Grego Grid JP Final

8/7/2019 Grego Grid JP Final

1/25


2/25

Grego 1

Contents

Executive Summary.............................................................................................................................. 2

Overview and Importance ........................... ............................ ....................... ................................ ...... 3

Background.......................................................................................................................................... 4

Smart Grid Defined .......................................................................................................................... 4

Strengths of the Smart Grid ....................... ............................... ....................... ................................ . 5

Weaknesses and Threats ............................ .............................. ...................... ................................ .. 6

Findings and Recommendations ........................................................................................................ 13

Information Sharing ....................................................................................................................... 14

Reserve and Redundancy ............................................................................................................... 15

Cyber Security ................................................................................................................................ 16

High Impact, Low Frequency (HILF) Events ..................................................................................... 19

Conclusion ............................................................................................................................................. 21

Endnotes ........................................................................................................................................... 23

Works Cited..23


3/25

Grego 2

Executive Summary

The implementation of the smart grid raises questions about the security and reliability of

the new system. Everything from physical and cyber attacks, to electromagnetic pulse and solar

storms all pose potentially serious risks to a smart system. Some of these threats are present in

the current system as well and will require collaborative strategies to ensure the security of the

US bulk power system.

The following report outlines the strengths and weaknesses of the current grid and the

potential smart grid. It highlights critical risk areas that could be exploited under a smart grid

system and also analyzes the current grid with respect to these security concerns. It concludes by

outlining key findings and recommendations for the future of the smart grid and the US bulk

power system.

KEY FINDINGS AND RECOMMENDATIONS

- Information Sharingo Information sharing will be critical across the entities responsible for the electric

grid and should remain a priority.- Reserve and Redundancy

o Contingency planning for an emergency should include the capability to replace

damaged equipment.

- Cyber Securityo The field of cyber security should be dealt with from every available perspective.

Diplomatic agreements, government coordination, and industry regulation shouldall be used to adapt to this quickly changing field.

- High Impact, Low Frequency (HILF) Eventso Industry regulators should remain conscious of possible events with grid wide

implications. Although unlikely, these events will have to be dealt with

separately to ensure the security of the power grid.


4/25

Grego 3

Overview and Importance

The implementation of smart grid technologies into the current electric infrastructure in

the United States has significant promise to increase efficiency and reliability but also poses

serious security questions. By Homeland Security Presidential Directive-7, the US electric

system has been identified as a primary concern of all infrastructure systems as a one of North

Americas Critical Infrastructure and Key Resource systems.1

The reliable and constant supply

of electricity is not only vital to maintain the current standard of living in the United States but

almost all industry, infrastructure, information and security entities are modeled with secure

access to electricity as a given. Therefore the need for a secure electric grid contributes to almost

all fields of US domestic policy.

The current grid system, through direct government and industry regulation has been able

to meet many security challenges by virtue of its excess capacity, detailed command systems,

and transmission redundancy. Excess capacity thresholds established and regulated by the North

American Electric Reliability Corporation (NERC)2

ensure that in the event of a failure of a

major generator there is reserve capacity in other generators to meet load demands. .3

Similarly,

the current bulk power system creates a large incentive for excess capacity because as the

demand for electricity varies throughout the day more producers are brought on line to meet the

increased demand at a higher price. Many plants lie dormant until a bulk power price threshold

is reached at which time they begin to sell power. This allows the market to bear significant

excess capacity that can be called upon in an emergency.

1Homeland Security Presidential Directive-7.Department of Homeland Security.December 13, 2003.

http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm 2

Reliability Standards North American Electric Reliability Corporation Website. Accessed 4/28/2011.

http://www.nerc.com/page.php?cid=2|203

Ibid.


5/25

Grego 4

Additionally, these communications are monitored and initiated by human controllers at

Regional Transmission Organizations (RTOs). This allows for executive control and support in

crisis management situations as well as prioritization of resources. Lastly, the grid has redundant

transmission and distribution routes built into it in order to incorporate the various producers and

markets. This ensures that the destruction of one line will not lead to compounding blackouts.

