Securing the Smart Grid: Next Generation Power Grid Security

Securing the Smart Grid: Next Generation Power Grid Security

by Tony Flick, Justin Morehouse

View All Available Formats & Editions

Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of


Securing the Smart Grid discusses the features of the smart grid, particularly its strengths and weaknesses, to better understand threats and attacks, and to prevent insecure deployments of smart grid technologies. A smart grid is a modernized electric grid that uses information and communications technology to be able to process information, such as the behaviors of suppliers and consumers.
The book discusses different infrastructures in a smart grid, such as the automatic metering infrastructure (AMI). It also discusses the controls that consumers, device manufacturers, and utility companies can use to minimize the risk associated with the smart grid. It explains the smart grid components in detail so readers can understand how the confidentiality, integrity, and availability of these components can be secured or compromised.
This book will be a valuable reference for readers who secure the networks of smart grid deployments, as well as consumers who use smart grid devices.

  • Details how old and new hacking techniques can be used against the grid and how to defend against them
  • Discusses current security initiatives and how they fall short of what is needed
  • Find out how hackers can use the new infrastructure against itself
  • Editorial Reviews

    From the Publisher

    "The first step in securing the Smart Grid is to fully understand the threat landscape. This book provides both a timely and relevant overview of the subject — a must-read for anyone responsible for securing the grid as well as consumers looking to implement the technology!."-- Dr. Patrick Engebretson, Assistant Professor of Computer Security, Dakota State University.

    "Easy to read and full of valuable information, this book provides a wide-eyed view of our future and the security challenges we will be facing in our day-to-day lives. Exploring everything from home systems to large-scale power plants, this is a must-read for everyone in our technological society."-- Thomas Wilhelm, ISSMP, CISSP, SCSECA, SCNA, SCSA, IEM, IAM

    "Overall, Securing the Smart Grid: Next Generation Power Grid Securityprovides an excellent overview of the state of smart grid technology and its related security, privacy and regulatory issues. The book provides an excellent introduction for anyone looking to understand what smart grid is all about and its security and privacy issues."--Ben Rothke, Slashdot

    Product Details

    Elsevier Science
    Publication date:
    Sold by:
    Barnes & Noble
    NOOK Book
    File size:
    4 MB

    Read an Excerpt

    Securing the Smart Grid

    Next Generation Power Grid Security
    By Tony Flick Justin Morehouse


    Copyright © 2011 Elsevier Inc.
    All right reserved.

    ISBN: 978-1-59749-571-4

    Chapter One

    Smart Grid: What Is It?


    • A Brief History of Electrical Grids

    • What Is Automatic Meter Reading (AMR)?

    • Future Infrastructure

    • What Is a Smart Grid?

    • What Is AMI?

    • International Initiatives

    • Why Do We Need to Secure the Smart Grid?

    Over the past several years, the promise of smart grids and their benefits has been widely publicized. Bringing updated technologies to power generation, transmission, and consumption, smart grids are touted to revolutionize our economy, environment, and national security. Corporations large and small foresaw the emerging markets for smart grid technologies and rushed to be the first to deliver. More often than not, security has taken a backseat to the rush to implement. This book will take a look at the potential consequences of designing and implementing smart grid technologies without integrating security. We will also offer recommendations on how to address these consequences so that the promise of smart grids can be fulfilled ... securely.


    Technologies related to electric grids have roots dating back to the late nineteenth century. Thomas Edison's, as shown in Figure 1.1, direct current (DC) and Nikola Tesla's, as shown in Figure 1.2, alternating current (AC) continue to be utilized to this day. Today, electricity is transmitted using AC, while DC has special applications, usually within residential and commercial buildings.

    What Is an Electric Grid?

    Electric grids perform three major functions: power generation, transmission, and distribution. Power generation is the first step in delivering electricity and is performed at power station (coal, nuclear, geothermal, hydro, and so on). Power transmission is the second step in delivering electricity and involves the transfer of electricity from the power stations to power companies' distribution systems. Finally, power distribution completes the electric grids' functions by delivering power to consumers. The major difference between power transmission and power distribution is that power transmission utilizes infrastructure that can handle high voltage (110+ kV), whereas power distribution utilizes infrastructure that can handle medium (<50 kV) and low (<1 kV) voltage.

