Security (and other) Take-aways from GTM's Networked Grid 2010

I had the pleasure of attending and speaking at Greentech Media's annual Smart Grid conference in Palm Springs last week, and it was nothing less than a life affirming experience. One reason is because I finally got to see my first real wind farm and it was a doozy: thousands of turbines in one valley means you can drive at 70 mph for ten minutes and still find yourself surrounded by them. More on the San Gorgonio Pass Wind Farm can be found here.

But as with every good conference, it's the variety, depth of knowledge and generosity of the speakers and fellow participants that can make it a great experience. I had the privilege of moderating a strong panel on Smart Grid security topics that included:

• Saadat Malik, Cisco
• Rick Stephenson, Revere Security
• Tom Parker, Securicon
• Rilck Noel, Verizon Business

We began with this simultaneously humorous and cautionary anecdote from Smart Grid security guru, Massoud Amin of University of Minnesota, drawn from his most recent whitepaper:

Consider the following “sanitized” conversation showing the lack of awareness of inadvertent connection to the Internet for a power plant (200–250MW, gas-fired turbine, combined cycle, five years old, two operators, and typical multi-screen layout).

M.A.: Do you worry about cyber threats?

Operator: No, we are completely disconnected from the net.

M.A.: That’s great! This is a peaking unit, how do you know how much power to make?

Operator: The office receives an order from the ISO, then sends it over to us. We get the message here on this screen.

M.A.: Is that message coming in over the Internet?

Operator: Yes, we can see all the ISO to company traffic. Oh, that’s not good, is it?

The panelists then addressed a wide range of questions, some from me, and then some better ones from the attendees. The main message the panelists conveyed was that while the press loves to spread fears that Smart Grid vulnerabilities will create chaos, information on what's being done to secure the system in the trenches is the most effective counterbalance. These guys were good.

For me, though, the takeaways from this conference were several and often not directly related to security concerns. Here's three for you:

• In a Home Area Network (HAN) panel, after lots of discussion on new functionality for homeowners and their utilities and service providers, a man stood up, and, addressing CEOs from HAN start-ups, spoke with authority: "I see your focus is on new Smart Grid functionality and capabilities. But remember: reliability trumps everything. Don't forget it." He's right of course, and it was a sobering moment
• It was clear there was quite a bit of buzz about what microgrids might do to the industry, particularly from a business model point of view. Seemed to me that most of the utility pro's there might want to urge their orgs to get out in front of this movement before it goes around them
• Lastly ... Holy crap this Smart Grid thing is complicated and complex - so many moving parts - so much we don't know yet about its ultimate shape, size and function. Good luck to all of us !!!

Photo credit: Wikimedia Commons