The smart grid also has particular strengths that can increase reliability in the current

grid. It has promise to do everything from efficiently distributing electricity in a consumer

conscious manner, to allowing for better energy storage to accommodate renewable energy

sources, to self-healing in the event of an outage or attack and providing forensic data analysis

of lapses in reliability.4

All of these elements have great promise to increase reliability and capabilities in a smart

grid system but there are vulnerabilities that would affect the Smart Grid just as much as the

current grid. Electronic components will always be vulnerable to electro-magnetic pulse in either

system. Also, the staff required to oversee and run the grid as well as the facilities themselves are

subject to attack. And lastly, both grids rely heavily on computer monitoring and data

transmission that needs to be protected for the grid to function.

Background

Smart Grid Defined

The Smart Grid is a concept for integrating new technologies into the electric grid. It is

comprised of a number of new innovations from demand-response monitors to improved

diagnostic data analysis and energy storage capabilities. The US Department of Energy (DOE)

and National Energy Technology Laboratorys Modern Grid Strategy project along with industry

leaders have established seven characteristics and implicit goals of a smart grid.

4Smart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm


6/25

Grego 5

1. Self-healing from power disturbance events

2. Enabling active participation by consumers in demand response

3. Operating resiliently against physical and cyber attack

4. Providing Power quality for 21st century needs

5. Accommodating all generation and storage options

6. Enabling new products, services, and markets

7. Optimizing assets and operating efficiently5

Taken individually, each of these criteria yields volumes of technical data and implementation

questions. However, taken as a whole they represent a working model of the smart grid. More

directly related to cyber-security is the issue of incorporating computer analysis and digital

communication into smart grid practices. While this is implied in characteristic number seven,

the digital data collection and transmission poses unique strengths and weaknesses that affect

security policy for the smart grid

Strengths of the Smart Grid

In theory, the smart grid will expand upon the current grid monitoring technologies and

use real time data analysis to record and mitigate distribution and outage issues. The mountain of

data produced over time by producers, distributers and individual demand response units could

streamline production and distribution. Also, the smart grids storage technologies could not only

allow for further integration of alternative energy sources such as wind as solar, which rely on

intermittent weather patterns and therefore require storage for large scale viability.6

Lastly, smart

grid technologies have the potential for automation and self-healing processes which could ease

the load on electricity managers and regulators as well as provide a back up emergency

management system in the case of a personnel crisis.

One risk highlighted by the North American Electric Reliability Corporations (NERC)

High Impact, Low Frequency (HILF) Study is that of a pandemic, which could drastically inhibit

5Smart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy.gov/smartgrid.htm

6Ibid.


7/25

Grego 6

the effectiveness of an actively managed grid.7

Smart grid technologies could replicate some

functions carried out by highly trained individuals in the event of such a personnel emergency.8

Weaknesses and Threats

While various elements of a smart grid system could prove advantageous from a security

perspective, data and decentralized control systems could provide access points for a slew of

cyber attacks ranging from personal data liability to denial of service. However, the Smart Grid

has will still be subject to certain threats that affect the security of the current grid. These

different threat types are outlined below.

Geomagnetic Disturbance (GMD), High Altitude Electro-Magnetic Pulse (HEMP)

The effect s of electromagnetic pulse on electrical systems has been well known and

documented since the early 20th

century. However, recent research has revealed new elements

and dangers to particular systems associated with the electric grid. In particular, unprotected

wires in command and control centers which are used for data rather than transmission have been

showed to be vulnerable to electro-magnetic pulse.9

This vulnerability exits in the current the

grid and will likely only be compounded in the Smart Grid with additional monitoring devices in

the system. The nature of the threat detailed below illustrates the potentially devastating effects

of electro-magnetic events on the grid.