    Grid Topologies

    In its simplest form, an electric grid is a network. The use of the term "grid" can refer to a complete infrastructure that encompasses power generation, transmission, and distribution, or it can refer to a subset of a larger infrastructure.

    Distribution networks are less complicated than that of transmission networks, as transmission networks are often interconnected with other regional transmission networks to provide greater redundancy. At first glance, this interconnection appears to provide greater reliability in feeding distribution networks, but many factors come into play in ensuring continuous power to end consumers.

    Transmission networks must effectively manage both power generation and consumption as a power failure, or spike in consumption in one area may result in adverse affects in another area of the network. The United States established the North American Electric Reliability Corporation (NERC — to ensure the reliability of the bulk power system in North America. This nonprofit organization's area of responsibility includes the contiguous United States, Canada, and part of the Baja peninsula in Mexico.

    There are two primary topologies in use in the United States for power distribution. The most common topology is the radial grid, as shown in Figure 1.3. In a radial grid, electricity is distributed from a substation in a pattern that resembles a tree with many branches and leaves. As the electricity is carried across the power lines, its strength is reduced until it reaches its final destination. The other primary topology utilized for power distribution is mesh grid, as shown in Figure 1.4. Mesh grids provide greater reliability than radial grids because in a radial grid, each branch and leaf receives power from a single source (the tree), whereas in a mesh grid, power can be provided through other sources (other branches and leaves). Radial grids do provide limited redundancy, in that a second substation in close proximity can feed into the grid, but this assumes that the secondary substation is not suffering from the same condition as the primary.

    The looped topology, utilized primarily in Europe, is a mix between the radial and mesh topologies. A looped topology, as shown in Figure 1.5, is much like a radial topology, except that each branch and leaf has two separate paths from the substation. Where the radial topology is vulnerable to single points of failure, the looped topology provides greater reliability. The goal of the looped topology is to be able to withstand a disruption in the grid, regardless of where it may occur. Much like the mesh topology, the looped topology is costlier than the radial topology, as each end of the loop must meet the requirements for power and voltage drops.

    Modernizing the Electric Grids

    Currently, the electrical infrastructure in the United States is not up to the task of powering America's future. According to Carol Browner, director of the White House Office of Energy and Climate Change, "We [the United States] have a very antiquated (electric grid) system in our country ... The current system is outdated, it's dilapidated." Across all three functions of an electrical grid, significant improvements can be made to increase the reliability and efficiency of power generation, transmission, and distribution.

    Deregulation is often touted as a means to modernizing today's electrical grids. Deregulation encompasses moving from today's regulated landscape where often larger power companies are granted monopoly status and control power generation, transmission, and distribution for a geographic area to a deregulated landscape where the free markets would dictate all three functions of the electrical grids. In a deregulated landscape, power generation, transmission, and distribution could be handled by separate companies, all working to provide more efficient, reliable, and cost-effective solutions.

    Many other ideas exist to modernize today's electrical grids. The most prominent of which is the smart grid. Recent initiatives championed by the Obama Administration, including $3.4 billion awarded for projects such as smart meter implementations, grid infrastructure advancement, and manufacturing smart appliances will soon be a reality.


    Evolving from Tesla's design, the automatic meter reading (AMR) infrastructure introduced automation to the electric grid in 1977 (read more at www.metretekfl. com). Through a combination of technologies, including wired and wireless networks, AMR's most significant advancement resulted in electric companies being able to remotely read meters. Once AMR was implemented, the electric companies could more easily obtain meter readings in near real time, and provide customers with consumption-based bills. Previously, the electric companies relied on estimates when billing customers. With better, timelier information, electric companies were able to improve energy production through tighter control during peak and low demand periods.

    AMR Technologies

    To support the advancements of the AMR infrastructure, several technologies are utilized. For data collection, utility employees leverage handhelds and notebook computers. For data transport, wired and wireless networks are deployed to remotely read meter data.


