By Jeff St. John
They make communications networks that are secure enough for the U.S. military, so why not do the same for the nation's utilities?
Defense contractors like Lockheed Martin (NYSE:LMT), Boeing (NYSE:BA) and Raytheon (NYSE:RTN) have been making an under-the-radar push into smart grid cybersecurity projects of late – especially when it comes to slapping their security badges on smart grid projects seeking federal stimulus funds.
Boeing was named as a security partner on Southern California Edison's $60 million request to connect a 32-megawatt wind storage battery to the grid, and Raytheon plans to help Tucson Electric Power get a $25 million grant to link solar panels and in-home energy management systems (see SoCal Edison Wants A123's Biggest Grid Battery Ever and Green Light post).
Lockheed Martin, for its part, is involved with eight utilities seeking Department of Energy smart grid grants, including a $150 million smart grid project being proposed by American Electric Power Co. in Ohio and PPL Electric Utilities' $38 million proposal to pilot smart grid technology in the area of Harrisburg, Pa.
Other Lockheed projects include two mid-size smart meter deployments, a distribution automation system being built by a major utility and some "microgrid" projects linking buildings to smart grid systems, said Ken Van Meter, a principal in Lockheed's enterprise integration group.
Lockheed is working with construction firm Black & Veatch on smart grid projects, and offers systems integration and energy efficiency services as well as cybersecurity (see Green Light post).
But cybersecurity is Lockheed's "A-plus-plus-plus product" when it comes to utility customers, Van Meter said.
Given the decades-old technology of today's grid, "almost everything in the conventional networks right now is manual" control, he said. "It's pretty hard to cause widespread damage, and it's almost impossible to cause remote damage."
But add IT to that grid, and you open the grid to hacking, he said. Gaining control over automated shut-down features at homes, substations and other points of the grid could give tamperers the ability to disrupt power for lots of customers, including such critical systems as airport runway lighting and city traffic light systems, he said.
President Barack Obama cited smart grid security as one reason for creating a new White House "cybersecurity czar" position, shortly after an anonymously sourced Wall Street Journal article claimed that foreign spies had infiltrated a power grid system with software meant to disrupt it.
The security of smart meter networks – one of the first big smart grid project utilities often undertake – has been under scrutiny for some time now. One of the most widely publicized critics is IOActive, which said in March that it had devised a computer worm it has previously claimed could hack a smart meter system to boost or cut power to millions of homes at once (see Hacking the Grid, is Smarter Less Secure?).
The makers of smart grid equipment and systems say their security can meet impending federal guidelines for protecting the electricity grid from tampering (see Smart Meter Security: A Work in Progress).
Still, as far as DOE's $3.9 billion in smart grid stimulus funds go, its guidelines make it clear that the DOE has the right to reject applications that don't provide "reasonable assurance that their cyber security will provide protection against broad based systemic failures in the electric grid in the event of a cyber security breach" (see Green Light post).
Beyond stimulus, the National Institute of Standards and Technology, which is developing a set of standards for the smart grid, has named cybersecurity as one of its top concerns (see DOE Issues Rules for $3.9B in Smart Grid Stimulus Grants).
At the same time, the North American Electric Reliability Council, an industry group with federal mandate to set utility regulations, is updating its security requirements in a way that could challenge some smart grid projects, Van Meter said.
At least one unnamed utility customers of Lockheed's had to shut down a smart grid system because it lacked the monitoring and control systems that the so-called NERC-CIP (critical infrastructure protection) rules required, he said. Lockheed's working on fixing the problem, he added.
Van Meter didn't say which technologies were involved in the utility in question. As far as the wide variety of communications now in use to carry smart grid data - utility-owned wireless mesh, cellular networks, powerline communications, broadband networks and others – he didn't see any one being more or less secure by nature.
"All of them can be made safe and secure with appropriate techniques," he said. Lockheed is "talking to" vendors of devices developing systems using technologies that fall under the HomePlug powerline carrier and ZigBee wireless umbrellas, and has also talked with Microsoft about its web-based Hohm energy management platform, he said (see Microsoft Launches Home Energy Site, Sees Devices, Demand Management in Future).
As far as the costs of getting U.S. military-grade security for their smart grid networks, Van Meter didn't disclose dollar figures, but said utilities haven't given Lockheed any "push-back" on prices yet.
"The cost of securing is miniscule compared to the cost of not securing," he said.