7High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric

Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.8

Smart Grid US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm9

High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric

Reliability Corporation. Pp 61-72.


8/25

Grego 7

Case Study: Quebec 1989

On March 13th

, 1989 a severe geomagnetic event took place focusing around Quebec

Canada. At 2:44 AM it caused the shutdown of the entire Quebec grid and the loss of almost

10,000MW of generation. The approximate strength of the storm, measured in nT/min was about

500nT/min and had damaged transformers as far away as New Jersey.

What is most concerning about the 1989 storm was how a majority of the damage occurred

on equipment associated with 735kv transmission grid as opposed to the smaller distribution grid.

The storm created a 15% asymmetry in load on the grid and quickly overloaded transformers before

they could be taken off the grid.

Source: see endnotes

It is theorized that future potential storms could reach a magnitude of up to ten times the

power of the 1989 storm. If this happens large transmission lines could be the primary factor in

collecting and concentrating this energy that has the power to sweep across the grid and shut down

generation and transmission facilities.

Geomagnetic Disturbance (GMD) is caused by solar storms and the associated inflections

in the polarized electromagnetic field of the earth.10

This disturbance creates geomagnetically

iinduced currents (GIC) which are absorbed and concentrated in large scale power systems.

11

These currents have the potential to overload transformers and compensators in large scale


Reliability Corporation. p. 6111

Ibid.


9/25

Grego 8

electrical systems causing hardware damage and transmission outages.12

Significantly, high

voltage transmission lines are less resistant proportionately to GIC compared to lower voltage

lines.13

The larger voltages and capacities of these lines also serve to concentrate GIC more

effectively over space and increase the likelihood of transformer overload on the grid.14

Since GMD occurrences are forces of nature and completely unavoidable, protection

efforts in this category should focus on three critical steps; detection, preparation and mitigation,

and recovery/restoration. By detecting geomagnetic storms early enough, some actions could be

taken to prevent a cascading failure of key components of the grid. Solar storms, take mere

minutes to reach the earth however, with training and preparation this could be enough time to

isolate and protect key areas of the grid.15

Next, proper insulation and shielding of critical control

components and facilities should be incorporated to disperse the effects of the storm. And lastly,

any transformer, transmission line, or facility should have reconstruction and replacements plans

and procedures in place to account for loss of grid hardware.

The detonation of a nuclear weapon in high atmosphere, a so-called High Altitude

Electro-Magnetic Pulse (HEMP) is capable of radiating electromagnetic waves similar to those

emitted by GMD. Since HEMP weapons would require advanced nuclear weapon designs and

sophisticated delivery and targeting systems, they could likely be traced to their perpetrator and

their use deterred in the same manner as deterrence more generally. A HEMP weapon would

appear completely infeasible by any non-state group. Also, the actual effects on the greater

electric infrastructure of the US have been debated as different levels of mitigation to GMD

events already are in place. However, while further insulation and shielding standards could


Reliability Corporation. Pp 62-65.13

Ibid. pp 69-73.14

Ibid.15

Ibid. p. 19.


10/25

Grego 9

effectively mitigate both GMD and HEMP occurrences, unique policy to the threat of HEMP

should be the focus of international policy. A focus on prevention, deterrence, and detection

should effectively deal with the unique threat posed by HEMP.

Coordinated Cyber and Kinetic Attack

Large scale kinetic attack threats have existed as long as production facilities and

transmissions lined have comprised the grid. An effective attack on one or more facilities could

potentially knock out production capacity and transmission reach. Due to the physical

Case Study: Tres Amigas A compound vulnerability

The Tres Amigas Superstation is a proposed bridge between the three independent power

grid in the US; the Western, Eastern, and Texas interconnections. The facility would be

constructed near the Texas-New Mexico border and would allow for power transfers across all

three grids.