    Supporting utility employees' efforts to quickly and efficiently obtain meter readings, handheld devices, much like your common Personal Digital Assistant (PDA), as shown in Figure 1.6, are utilized. These devices read meter data in one of two ways. First, the electric worker can utilize "touch" technology to read a meter by simply touching the meter with a probe. This probe stores the meter data to the handheld for later retrieval and processing. Second, the handheld device may instead be fitted with a wireless receiver that reads the data transmitted by the meter, again with the data stored for later retrieval and processing.

    Notebook Computers

    Utility employees also utilize traditional mobile computers in meter reading. Rather than physically visiting each meter, as with the handheld devices, a mobile computer can be installed inside of an electric worker's vehicle to wirelessly read meters. Usually these deployments involve a combination of technologies, including a wireless technology, software, and the necessary hardware (GPS, antennas, and so on).

    Wireless Networks

    For data transport, a broad range of wireless technologies are utilized by the electric companies to read meter data. Radio Frequency (RF), Wi-Fi, Bluetooth, and even cellular technologies are currently in use. A majority of AMR devices utilize RF wireless technologies, with narrow band, direct-sequence spread spectrum (DSSS), and frequency-hopping spread spectrum (FHSS) being the most common. Less common technologies such as Zigbee and Wavenis have found their way into AMR deployments. When wireless communications are utilized, device makers either license frequencies from government agencies such as the Federal Communications Commission (FCC) or use unlicensed frequencies.

    When Wi-Fi is chosen as the technology for remote data transport, traditionally the meters are not themselves Wi-Fi enabled, rather a management station that they report to (through RF) utilizes Wi-Fi to communicate its aggregated data to the electric company. This is the deployment model utilized by the city of Corpus Christi in Texas. In this deployment, the power meters mostly rely on the use of batteries and thus utilizing Wi-Fi was impractical because of its relatively high power consumption, when compared with RF. The power consumption requirements of Wi-Fi technology remain a barrier to its inclusion in AMR deployments.

    Power Line Communication (PLC)

    Power line communication (PLC) provides a completely remote solution for reading meter data. Data from meters is transmitted across the existing power line infrastructure to the local substation. From the local substation, data is then transported to the electric companies for processing and analysis. This type of dedicated infrastructure from the meter to the electric company is commonly referred to as a "fixed" network.

    Hybrid Models

    Although some AMR deployments may rely on a single technology for each part of its deployment, others utilize a hybrid model where multiple technologies are used. For example, data transport may primarily rely on PLC, but RF may be utilized if the PLC is unavailable. Other hybrid models may rely on RF to send data to aggregation points and then utilize PLC or Wi-Fi to transport data to the electric company.

    AMR Network Topologies

    Utilizing one or a combination of the aforementioned technologies, electric companies create a network from which meter information is obtained. These networks take on one of several topologies, including the following:

    • Star network — A star network topology is implemented when meters transmit data to a central location. This central location can be a repeater, which then forwards the data to the electric companies, or it can simply act as data storage. A star network topology can utilize wireless technologies, PLC, or both.

    • Mesh network — A mesh network topology is implemented when the meters themselves both transmit and receive data from other meters. Meters act much like the repeaters in a star network, and eventually data reaches the electric companies or a data storage device.

    What Does It All Mean?

    Looking at all of the parts that make up an AMR infrastructure, it is easy to see that security needs to be included from the design phase. With such a wide range of technologies possessing the ability to impact the confidentiality, availability, and integrity of data being transmitted across the AMR infrastructure, it is imperative to evaluate the security posture of each individual technology, as well as its interactions with other technologies.


    As described in "A Brief History of Electrical Grids" section of this chapter, the current electric power infrastructure was designed to utilize existing technology and handle the requirements defined during the nineteenth and twentieth centuries. The increasing demands on an aging infrastructure can only be met by the fine-grain control and insight into consumer demand that the smart grid promises to deliver.

    Justifications for Smart Grids

    The proposed smart grids seek to remediate these issues, as well as numerous others. The major justifications for smart grids tend to fall into three categories: economic, environmental, and reliability. The United States Department of Energy (DOE) defines the goals of a smart grid as follows:

    • Ensuring its reliability to degrees never before possible

    • Maintaining its affordability

    • Reinforcing our global competitiveness

    • Fully accommodating renewable and traditional energy sources

    • Potentially reducing our carbon footprint

    • Introducing advancements and efficiencies yet to be envisioned.


