Iowa State team to examine Smart Grid vulnerabilities

Courtesy graphic: Energy.gov

Smart Grid Investment Grants

Kaleb Warnock

ISU researchers are analyzing President Obama’s Smart Grid initiative.

Govindarasu Manimaran, associate professor of electrical and computer engineering, is working with a team of researchers to study the potential security vulnerabilities with this initiative.

The United States is currently in the process of adopting a Smart Grid that will link the entire bulk power grid of the country in order to record and transmit consumption data in real time. It will also incorporate energy meters that send signals from private homes to things like power plants and distribution centers in order to reduce energy consumption during peak hours.

The system is based heavily on digitalizing and networking the elements of the grid in an effort to automate the system for the best efficiency possible. In order to be able to easily upgrade and integrate the system, the federal government has opted for an open protocol system, which is publicly accessible, rather than privately.

“Open protocol, open standards drive innovation,” Manimaran said. “They provide better functionality, better operability. It’s better with open protocol; efficiency is better with open protocol.”

Researchers at Iowa State remain skeptical about the current plan to attempt to grandfather in the old system and integrate it with the Smart Grid.

“The technology we have is pretty old,” said Adam Hahn, graduate in electrical and computer engineering. “There’s not a lot of intelligence built into it, but with all the advancements in IT and networking and stuff like that, the whole Smart Grid idea is about trying to insert intelligence.”

Accordingly, many criticize this initiative because the protocol is open to the public, and therefore, is more prone to manipulation and hijacking.

“Anybody can potentially look at the TCP/IP,” Manimaran said. “Open protocol means that the common knowledge is available, so it could be potentially used by hackers.”

Manimaran leads the team and plans to begin researching the potential risks that accompany an integrated system along with responding to and mitigating attacks.

“We do risk assessment — how vulnerable, and what is the potential risk for an attack,” Manimaran said. “And risk mitigation, as far as how to mitigate attacks.”

Although there are many federal regulations in place that are meant to protect and enforce cyber security, the U.S. remains one of the lowest implementers of security regulations among the major world powers, according to a study by a team from the Technology and Public Policy Program of the Center for Strategic and International Studies in Washington, D.C.

“More than three-quarters of those with responsibilities for such systems reported that they were connected to the Internet or some other OP network,” the report said. “And just under half of those connected admitted that this created an ‘unresolved security issue.'”

The U.S. Governmental Accountability Office criticized the National Institute of Standards and Technology report that failed to address key issues in cyber security. Also, the GOA criticized the current efforts to regulate security through the Energy Independence and Security Act of 2007 through the Federal Energy Regulatory Commission.

Essentially, the Government Accountability Office said that the regulations EISA outlined are inadequate and not enforced.

“While EISA gives FERC authority to adopt Smart Grid standards, it does not provide FERC with specific enforcement authority,” the Government Accountability Office said. “Until the missing elements are addressed, there is an increased risk that Smart Grid implementations will not be secure as otherwise possible.”