Source: http://www.tresamigasllc.com/about-overview.php

It would rely on new large capacity transmissions lines linking all three grids in one

location. As illustrated, these large capacity lines can concentrate and transfer geomagneticallyinduced current which can knock out transformers and transmission infrastructure. Any project

that calls for these large transmission lines will require a close examination of insulation

techniques to ensure it can withstand feasible amount of GMD. Also, a combined facility such as

this would be an appealing target to a traditional or cyber attack, which merits enhanced security


11/25

Grego 10

restrictions of electricity distribution, a smart grid would most likely have similar vulnerabilities.

The same security standards in place today should suffice for the physical security of smart grid

assets. In actuality, a responsive smart grid would by definition be able to respond more

effectively to loss of production or transmission routes than the current system.16However,

vulnerabilities in the information sharing, transmission, and processing inherent in the smart grid

could raise new vulnerabilities. NERC has highlighted eight unique capabilities of cyber attacks

that could potentially be used against a smart grid: Distributed Denial of Service (DDOS)

Attackattackers flood network resources to render physical systems unavailable or less than

fully responsive for a period of time

1. Rogue devicesan unauthorized device accesses the system, manipulating it or

providing incorrect data to system operators

2. Reconnaissance attacksprobing of a system to provide attackers information on

capabilities, vulnerabilities, and operation

3. Eavesdropping attacksviolations of confidentiality of communication within

network

4. Collateral damageunplanned side-effects of cyber attacks

5. Unauthorized access attacksattacks where the adversary exercises a degree of

control over the system and accesses and manipulates assets without authorization6. Unauthorized use of assets, resources, or informationattack in which assets,

services, or data are manipulated by an authorized user in an unauthorized manner.

This can result in system operators being given inaccurate information from a

trusted source, and thereby being misled into making decisions based on this data

that result in impacts to the system

7. Malicious code (Malware)viruses, worms, and Trojan Horses17

16Smart Grid US Department of Energy Website. http://www.oe.energy.gov/smartgrid.htm


Reliability Corporation. P. 29


12/25

Grego 11

An attack which used a variety of these methods could pose a serious threat. Even a coordinated

denial of service attack could potentially create load asymmetries in the grid to disrupt or

interrupt service.18

The field of cyber security is quickly changing and relatively new. Data heavy industries

such as banking and finance have implemented secure data servers and protocols to ensure

connections. Given the consolidated nature of the grid compared to the spread out and

decentralized structure of these other industries it is likely that the Smart Grid may be able to

secure its data as good as if not better then these other industries.

Personnel Vulnerabilities Staff and Data


Reliability Corporation. P. 29

Case Study: Stuxnet Vs. The Playstation Network

As discussed, cyber vulnerabilities can take on many forms and many motivations. Tworecent prominent events have highlighted the need for a dynamic cyber security strategy for the

safety of the smart grid.

First, Stuxnet was a computer worm that infiltrated and infected uranium enrichment

facilities in Iran. It targeted Supervisory Control and Data Acquisition (SCADA) used by the

Siemens hardware and resulted in the destruction of centrifuges and large set back to the Iranian

nuclear program.

Second, on April 20, 2011 the private network used by Sonys Playstation gamers was

hacked by what appears to an individual or small group. This was not a common Denial of

Service attack designed to shut down a system, rather it was a sophisticated infiltration of the

networks secured information that may have resulted in the leak of user credit card information,

addresses, etc.

These two separate reflect the diversity of the challenges of cyber security. Stuxnet was

state-run operation with clear political aims while the Playstation hack seems to be contributable

to a small motivated group. These both illustrate the diverse types of cyber threats that exist and

stress the importance of a flexible security plan for both the individual consumer and the grid as a

wh le.


