Securing the Smart Grid: Next Generation Power Grid Security [NOOK Book]


Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic ...
See more details below
Securing the Smart Grid: Next Generation Power Grid Security

Available on NOOK devices and apps  
  • NOOK Devices
  • Samsung Galaxy Tab 4 NOOK 7.0
  • Samsung Galaxy Tab 4 NOOK 10.1
  • NOOK HD Tablet
  • NOOK HD+ Tablet
  • NOOK eReaders
  • NOOK Color
  • NOOK Tablet
  • Tablet/Phone
  • NOOK for Windows 8 Tablet
  • NOOK for iOS
  • NOOK for Android
  • NOOK Kids for iPad
  • PC/Mac
  • NOOK for Windows 8
  • NOOK for PC
  • NOOK for Mac
  • NOOK for Web

Want a NOOK? Explore Now

NOOK Book (eBook)
$28.49 price
(Save 42%)$49.95 List Price


Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised.
This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

  • Details how old and new hacking techniques can be used against the grid and how to defend against them
  • Discusses current security initiatives and how they fall short of what is needed
  • Find out how hackers can use the new infrastructure against itself
Read More Show Less

Editorial Reviews

From the Publisher

"The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject - a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

"Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

"Overall, Securing the Smart Grid: Next Generation Power Grid Securityprovides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot

Read More Show Less

Product Details

  • ISBN-13: 9781597495714
  • Publisher: Elsevier Science
  • Publication date: 11/3/2010
  • Sold by: Barnes & Noble
  • Format: eBook
  • Pages: 320
  • File size: 4 MB

Meet the Author

Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.
Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.
Read More Show Less

Read an Excerpt

Securing the Smart Grid

Next Generation Power Grid Security
By Tony Flick Justin Morehouse


Copyright © 2011 Elsevier Inc.
All right reserved.

ISBN: 978-1-59749-571-4

Chapter One

Smart Grid: What Is It?


• A Brief History of Electrical Grids

• What Is Automatic Meter Reading (AMR)?

• Future Infrastructure

• What Is a Smart Grid?

• What Is AMI?

• International Initiatives

• Why Do We Need to Secure the Smart Grid?

Over the past several years, the promise of smart grids and their benefits has been widely publicized. Bringing updated technologies to power generation, transmission, and consumption, smart grids are touted to revolutionize our economy, environment, and national security. Corporations large and small foresaw the emerging markets for smart grid technologies and rushed to be the first to deliver. More often than not, security has taken a backseat to the rush to implement. This book will take a look at the potential consequences of designing and implementing smart grid technologies without integrating security. We will also offer recommendations on how to address these consequences so that the promise of smart grids can be fulfilled ... securely.


Technologies related to electric grids have roots dating back to the late nineteenth century. Thomas Edison's, as shown in Figure 1.1, direct current (DC) and Nikola Tesla's, as shown in Figure 1.2, alternating current (AC) continue to be utilized to this day. Today, electricity is transmitted using AC, while DC has special applications, usually within residential and commercial buildings.

What Is an Electric Grid?

Electric grids perform three major functions: power generation, transmission, and distribution. Power generation is the first step in delivering electricity and is performed at power station (coal, nuclear, geothermal, hydro, and so on). Power transmission is the second step in delivering electricity and involves the transfer of electricity from the power stations to power companies' distribution systems. Finally, power distribution completes the electric grids' functions by delivering power to consumers. The major difference between power transmission and power distribution is that power transmission utilizes infrastructure that can handle high voltage (110+ kV), whereas power distribution utilizes infrastructure that can handle medium (<50 kV) and low (<1 kV) voltage.

Grid Topologies

In its simplest form, an electric grid is a network. The use of the term "grid" can refer to a complete infrastructure that encompasses power generation, transmission, and distribution, or it can refer to a subset of a larger infrastructure.

Distribution networks are less complicated than that of transmission networks, as transmission networks are often interconnected with other regional transmission networks to provide greater redundancy. At first glance, this interconnection appears to provide greater reliability in feeding distribution networks, but many factors come into play in ensuring continuous power to end consumers.

Transmission networks must effectively manage both power generation and consumption as a power failure, or spike in consumption in one area may result in adverse affects in another area of the network. The United States established the North American Electric Reliability Corporation (NERC — to ensure the reliability of the bulk power system in North America. This nonprofit organization's area of responsibility includes the contiguous United States, Canada, and part of the Baja peninsula in Mexico.

