from my mind to yours...

April 2009
« Mar   May »
Is a Smart Grid Really That Smart?
Filed under: Politics and Economics, Technology and the Law
Posted by: site admin @ 9:55 am

If you want to consider the security future of the smart
grid, you need to consider the success of Digital Rights Management
(DRM) in music. More specifically, the lack of success.

I realize this may seem to be completely unrelated, but it’s not for a
fundamental reason: secure protocols are about enabling A & B to
communicate while simultaneously keeping C from knowing what they are
communicating. It can never completely resolve the problem of A
communicating with B while simultaneously controlling B’s access to the
information communicated. Vendors of copyrighted material (music,
video, books) have watched repeatedly as one encryption scheme after
another has been broken, with the result that purchasers of DRM’d
material have been able to copy the end product at will in an
unprotected state.

What does this mean for the smart grid? There is no way to prevent
those who would attack the grid from becoming part of the grid and
attacking it from the inside. No matter how much encryption is used,
someone will be able to break the encryption scheme because the
destination end point must be given both the cyphertext and the key at
some point. Intercepting this transmission at the appropriate point
isn’t difficult. Once that is done,  malicious smart grid end points
will be able to send false information back into the grid, doing such
things as creating rapidly fluctuating demand signals, make false
responses to received commands, etc. Depending on what the endpoints
are instructed to do and how they are coordinated, this could create
some very interesting problems.

There’s another problem with the smart grid - emergent behavior and the
inherent weakness of complex systems. As systems become more complex,
they begin to exhibit reliability problems and other inherent
weaknesses. Attempting to correct this problem by adding additional
checks and counter checks only makes the resulting system even more
complex, which creates more potential points of failure. As the number
of places that can fail increases, we inexorably move towards a point
where we the probability that something has failed at any given time
approaches 1. On top of this, complex systems also exhibit emergent
behavior - where the whole behavior of the systems is greater than the
sum of its parts - in ways that have not been predicted or planned for.
And all of this occurs even if there’s nobody malicious out there
attempting to exploit the system.

The history of the Internet is instructive here. The origins of the
Internet go back to the last 60’s when ARPAnet first came online. It is
now 2009 and we still run into problems with things like denial of
service attacks – 40 years later. While, we’ve obviously learned some
things during this time and can avoid many of the problems of the past,
we should also have learned that getting things right the first time is
probably impossible. The difference between failure on the Internet and
failure in the power grid, however, is that we have backup systems if
the Internet fails.  We can use telephone (provided it isn’t VoIP) or
even snail mail. If the power grid fails, we have no system wide backup
plan that enables those at the end points to continue functioning while
the power grid comes back online.

Further, the goal of the smart grid is efficiency.  Private
enterprise, and the shareholders that fund it, desire efficiency
because it means a better return on assets. Individual investors don’t
want capital tied up in non income producing assets. The government
also wants efficiency because wasted energy production contributes
greenhouse gas and other environmental problems. The problem with
efficiency is that it means operating at close to capacity on a
continual basis.  When capacity drops suddenly, systemic failures
occur. Further, it only takes a small change in the relationship
between supply and demand to cause this problem to occur. And once the
problem occurs, it can require demand dropping not just to prior levels
but significantly below them in order to clear out the congestion. One
need only look at a traffic jam to see a common example of this

In this era, when it takes minutes to distribute a successful exploit
worldwide, but can take months to fix it, the asymmetrical nature of
the threat dictates a radical response.  Eventually, proponents of the
smart grid are going to realize this. When they do, they’ll realize
that the smartest thing for the grid is no grid at all. In other words,
distributed generation and islands of power. Physical isolation
ultimately is the simplest way to protect any grid if you’re going to
make it smart. Of course, if you keep it dumb, this isn’t a problem.

1 comment