13/25

Grego 12

The last vulnerability posed by smart grid implementation pertains to individuals and

customer data. NERCs research has focused on the threat of pandemics. However targeted

attacks on personnel have a just as much power to affect to the security of todays grid as well as

the smart grid. Any shortage of the already limited staffing of electric grid coordinators and

engineers could drastically hinder the effectiveness of the over 1,800 separate entities that make

up the command and distribution wing of the current electric grid.19

Therefore, essential personnel records and strategies should be developed to ensure that

critical individuals are given precedence for evacuations, vaccinations, and emergency

notification as NERC suggests

20

but additional physical security, resources, and background

checks should be allocated for people with significant influence in the system to protect them

from potential epidemics, emergencies, or directed threats.

Also, the implementation of the smart grid poses security concerns for the private

consumer as well. Separate from the macro-level grid oriented attacks of denial of service attacks

and like, personal data recorded on the smart grid could be accessed by unauthorized people if it

is not secured properly. It has been theorized that simple demand-response data could also reveal

personal data to criminals pertaining to anything from the time people leave their homes,

schedule a vacation, and pay their bills.

This vulnerability requires that secure communications between demand-response

systems and utility providers become a primary concern of smart grid implementation. Also,

compartmentalization of this data should be utilized to ensure that hole in one small area remains

confined to a limited area and a widespread connection patterns vary in encryption patterns and

purposes. Lastly, isolation of Supervisory Control and Data Acquisition (SCADA) should be


Reliability Corporation. p. 23.20

Ibid. pp 46-51.


14/25

Grego 13

isolated from internet servers as much as possible and the possibility of a separate secured

network along the lines of the Departments of Defenses Secure Internet Protocol Router

Network (SIPRnet) should be considered and investigated for large scale and inter-grid

information transmission.

Findings and Recommendations

If the proper steps are taken, it is fully possible for the smart grid to just as good as or

better than the current grid in dealing with the threats detailed above. As it stands, the present

grid is vulnerable to all the threats covered in this report just as the smart grid would be. The key

areas in which the security of the smart grid differs however is in cyber security for consumers

because the current grid already relies heavily on secure communications to function, and the

further expansion of high capacity transmission lines exemplified by the Tres Amigas project.

Either way, the recommendations listed below would enhance the security of the current grid and

smart grid initiatives.

- Information Sharing

o The US DOE, NERC, and FERC should work with their Canadian counterparts toensure a framework for the creation of cooperative research and standards.

o The US DOE and FERC should work with NOAA and NASA to create a grid wide

warning system for geo-magnetic spikes and other atmospheric events in line

with FERCs recommendation.

- Reserve and Redundancy

o FERC should implement the spare parts database in line with the findings of their

task force.

- Cyber Security

o The US DOE should submit to congress an initiative to commit to an international

definition of cyber attack, crime, and war.o The US DOE should attempt to target a portion of Smart Grid stimulus grants to

offset security costs in the development of new technology.

o NERC should work with industry leaders to create a best practices forum for the

purpose of pooling collected knowledge on massive data encryption.

- High Impact, Low Frequency (HILF) Events

o NERC should work with industry leaders to create a best practices forum for the



15/25

Grego 14

o NERC should direct and oversee the implementation of higher insulation

standards for command and control connections.

o The US DOE should mandate and oversee national contingency training

standards and drills across all essential grid entities.

Information Sharing

The US DOE, NERC, and FERC should work with their Canadian counterparts to

ensure a framework for the creation of cooperative research and standards.

Securing the smart grid will require pooled knowledge and experience from government,

industry, and private technology firms. Therefore it is imperative that the US DOE, its Canadian

counterpart, and industry leaders have a means to cooperate and coordinate on research and

mechanisms for dissemination of critical security information.

Among other benefits of this combined effort superior encryption techniques, enhanced

security software, and better smart meters could be developed by private research firms. The

smart grid will be more dependent on dispersed control elements than the current system,

exacerbating issues of interoperability. The electric industry as a whole will have to establish its

own system of interoperability standards, but government should also play a monitoring role to

ensure the security of the grid. .