There are two primary topologies in use in the United States for power distribution. The most common topology is the radial grid, as shown in Figure 1.3. In a radial grid, electricity is distributed from a substation in a pattern that resembles a tree with many branches and leaves. As the electricity is carried across the power lines, its strength is reduced until it reaches its final destination. The other primary topology utilized for power distribution is mesh grid, as shown in Figure 1.4. Mesh grids provide greater reliability than radial grids because in a radial grid, each branch and leaf receives power from a single source (the tree), whereas in a mesh grid, power can be provided through other sources (other branches and leaves). Radial grids do provide limited redundancy, in that a second substation in close proximity can feed into the grid, but this assumes that the secondary substation is not suffering from the same condition as the primary.

The looped topology, utilized primarily in Europe, is a mix between the radial and mesh topologies. A looped topology, as shown in Figure 1.5, is much like a radial topology, except that each branch and leaf has two separate paths from the substation. Where the radial topology is vulnerable to single points of failure, the looped topology provides greater reliability. The goal of the looped topology is to be able to withstand a disruption in the grid, regardless of where it may occur. Much like the mesh topology, the looped topology is costlier than the radial topology, as each end of the loop must meet the requirements for power and voltage drops.

Modernizing the Electric Grids

Currently, the electrical infrastructure in the United States is not up to the task of powering America's future. According to Carol Browner, director of the White House Office of Energy and Climate Change, "We [the United States] have a very antiquated (electric grid) system in our country ... The current system is outdated, it's dilapidated." Across all three functions of an electrical grid, significant improvements can be made to increase the reliability and efficiency of power generation, transmission, and distribution.

Deregulation is often touted as a means to modernizing today's electrical grids. Deregulation encompasses moving from today's regulated landscape where often larger power companies are granted monopoly status and control power generation, transmission, and distribution for a geographic area to a deregulated landscape where the free markets would dictate all three functions of the electrical grids. In a deregulated landscape, power generation, transmission, and distribution could be handled by separate companies, all working to provide more efficient, reliable, and cost-effective solutions.

Many other ideas exist to modernize today's electrical grids. The most prominent of which is the smart grid. Recent initiatives championed by the Obama Administration, including $3.4 billion awarded for projects such as smart meter implementations, grid infrastructure advancement, and manufacturing smart appliances will soon be a reality.


Evolving from Tesla's design, the automatic meter reading (AMR) infrastructure introduced automation to the electric grid in 1977 (read more at www.metretekfl. com). Through a combination of technologies, including wired and wireless networks, AMR's most significant advancement resulted in electric companies being able to remotely read meters. Once AMR was implemented, the electric companies could more easily obtain meter readings in near real time, and provide customers with consumption-based bills. Previously, the electric companies relied on estimates when billing customers. With better, timelier information, electric companies were able to improve energy production through tighter control during peak and low demand periods.

AMR Technologies

To support the advancements of the AMR infrastructure, several technologies are utilized. For data collection, utility employees leverage handhelds and notebook computers. For data transport, wired and wireless networks are deployed to remotely read meter data.


Supporting utility employees' efforts to quickly and efficiently obtain meter readings, handheld devices, much like your common Personal Digital Assistant (PDA), as shown in Figure 1.6, are utilized. These devices read meter data in one of two ways. First, the electric worker can utilize "touch" technology to read a meter by simply touching the meter with a probe. This probe stores the meter data to the handheld for later retrieval and processing. Second, the handheld device may instead be fitted with a wireless receiver that reads the data transmitted by the meter, again with the data stored for later retrieval and processing.

Notebook Computers

Utility employees also utilize traditional mobile computers in meter reading. Rather than physically visiting each meter, as with the handheld devices, a mobile computer can be installed inside of an electric worker's vehicle to wirelessly read meters. Usually these deployments involve a combination of technologies, including a wireless technology, software, and the necessary hardware (GPS, antennas, and so on).

