Are smart grids really smart when it comes to security?

You’ve probably heard of ‘smart grids’, which have been in the news surrounding the Ministry of Power’s National Smart Grid Mission (NSGM). But what is a smart grid, and is it really “smart,” especially when it comes to security?

The term ‘grid’ is used to describe our ever-expanding electrical production and delivery network, which includes the series of network connections from the moment electrical power is generated to when it is consumed in our homes, government facilities and industry. It includes generation and control systems, transmission lines, substations, transformers and meters. The national grid in India is the world’s fifth largest, with a total installed capacity of 345.5 GW. India has more than 10,558,177 km of high-power transmission lines greater than 400 Volts that comprise the network grid, which is estimated to rise to 10,667,859 km by the end of next year.

Despite infrastructure growth, India has over 160 million people still without electricity. India produces a surplus of energy, yet it has Aggregate Transmission and Commercial (ATC) losses, both technical and non-technical, of nearly 18.75%, compared to a loss of only 9.43% in the US. Non-technical losses are caused by illegal line-tapping, faulty electric meters, false power generation estimates and incorrect use measures. Replacing faulty meters alone has been estimated to reduce ATC losses by more than 5%. That’s where smart grids come into play.

What makes grids “smart” is the increasing use of digital technology, with two-way communications between electricity producers and consumers, as well as increased sensing throughout the transmission network to monitor the flow, demand and actual consumption of electricity. The smart grid network consists of controls, computers, automated systems and sensors, as well as new technologies and equipment which work together to respond immediately to our changing electrical demands.

Digital monitoring and communication technology will enable the energy industry to move into the future while providing reliable and efficient energy for a vibrant economy and improved lifestyle. Common benefits of smart grid technology include more efficient transmission of electricity, immediate detection of power disturbances and restoration of electrical transmission, and reduced operations and management costs, which translate to lower power costs for consumers. Some of the most important areas of smart grid technology will be the capacity to anticipate and reduce peak loads and energy demand periods, as well as increased integration of large-scale renewable energy systems into the grid. This will reduce potential blackouts, and the disruptive effects to banking, communications, traffic and our security.

Smart grid technology will add resiliency to our networks, minimising outages, enabling automatic re-routing when equipment fails, and providing two-way interactive capacity. Smart grids will be able to detect and isolate outages, containing them before they become full-scale blackouts.

During an emergency, it can increase recovery responses by quickly routing electricity to emergency services first, then restoring power where needed on a prioritised basis. Smart systems are also designed to allow distributed generation resources, taking advantage of customer-owned power generators to produce power when it’s not available from local utilities. But could our “smart” grid systems be a vulnerability?

Many experts think it could become so if security is not built into the emerging systems. First, the smart grid ultimately consists of millions of pieces and parts, including control systems, computers, power lines, and new, emerging technologies and equipment that are just now coming online. Many of these new technologies have yet to be perfected and will need additional time to do so. The parts and pieces are being installed nearly as soon as they are developed. In some cases, installations are occurring with minimal systems testing before they become fully functional online.

Much like the Internet of today, we are building systems of systems for our electrical grids. Since these systems are not isolated, each interface brings with it potential vulnerabilities.

An Electrical Power Research Institute (EPRI) report says, cybersecurity of smart grid systems is a critical issue “… due to the increasing potential of cyber-attacks and incidents against this critical sector as it becomes more and more interconnected.” The scope of potential attacks ranges from deliberate criminal and terrorist attacks outside the organisations to disgruntled employees, careless employees who open vulnerabilities, and industrial espionage on the inside. Inadvertent compromises springing from equipment failure or user errors could open vulnerabilities for attackers to penetrate the network, gain access to control systems and software, and begin altering electrical loads or completely destabilising the electrical distribution system.

Since the smart grid is composed of multiple systems connected to and interacting with one another through a variety of access points, each component and access point provides potential vulnerabilities for attack. The systems use commercially available off-the-shelf hardware, as well as software, making the systems vulnerable to any number of attack models currently in use against computer systems and our internet connections. These include denial of service attacks, wormhole attacks and ransomware.

Since smart grids collect massive amounts of user data, as well as operational systems control data, vulnerabilities could allow attackers to access this information to the detriment of the consumer by having their information sold, compromise their credit cards or billing information. More importantly, access to operational control data could result in more system outages and damage to commerce, banking, ports and airports, and the overall industrial and economic life upon which the nation depends.

As we go forward with new implementations of smart grid, consumers must remind government and industry of the importance of placing updated security controls with each new system.

(Iyengar is Director, School of Computing and Information Sciences, Florida International University; Miller is Associate Director, Robotics and Wireless Systems, FIU; Madni is Distinguished Scientist, UCLA Electrical and Computer Engineering Department)