The US DOE and FERC should work with NOAA and NASA to create a grid wide

warning system for geo-magnetic spikes and other atmospheric events in line with

FERCs recommendation.

To respond to major system wide threats such as GMD, HEMP, and combined Kinetic

and Cyber attacks the smart grid will have to rely on fast and accurate detection mechanisms in

order to ensure the protection of as many key components as possible. Rapid dissemination of

changing atmospheric conditions and problem outages could effectively reduce the impact of

natural disasters and malignant threats.21


Reliability Corporation. pp. 18-19


16/25

Grego 15

Therefore, the US and its Canadian partners should establish a system of information

sharing and dissemination between organizations with pertinent perspectives over threats to the

electric system. Most notably in the US this would encompass the Department of Defense,

Department of Homeland Security, and the Department of Energy concerning domestic kinetic

and cyber threats and National Aeronautics and Space Association (NASA) and National

Oceanic and Atmospheric Administration (NOAA) concerning GMD and HEMP threats.

Given the two governments interconnected grids, similar incentive for cooperation, and

diplomatic ties, it would be beneficial to the security of the entire North American grid to have

both governments and their grid monitoring bodies working together to ensure a rapid system of

information dissemination in the event of an emergency.

Further, interagency alarm systems should be established similar to those in Quebec after

the GMD storm of 198922

to ensure immediate notification and action throughout the entire

affected area that can be triggered from central monitoring agencies (NOAA) to further establish

quick and effective response protocols.

Reserve and Redundancy

FERC should implement the spare parts database in line with the findings of

their task force.

Even if all known strategies of security and risk mitigation are implemented that certain

breakdowns in the grid can and will happen eventually. A catastrophic GMD event will be

impossible to prevent or completely shield the grid from and outages and unscheduled equipment

failures happen even when all due care is taken to prevent them.

It is therefore necessary that critical replacement components are available to deal with

crises in the grid. NERCs recommendation of reopening the Spare Parts Database which


Reliability Corporation. pp. 62-65.


17/25

Grego 16

provided grid distributing bodies a central database of all reserve components nationwide23

should be carried out. This would allow a critically damaged area to benefit from the stocks of an

unaffected are in the event of an emergency.

Many of the major components in the grid, transformers, static var compensators, etc.

have replacement times ranging between 1 to 2 years and for many of them there is little or no

capacity for producing them domestically.24

While it may be uneconomical to push for the

opening of new production plants as NERC suggests25

the industry should be pushed to enforce

its own replacement parts threshold as it does for production capacity.26

Cyber Security

The US DOE should submit to congress an initiative to commit to an

international definition of cyber attack, crime, and war.

The field of cyber security is evolving rapidly. With new areas and issues a dialogue is

often needed to standardize discussions and negotiations in order to create transparency and

clarity in diplomatic agreements.

Therefore, the US should take the lead in committing to an international definition of

what constitutes cyber war, a cyber crime, and a cyber attack. This differentiation would aid

policy makers but it would also empower domestic security bodies to deal with each of these

threats in varying degrees of magnitude. Since cyber attacks are difficult to trace and analyze, a

framework for differentiating different cyber threats would give the public and decision makers a

better grasp of different threats.

23Spare Parts Database Task Force. North American Reliability Corporation Website. Accessed 4/20/2011.

http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf24

High-Impact, Low Frequency Event Risk to the North American Bulk Power System North American Electric

Reliability Corporation. p. 9825

Ibid.26

Ibid.


18/25


19/25

Grego 18

Also, isolation of Supervisory Control and Data Acquisition (SCADA) should be isolated

from internet servers as much as possible and the possibility of a separate secured network along

the lines of the Departments of Defenses Secure Internet Protocol Router Network (SIPRnet)

should be considered and investigated for large scale and inter-grid information transmission.

The US DOE should attempt to target a portion of Smart Grid stimulus grants to

offset security costs in the development of new technology.

