The RSA Conference in San Francisco, which is one of the premier annual events for people in data security, was held last week, at a time when the data breach at Target Corporation is still very fresh in the minds of North American retailers, bankers, and consumers. The issue of identity theft was, as one might expect, a prominent topic of discussion, but conference attendees were talking about more than just credit cards.
They were also talking about something that hasn’t had the same kind of media coverage as identity theft – the issue of securing smart grids, the new networks that use two-way communications to manage the delivery of electricity.
If you live in an area where the utility company has installed a smart meter to track your electricity use, then you’re already part of a smart grid. And if your local utility doesn’t use a smart grid yet, they probably have one underway. That’s because smart grids can increase reliability while lowering costs in the infrastructure, and can help consumers use energy more efficiently. Smart Grid also supports fluctuations in the demand to the available energy with renewable energies, which deliver energy at unpredictable times.
Smart grids, like smartphones, use computer intelligence and a two-way communication infrastructures. This makes it easier to manage demand and response tasks, and adds a new level of control to the infrastructure. As a result, utility companies can use real-time data to measure consumption, and can analyze these patterns to make the infrastructure more efficient. They can control individual components or whole groups of devices from a central location, and can add or disconnect customers remotely.
Smart grids make it easier to manage brownouts and can be programmed to heal themselves in the event of a blackout or some other kind of disruption in service. They can also accommodate a broader range of generation and storage options, and can be used to enable new products and services, like electric cars.
What does all that mean for customers? It means new ways to save, in every sector. Municipal governments can use the smart grid to save on electricity used for streetlamps and buildings, while owners of manufacturing facilities, retail centers, and office complexes can use it to save on lighting, HVAC systems, and other electricity-intensive activities. At home, consumers can use the smart grid to view real-time usage online, and they can program their appliances to take advantage of offpeak rates.
The drawback, of course, is that smart grids are, like any digital network, vulnerable to cyber attacks. And, while security is an issue that most smart-grid developers see as important, many industry analysts think more protection is needed.
SmartGridNews.com, a news and analysis site for the modernization and automation of electric power, dedicates considerable space to the topic of cyber security, with the overall message being “it’s worse than you think.”
Similarly, in a recent article for Information Week, Robert Hinden, a leading expert on cyber crime, says that smart grids are a “problem waiting to happen” and explains why everyone should be aware of the risks involved:
An attack against a corporation [is] inconvenient for the company, and online identity theft can be troublesome to the victim, but a smart-grid attack would impact more victims and have far-ranging effects. If a city lost power, hospitals would have to scramble to keep life-support systems on, traffic jams and accidents would occur because the traffic lights [would be] out, and residents would be trapped in the dark.
Not a pretty picture. But the good news is that talking about worst-case scenarios like those described by Hinden helps prevent these scenarios from actually happening. And that’s why smart-grid security a big part of the conversation at last week’s RSA Conference.
At NXP, we’re already working with industry leaders to address issues relating to smart-grid security, and the RSA Conference was a nice opportunity to share what we’ve accomplished. Two things in particular stand out: we received special recognition for our work in secure microcontrollers, and we showcased a way to make smart grids more resilient.
Our latest generation of high-security microcontroller P60, based on SmartMX2 technology, was awarded an important security certificate. The certification, which gives our technology a Common Criteria EAL6+ rating, was awarded by the German Government’s Federal Office for IT Security (BSI).
Bernard Kowalski, Head of the Department of Secure Electronic IDs, Certification and Standardization at BSI, said, “The certification will enable and support the governmental plans to apply this technology to new and highly demanding applications that include smart metering for the German eEnergy market.”
The EAL6+ security evaluation adds rigorous mathematical testing of the entire security architecture to resistance against various invasive, semi-invasive and non-invasive attacks, thus also formally proving the security concept. The formal mathematical methods implemented leading to the new SmartMX2 security architecture and the corresponding CC EAL6+ certificate provide a significantly higher trust level to customers.
The newly certified NXP security microcontroller, with its state-of-the-art performance, will be the platform powering the high-end of NXP’s A-series turnkey Cyber Security Solutions, and in particular the Security Module for Smart Metering and Automation Gateways in Germany. In other words, our next-generation technology, which builds on know-how used in some of the most security-sensitive applications, including ePassport projects in 86 countries, will now be applied to Germany’s smart grid.
Another part of our time at the RSA Conference involved demonstrating a product, developed in partnership with Chicago-based S&C Electric Company, that can make the grid more resilient. The S&C IntelliCap 2000 is a remote grid voltage optimizer that regulates reactive power or line voltage within the electricity distribution system by controlling pole- or pad-mounted switched capacitor banks. Unlike other two-way communicating capacitor controllers, which only operate in response to centralized control commands based on measurements at the substation, the IntelliCap 2000 can operate in a standalone mode, and that can help if there are problems at the control center. Wired and wireless communications abilities of these devices, along with the lack of robust physical security in field environments pose unique security challenges. The S&C IntelliCap 2000 integrates NXP’s A-series Security solution in order to provision and secure cryptographic authentication credentials and enable thereby trust schemes across large, geographically dispersed field networks. The S&C website has more on the IntelliCap 2000.