Wireless Networks

For data transport, a broad range of wireless technologies are utilized by the electric companies to read meter data. Radio Frequency (RF), Wi-Fi, Bluetooth, and even cellular technologies are currently in use. A majority of AMR devices utilize RF wireless technologies, with narrow band, direct-sequence spread spectrum (DSSS), and frequency-hopping spread spectrum (FHSS) being the most common. Less common technologies such as Zigbee and Wavenis have found their way into AMR deployments. When wireless communications are utilized, device makers either license frequencies from government agencies such as the Federal Communications Commission (FCC) or use unlicensed frequencies.

When Wi-Fi is chosen as the technology for remote data transport, traditionally the meters are not themselves Wi-Fi enabled, rather a management station that they report to (through RF) utilizes Wi-Fi to communicate its aggregated data to the electric company. This is the deployment model utilized by the city of Corpus Christi in Texas. In this deployment, the power meters mostly rely on the use of batteries and thus utilizing Wi-Fi was impractical because of its relatively high power consumption, when compared with RF. The power consumption requirements of Wi-Fi technology remain a barrier to its inclusion in AMR deployments.

Power Line Communication (PLC)

Power line communication (PLC) provides a completely remote solution for reading meter data. Data from meters is transmitted across the existing power line infrastructure to the local substation. From the local substation, data is then transported to the electric companies for processing and analysis. This type of dedicated infrastructure from the meter to the electric company is commonly referred to as a "fixed" network.

Hybrid Models

Although some AMR deployments may rely on a single technology for each part of its deployment, others utilize a hybrid model where multiple technologies are used. For example, data transport may primarily rely on PLC, but RF may be utilized if the PLC is unavailable. Other hybrid models may rely on RF to send data to aggregation points and then utilize PLC or Wi-Fi to transport data to the electric company.

AMR Network Topologies

Utilizing one or a combination of the aforementioned technologies, electric companies create a network from which meter information is obtained. These networks take on one of several topologies, including the following:

• Star network — A star network topology is implemented when meters transmit data to a central location. This central location can be a repeater, which then forwards the data to the electric companies, or it can simply act as data storage. A star network topology can utilize wireless technologies, PLC, or both.

• Mesh network — A mesh network topology is implemented when the meters themselves both transmit and receive data from other meters. Meters act much like the repeaters in a star network, and eventually data reaches the electric companies or a data storage device.

What Does It All Mean?

Looking at all of the parts that make up an AMR infrastructure, it is easy to see that security needs to be included from the design phase. With such a wide range of technologies possessing the ability to impact the confidentiality, availability, and integrity of data being transmitted across the AMR infrastructure, it is imperative to evaluate the security posture of each individual technology, as well as its interactions with other technologies.


As described in "A Brief History of Electrical Grids" section of this chapter, the current electric power infrastructure was designed to utilize existing technology and handle the requirements defined during the nineteenth and twentieth centuries. The increasing demands on an aging infrastructure can only be met by the fine-grain control and insight into consumer demand that the smart grid promises to deliver.

Justifications for Smart Grids

The proposed smart grids seek to remediate these issues, as well as numerous others. The major justifications for smart grids tend to fall into three categories: economic, environmental, and reliability. The United States Department of Energy (DOE) defines the goals of a smart grid as follows:

• Ensuring its reliability to degrees never before possible

• Maintaining its affordability

• Reinforcing our global competitiveness

• Fully accommodating renewable and traditional energy sources

• Potentially reducing our carbon footprint

• Introducing advancements and efficiencies yet to be envisioned.


Electricity must be consumed as soon as it is produced and consumers have grown accustom to the on-demand availability of electricity. Currently, this combination requires utility companies to generate enough supply to meet the electrical demand at any given moment. Because the exact demand is unknown, utility companies generate more electricity than is needed to compensate for the unexpected rise in consumption and achieve this level of service. This system of supply and demand results in waste when demand is overestimated and rolling blackouts when demand is underestimated.


In addition to waste, the reliability of the electric grid can be disrupted by numerous factors. Specifically, a drop in voltage from a power supply can cause brownouts, whereas environmental factors ranging from falling trees to thunderstorms and hurricanes can cause blackouts. Although these reliability problems tend to occur on a local scale, they can lead to more widespread problems that affect larger areas. Table 1.1 describes the different categories of power outages.