Much of smart grid implementation is based on efficiency and cost-effectiveness. These

new technologies are competing with old ones to show that over the long run, an investment in

the smart grid technologies will pay off for individuals and governments alike. However, this

cost restraint has led to a reduction in research and development of security measures in smart

grid technologies in an attempt to minimize overall costs.29

Effectively, the elements that make smart grid technologies so appealing (information

sharing, real time feedback, etc.) have also posed security risks whose mitigation requires

additional security measures as opposed to their predecessors.

Because smart grid technologies with substandard security measures are already on the

market, the US government should mandate information security standards on all electric grid

products and should allocate a portion of the current smart grid subsidies to offsetting the

research and development costs of producers of smart grid technologies in order to ensure they

are safe and competitive at the same time. This would ensure that new smart grid products, like

various smart meters, would meet the highest level of security needed without inflating the costs

to the point at which they become inhibitive.

NERC should work with industry leaders to create a best practices forum for the


29Hathaway, Melissa. Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure. Scientific

American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com/article.cfm?id=power-hackers


20/25

Grego 19

The smart grid will rely on millions of data transfers everyday to function the way it has

promised to. Each one can be potentially used against the grid or its customers by malignant

actors. However, hope lies in the fact that other industries have incorporated data exchange

systems just as active while still remaining secure.

The current banking and securities exchange systems in the US transmits mountains of

data, both numerical and personal across different entities and businesses everyday with

relatively few incidents of electronic breaches in security.30

The same security measures that

have worked for years for banks could also work for the smart grid.

The US DOE should work with electric industry leaders and the leaders of industries

which have already implemented significant data transfer systems to facilitate discussion,

cooperation, and dissemination of best practices between industry leaders to ensure that the

transfer of data over the smart grid is as secure as the transfer of data between peoples bank

accounts.

High Impact, Low Frequency (HILF)Events

The US DOE and NERC should devise a plan for grid automation in the event of

a national emergency.

HILF events pose a system wide threat to the grid. Both the current grid and a future

smart grid will be somewhat vulnerable to unlikely but possible events that would require grid

wide mitigation strategies. This makes funding an issue for countermeasures to HILF events

important because these events can never be completely prevented or mitigated.

One such event is a pandemic in which functioning populations would be sharply

decreased affecting the numbers of engineers experienced enough to run the system. . The smart

30Cyber Security for the Banking and Finance Sector. Wiley Handbook of Science and Technology for Homeland

Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.

http://www.fsround.org/hyperlink/hhs460.pdf


21/25

Grego 20

grid could drastically reduce the risk associated with this shortage through levels of automation

and computer control of the grid system.

The US DOE should ensure that all automated functions of the smart grid have manual

oversight and override functions. But in an emergency situation when the managers of these

systems become compromised, the US DOE should ensure that there are automated measures in

place to keep the grid running effectively with limited personnel.

NERC should direct and oversee the implementation of higher insulation

standards for command and control connections.

Another major risk to the grid system is induced current along power lines from a GMD

or HEMP event. NERC research has shown that major transmission and distribution lines are

effectively resistant to induced current.31

However, many common components used in

command and control centers such as computer and control board wiring do not have the

shielding and protection found in transmission lines32

The smart grid compounds this issue because the command and control functions would

be expanded to include data centers and more advanced smart monitoring systems. Now an

induced current would have a much greater effect on these more diverse systems simply through

higher exposure of data centers and networks.

The US DOE and industry leaders should examine the shielding methods used across the

industry for current command and control centers as well as developing smart grid technologies

in order to ensure that critical components could survive or could be quickly repaired or replaced

in the event of an induced current scenario.

The US DOE should mandate and oversee national contingency training

standards and drills across all essential grid entities.


