 countries were targeted. The hackers compromised industrial control systems and installed self-replicating malware, which spread to other computers.
Cyber security company Symantec helmed an investigation into the attacks. Eric Chen, a member of Symantec’s Security Technology and Response Team, told Bloomberg that the attacks were more than just espionage, and when the threat is fully assessed they’re “very concerned about sabotage.” Chien discussed a worst-case scenario in which systems could be shut down and the power could simply go out.
Cyber Intelligence Analyst at the Northern California Regional Intelligence Center Donovan Miguel McKendrick told Emergency Management in an interview that another worst case scenario could involve something as simple as a light bulb. Pointing specifically to the Philips Hue light bulb, a bulb that changes colors and can be controlled via a smartphone app, McKendrick says its inclusion in the smart grid could lead to potential troubles if it is accessed through a smart grid hack.
“Now suppose that light bulb is installed in an emergency room and someone shuts it off during a procedure. That’s a worst-case scenario,” McKendrick said.
The Challenge of Implementing Security Measures
What’s exceedingly clear is that something needs to be done sooner rather than later.
As Emergency Management reports, more than 26 percent of public and 28 percent of investor-owned utilities are currently in the planning stages for smart grids. In today’s hyper-fast modern world, security measures need to be preventative, not reactive.
The U.S. and Europe have already taken steps to fight smart grid attacks, though it is projected utilities’ spending for cyber security will increase dramatically over the next few years, with Europe’s set to more than double to 412 million euros by 2016 according to Bloomberg.
However, McKendrick believes the threat is still understated saying, “There’s no awareness about how serious it is.” He cites the lack of an immediate, personal impact as a driving factor for inaction.
Utilities, despite current efforts, are still slow to jump on board with serious cyber security measures. Budgets for preventative measures and research are increasing, but not rapidly enough. To fully protect the grid, massive updates need to be conducted.
Chief Technology Officer at WiFore Nick Hunn told Bloomberg Businessweek that he believes utilities are still thinking in the physical realm, much to their detriment.
“If you talk to the utilities about what you have to protect against, it’s about transformers shorting out and trees falling on lines,” Hunn said. “That’s what they’ve been dealing with for the past 100 years.”
Looking back to Dr. Ghansah’s report, one of the key findings is that grid firmware is in serious need of updating. He explains that proper, effective, and secure implementation of a patch or upgrade can take more than a year, meaning that by now, many utilities are already behind on their security systems.
It’s a problem that can’t afford to exist for much longer, though, as smart grid security can be the difference between keeping the lights on and being left in the dark.
Ofwat allows retailers to raise prices from April
Retailers can recover a portion of excess bad debt by temporarily increasing prices from April 2022, according to an Ofwat statement.
The regulator confirmed its view that levels of bad debt costs across the business retail market are exceeding 2% of non-household revenue, thereby allowing "a temporary increase" in the maximum prices. Adjustments to price caps will apply for a minimum of two years to reduce the step changes in price that customers might experience.
Measures introduced since March 2020 to contain the spread of Covid-19 could lead to retailers facing higher levels of customer bad debt. Retailers’ abilities to respond to this are expected to be constrained by Ofwat strengthening protections for non-household customers during Covid-19 and the presence of price caps.
In April last year, Ofwat committed to provide additional regulatory protection if bad debt costs across the market exceeded 2% of non-household revenue.
Georgina Mills, Business Retail Market Director at Ofwat said: “These decisions aim to protect the interests of non-household customers in the short and longer term, including from the risk of systemic Retailer failure as the business retail market continues to feel the impacts of COVID-19. By implementing market-wide adjustments to price caps, we aim to minimise any additional costs for customers in the shorter term by promoting efficiency and supporting competition.”
There are also three areas where Ofwat has not reached definitive conclusions and is seeking further evidence and views from stakeholders:
- Pooling excess bad debt costs – Ofwat proposes that the recovery of excess bad debt costs is pooled across all non-household customers, via a uniform uplift to price caps.
- Keeping open the option of not pursuing a true up – For example if outturn bad debt costs are not materially higher than the 2% threshold.
- Undertaking the true up – If a 'true up' is required, Ofwat has set out how it expects this to work in practice.
Further consultation on the proposed adjustments to REC price caps can be expected by December.
"While it’s great that regulators are helping the industry deal with bad debt in the wake of the pandemic, raising prices only treats the symptoms. Instead, water companies should head upstream, using customer data to identify and rectify the causes of bad debt, stop it at source and help prevent it from occurring in the first place," she said.
"While recouping costs is a must, water companies shouldn’t just rely on the regulator. Data can help companies segment customers, identify and assist customers that are struggling financially, avoiding penalising the entire customer in tackling the cause of the issue."
United Utilities picks up pipeline award
A race-against-time plumbing job to connect four huge water pipes into the large Haweswater Aqueduct in Cumbria saw United Utilities awarded Utility Project of the Year by Pipeline Industries Guild.
The Hallbank project, near Kendal, was completed within a tight eight-day deadline, in a storm and during the second COVID lockdown last November – and with three hours to spare. Principal construction manager John Dawson said the project helped boost the resilience of water supplies across the North West.
“I think what made us stand out was the scale, the use of future technology and the fact that we were really just one team, working collaboratively for a common goal," he said.
Camus Energy secures $16m funding
Camus Energy, which provides advanced grid management technology, has secured $16 million in a Series A round, led by Park West Asset Management and joined by Congruent Ventures, Wave Capital and other investors, including an investor-owned utility. Camus will leverage the operating capital to expand its grid management software platform to meet growing demand from utilities across North America.
As local utilities look to save money and increase their use of clean energy by tapping into low-cost and low-carbon local resources, Camus' grid management platform provides connectivity between the utility's operations team, its grid-connected equipment and customer devices.