Renewable Energy Sources

Traditional power generation relies on an inexhaustible supply of energy resources that has no negative effects on the world. In such a scenario, centralized power generation that relies on an endless supply of the traditional energy resources would excel. However, limited resources and concerns over environmental impact are driving the movement for clean and renewable energy sources, such as wind and solar. Unfortunately, these types of clean, renewable resources have problems of their own including localization and continuity. For example, a solar power plant could generate large amounts of electricity if located in Florida; however, the output would be negligible if located in Antarctica. Additionally, current solar power plants all but cease to generate power during the night or during severe weather such as thunderstorms and hurricanes, which would drive the need for alternate sources of energy to meet demand. As a result, the current electric grid simply does not properly accommodate renewable energy sources.


A smart grid is not a single device, application, system, network, or even idea. There is no single, authoritative definition for the question: What is a smart grid? However, the definitions from the various authoritative organizations, such as DOE, NERC, and SmartGrids Technology Platform (, follow a common theme: Smart grids utilize communication technology and information to optimally transmit and distribute electricity from suppliers to consumers. Figure 1.7 illustrates the basic concepts of a smart grid. Additionally, smart grid is not a static concept. It will continue to evolve as the existing technologies evolve and new technologies are developed. The type, configuration, and implementation of these technologies and the access to and transmission and use of relevant information are of primary concern in securing smart grids and for this book.


Excerpted from Securing the Smart Grid by Tony Flick Justin Morehouse Copyright © 2011 by Elsevier Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

Read More Show Less

Table of Contents

Chapter 1: Smart Grid: What is it?

Chapter 2: Threats and Impacts: Consumers

Chapter 3: Threats and Impacts: utility companies&Beyond

Chapter 4: Federal Effort to Secure Smart Grids

Chapter 5: State and Local Security Initiatives

Chapter 6: Public and Private Companies

Chapter 7: Attacking the Utility Companies

Chapter 8: Securing the Utility Companies

Chapter 9: Third-Party Services

Chapter 10: Mobile Applications

Chapter 11: Social Networking&The Smart Grid

Chapter 12: Home Area Network: Smart Meters

Chapter 13: Home Area Network: Smart Devices and Interfaces

Chapter 14: What’s Next?

Read More Show Less

Customer Reviews

Be the first to write a review
( 0 )
Rating Distribution

5 Star


4 Star


3 Star


2 Star


1 Star


Your Rating:

Your Name: Create a Pen Name or

Barnes & Review Rules

Our reader reviews allow you to share your comments on titles you liked, or didn't, with others. By submitting an online review, you are representing to Barnes & that all information contained in your review is original and accurate in all respects, and that the submission of such content by you and the posting of such content by Barnes & does not and will not violate the rights of any third party. Please follow the rules below to help ensure that your review can be posted.

Reviews by Our Customers Under the Age of 13

We highly value and respect everyone's opinion concerning the titles we offer. However, we cannot allow persons under the age of 13 to have accounts at or to post customer reviews. Please see our Terms of Use for more details.

What to exclude from your review:

Please do not write about reviews, commentary, or information posted on the product page. If you see any errors in the information on the product page, please send us an email.

Reviews should not contain any of the following:

  • - HTML tags, profanity, obscenities, vulgarities, or comments that defame anyone
  • - Time-sensitive information such as tour dates, signings, lectures, etc.
  • - Single-word reviews. Other people will read your review to discover why you liked or didn't like the title. Be descriptive.
  • - Comments focusing on the author or that may ruin the ending for others
  • - Phone numbers, addresses, URLs
  • - Pricing and availability information or alternative ordering information
  • - Advertisements or commercial solicitation


  • - By submitting a review, you grant to Barnes & and its sublicensees the royalty-free, perpetual, irrevocable right and license to use the review in accordance with the Barnes & Terms of Use.
  • - Barnes & reserves the right not to post any review -- particularly those that do not follow the terms and conditions of these Rules. Barnes & also reserves the right to remove any review at any time without notice.
  • - See Terms of Use for other conditions and disclaimers.
Search for Products You'd Like to Recommend

Recommend other products that relate to your review. Just search for them below and share!

Create a Pen Name

Your Pen Name is your unique identity on It will appear on the reviews you write and other website activities. Your Pen Name cannot be edited, changed or deleted once submitted.

Your Pen Name can be any combination of alphanumeric characters (plus - and _), and must be at least two characters long.

Continue Anonymously

    If you find inappropriate content, please report it to Barnes & Noble
    Why is this product inappropriate?
    Comments (optional)