Reliability Corporation. pp. 61-7332

Ibid. pp. 79-93


22/25


23/25


24/25

Grego 23

Endnotes

1). Quebec 1989 case study cited from: High-Impact, Low Frequency Event Risk to the North American

Bulk Power System North American Electric Reliability Corporation. pp. 61-73

Photo from:http://www.google.com/imgres?imgurl=http://c2h2.ifa.hawaii.edu/images/outreach/spaceweather/qu

ebec_superstorm.gif&imgrefurl=http://c2h2.ifa.hawaii.edu/Pages/Education/space_weather_geomagn

etic.php&usg=__PrqU5IRFtFeT4BJ2i-JN9tsJYaA=&h=449&w=63

2&sz=33&hl=en&start=0&sig2=EZ3SGBwmyROzqd54jF86UQ& zoom=1&tbnid=Ib4IaDQTLDww-

M:&tbnh=117&tbnw=164&ei=seO_TbrLC8eatwfL8 5i_BQ&prev=/search%3

Fq%3Dmetatech%2Bquebec%2B1989%26um%3D1%26hl%3Den%26sa%3DN%26biw%3D1280%26bih%3

D685%26tbm%3Disch&um=1&itbs=1&iact=hc&vpx=125&vpy=93&dur=330&hovh=117&hovw=164&tx=

187&ty=67&page=1&ndsp=24&ved=1t:429,r:0,s:0

2) Tres Amigas Case Study cited from: Overview of Tres Amigas. Tres Amigas LLC website.

http://www.tresamigasllc.com/about-overview.php. Accessed 5/2/2011.

3) Stuxnet and Playstation Case study cited from:

McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010.

Accessed 4/24/2011/.

http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_hit_

industrial_systems?taxonomyName=Network+Security&taxonomyId=142

Thomas, Keir. Sony Makes it Official: Playstation Network Got Hacked. PC World. 4/23/2011. Accessed

5/1/2011.

http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_network_hacked.html

Works Cited

iCyber Security for the Banking and Finance Sector. Wiley Handbook of Science and Technology for

Homeland Security, Edited by John G. Voeller. John Wiley & Sons, Inc. 2008. Accessed 4/12/2011.

http://www.fsround.org/hyperlink/hhs460.pdf

iHathaway, Melissa. Power Hackers: The US Smart Grid is Shaping up to be Dangerously Insecure.

Scientific American. 10/5/2011. Accessed 4/5/2011. http://www.scientificamerican.com

/article.cfm?id=power-hackers

iHigh-Impact, Low Frequency Event Risk to the North American Bulk Power System North American

Electric

Reliability Corporation. June 2010. http://www.nerc.com/files/HILF.pdf p. 2.


25/25

Grego 24

iHomeland Security PresidentialDirective-7. Department of Homeland Security.December 13, 2003.

http://www.dhs.gov/xabout/laws/gc_1214597989952.shtm

McMillan, Robert "Siemens: Stuxnet worm hit industrial systems". Computerworld. 9/16/2010. Accessed

4/24/2011/. http://www.computerworld.com/s/article/print/9185419/Siemens_Stuxnet_worm_

hit_industrial_systems?taxonomyName=Network+Security&taxonomyId=142

Reliability Standards North American Electric Reliability Corporation Website. Accessed 4/28/2011.

http://www.nerc.com/page.php?cid=2|20

iSmart Grid Department of Energy Website Accessed 4/30/2011. http://www.oe.energy. gov/

smartgrid.htm

iSpare Parts Database Task Force. North American Reliability Corporation Website. Accessd

4/20/2011. http://www.nerc.com/docs/pc/sedtf/PC-SEDTF_Sep_2010_Scope_v7.pdf

iThomas, Keir. Sony Makes it Official: Playstation Network Got Hacked. PC World. 4/23/2011.

Accessed 5/1/2011. http://www.pcworld.com/article/226128/sony_makes_it_official_playstation_net

work_hacked.html

Grego Grid JP Final

Documents

Transcript of Grego Grid JP Final