    Electricity must be consumed as soon as it is produced and consumers have grown accustom to the on-demand availability of electricity. Currently, this combination requires utility companies to generate enough supply to meet the electrical demand at any given moment. Because the exact demand is unknown, utility companies generate more electricity than is needed to compensate for the unexpected rise in consumption and achieve this level of service. This system of supply and demand results in waste when demand is overestimated and rolling blackouts when demand is underestimated.


    In addition to waste, the reliability of the electric grid can be disrupted by numerous factors. Specifically, a drop in voltage from a power supply can cause brownouts, whereas environmental factors ranging from falling trees to thunderstorms and hurricanes can cause blackouts. Although these reliability problems tend to occur on a local scale, they can lead to more widespread problems that affect larger areas. Table 1.1 describes the different categories of power outages.

    Renewable Energy Sources

    Traditional power generation relies on an inexhaustible supply of energy resources that has no negative effects on the world. In such a scenario, centralized power generation that relies on an endless supply of the traditional energy resources would excel. However, limited resources and concerns over environmental impact are driving the movement for clean and renewable energy sources, such as wind and solar. Unfortunately, these types of clean, renewable resources have problems of their own including localization and continuity. For example, a solar power plant could generate large amounts of electricity if located in Florida; however, the output would be negligible if located in Antarctica. Additionally, current solar power plants all but cease to generate power during the night or during severe weather such as thunderstorms and hurricanes, which would drive the need for alternate sources of energy to meet demand. As a result, the current electric grid simply does not properly accommodate renewable energy sources.


    A smart grid is not a single device, application, system, network, or even idea. There is no single, authoritative definition for the question: What is a smart grid? However, the definitions from the various authoritative organizations, such as DOE, NERC, and SmartGrids Technology Platform (, follow a common theme: Smart grids utilize communication technology and information to optimally transmit and distribute electricity from suppliers to consumers. Figure 1.7 illustrates the basic concepts of a smart grid. Additionally, smart grid is not a static concept. It will continue to evolve as the existing technologies evolve and new technologies are developed. The type, configuration, and implementation of these technologies and the access to and transmission and use of relevant information are of primary concern in securing smart grids and for this book.


    Excerpted from Securing the Smart Grid by Tony Flick Justin Morehouse Copyright © 2011 by Elsevier Inc.. Excerpted by permission of Syngress. All rights reserved. No part of this excerpt may be reproduced or reprinted without permission in writing from the publisher.
    Excerpts are provided by Dial-A-Book Inc. solely for the personal use of visitors to this web site.

    Meet the Author

    Tony Flick has been working in the Information Security field for more than six years and is currently a Principal with FYRM Associates. Mr. Flick has assisted numerous organizations in achieving compliance with federal regulations and industry standards. His expertise includes risk management and compliance, assessments and audits, and research in emerging technologies. Mr. Flick has presented at Black Hat USA, DEFCON, and the OWASP Tampa local chapter on smart grid and application security concepts. Mr. Flick holds the CISSP certification. Additionally, Mr. Flick earned a Bachelors of Science in Computer Science and a Bachelors of Science in Mathematics.
    Justin Morehouse is an Information Security professional with over 10 years of experience assisting Fortune 100 companies and Federal Government Agencies mature their Information Security programs. Over the past six years Mr. Morehouse has focused on the areas of attack and penetration, performing nearly 200 Security Assessments utilizing both NIST SP800-42’s “Blue Teaming” and “Red Teaming” approaches. Mr. Morehouse is the OWASP Tampa chapter leader and presented at IEEE’s EntNet. Mr. Morehouse holds the following degrees and certifications: CISSP, CISM, MCSE, MSIA, and QSA (Former). He is currently an adjunct professor at DeVry University.

    Customer Reviews

    Average Review:

    Write a Review

    and post it to your social network


    Most Helpful Customer Reviews

    See all customer reviews >