By Kennedy Maize
A report in the Wall Street Journal that Russian and Chinese spy hackers have penetrated the U.S. electric power grid, and left malware and root kits, cyber time bombs, to explode in the future strikes me as bogus. The story had no named sources, and the details were sketchy at best. Where were the penetrations? How could a sabotaged substation bring down the grid? Which grid were they talking about?
My suspicion is that someone in the U.S. government with a bureaucratic axe to grind –maybe the Department of Energy, maybe the Department of Homeland Security – planted the story in order to raise the profile of cybersecurity on the grid at a time when the Obama administration is due to issue a report on the issue. Major funding could be at stake. As someone who has covered energy and environmental politics in Washington for 40 years, this would come as no surprise.
Cybersecurity and the grid is clearly is an issue worth discussing.
That’s why I suggest that the vaunted “smart grid” ultimately could be stupid and, so far, is incoherent. To date, the smart grid resembles what former supreme court justice Potter Stewart in 1964 said about pornography: “I don’t know what it is, but I know it when I see it.”
For starters, what is the grid? Is it high-voltage, long-distance transmission? Is it local distribution to the house and factory? Is it both? Does anybody know?
Is the role of the smart grid to interconnect remote generation of renewables – wind, solar, and geothermal – to load, or is it to promote efficient use of existing technologies and ideas such as time-of-day pricing and peak shaving? Two different roles, and two different technical requirements.
If future investments in the grid are designed to bring renewables to market, what’s required is a strong, long-distance grid. Muscles, not smarts. If the goal is to interconnect your toaster to your local utility so they can talk to each other, that’s something else entirely. Both roles are expensive; to pretend that they are mutually achievable is fantasy.
There are additional fundamental questions that will delay any major deployment. Where is the demarcation between the federal authority over interstate transmission and the state authority over retail distribution? How do the FERC, the NERC and state and local authorities fit in? This was a fundamental issue when the Federal Energy Regulatory Commission in the 1990s was considering electric competition (known as the “bright line debate”). It was also a key reason why Congress was unable to deal with electricity policy from 1992 to 2005. At both the FERC and Congress, in the Energy Policy Act of 2005, the policymakers ducked the issue.
More questions. Should the “smart grid” use existing, available internet interconnection protocols, or separate, cybersecure, networks? Which course renders the grid less susceptible to outside attack, and what course requires less smarts and more muscle? Is reliability and defensibility more or less important than intelligent behavior?
These are basic questions about the notion of a “smart grid” that precede second-order, but also difficult, questions about what steps might be necessary to protect the grid, whether smart or strong, from attack. If a smart, two-way, grid requires a series of modem-like dongles clinging to distribution lines, what’s to prevent anyone with a .22 rifle from wrecking havoc and rendering the smart grid brainless?
How can a long-distance, high-voltage transmission system connecting renewable generation in the remote areas of the U.S. to concentrated loads in the East be protected from a couple of wing nuts with C5 shape charges from blowing up the transmission towers and bringing down the entire system?
Is a neural network transmission and distribution system – modeled on the Internet – more or less susceptible to cyber attacks? Is software available to isolate attacks and reroute data? That was the basic idea behind the Internet when Vint Cerf worked at DOD and invented the internet protocol, but it seems that defense information systems have become vulnerable to attack as a result.
In summary, I doubt that hackers from anywhere have mounted credible threats against the U.S. transmission and distribution grid. That’s because the current grid is stupid. That may be a good thing. A stupid but muscular grid may be better for the nation than a smart, but vulnerable, grid. I’d spend the money on muscle and worry about smarts later.