Cisco: Smart Grids Mean More Security Risks For Utilities

Electricity grids need more intelligence to cope with the addition of energy from renewable sources such as wind and solar, as they previously haven’t had to cope with such variable supplies.

Smart grids are also about reducing wasted energy from every part of the supply chain and giving energy customers more insight and control over their energy use and crucially their energy bills.

But adding sophistication also comes at a price both in financial terms but also from a security perspective as a case earlier this year highlighted when researchers from US security consultancy IOActive created a worm that could spread from one smart metering device to another thanks to the wireless technology that is used to connect them.

Faced with implementing technology that has more in common with elements of the internet – think of smart meters as PCs connected to a wider network – than traditional power infrastructure has seen utility companies turn to companies with expertise in that area such as IBM and Cisco. The two companies have seized on the smart grid arena as a source of future revenues and embarked on separate strategies, as well as joint projects, to grab a slice of the market.

Cisco announced in May a plan to bring its networking expertise to the smart grid space with the company estimating that creating more efficient power grids could grow into a $20-billion-a-year business within five years.

eWeek Europe UK spoke with Christian Feisst, director, Smart Grids, Cisco Internet Business Solutions Group this week to find out how his company is advising utilities and government on the potentials and pitfalls of smart grids and what credentials a company best known for internet switching technology can bring to energy utilities.

Q: Let’s kick off with the issue of security which is probably a major concern for governments and utilities right now as power generation is seen as critical national infrastructure which might be targeted by hackers. Does the introduction of more sophistication into power grids come with potential inherent security risks?

A: Absolutely and not just potentially. As soon as a system is digitalised, there is always the question of security. We believe we can definitely manage that as we have huge experience in the security space. But it is one of the most important aspects and before you start to roll out smart grid technology, you definitely have to have a security concept in place. You can learn a lot from the internet but its even more critical in terms of the infrastructure.

Q: Given that, is the sophistication that you can decide to introduce into the grid constrained by security risks at all or do the security considerations come after the system has already been planned?

A: I don’t think it’s a question of how smart do you want to build the grid, I think it’s more or less a given. If you look at the agenda on the political landscape then there is a goal by 2022 to have a lot of renewable generation sources on the grid. For instance in Germany, every new house that is built must have some sort of distributed generation inside which means you have to be able to integrate that into the system. You cannot just say you won’t build it very smart because by definition you have to build it very smart to cope.

Q: Do you see the end-points – the smart meters – as the weak link in the security chain or are other points potentially open to hacking?

A: We had an interesting debate yesterday with our customers. One thing is you hack one smart meter but nothing much will happen in the system as neither the financial or the technical impact is significant. But it could be significant if you manage to hack all the meters in a certain region and that must be avoided. At the moment all the smart meters have the same encryption key so once you break into one smart meter you are theoretically able to break into all of them which should not be the case. Something we learned from the internet is don’t have one encryption key for all the devices but separate keys for each device. This is not something ulities have needed to consider before but we can help them with.

Q: Stepping out to look at the bigger picture, could you just explain a little about how Cisco’s background as a networking company applies to smart grids and what expertise you bring to what is a step away from what the company has specialised in to date?

A: If you think about what a smart meter is – its essentially a device that measures consumption but communicates that information back to a concentrator which is in a secondary substation and then back to a data centre. So data centre is one of our core capabilities [Cisco boss John Chambers announced a data centre push in July this year http://www.techweekeurope.co.uk/news/-cisco-pushes-beyond-traditional-roots-to-challenge-hp–ibm—1265] and second of all connectivity – the connection between a smart meter and the concentrator and connection between the concentrator and the data centre – that is all about connectivity which is where we have our core capabilities. Clearly we will never produce smart meters – that is not our business – but producing the connectivity and security elements on top of that is definitely our business. There is also the question of whether the smart meter is the end-point or whether you have home energy management systems or business energy management systems where we today already have technology.