I recently read in Power Magazine (powermag.com) that EPRI is launching the Security and Privacy Initiative, a collaborative effort to investigate cyber security standards, business processes, and technologies to protect the electric grid. The year-long initiative, expanding to become a research program in 2012, will also develop technologies, best practices, and controls on data privacy. With the dramatic increase in granularity of data about end user behavior raises new privacy concerns – able to detect by power demand if you are home or away, the work will include the Advanced Security Acceleration Project for the Smart Grid, who are developing security profiles for smart grid applications that will be supported by the U.S. Department of Energy. EPRI also will prepare guidelines to help utilities use the risk approach, security strategy, and cyber security requirements specified by the National Institute of Standards and Technology.
Other activities will include:
• Developing security profiles for legacy systems and designing an AMI intrusion detection system that can be easily scaled up.
• Developing protective measures, such as key management, high assurance architectures, and security testing tools to validate the level of protection. Hopefully incorporate IEC 62443 (ISA99) standards as part of this effort.
• Developing guidelines and best practices for responding to cyber incidents on AMI systems by working with advanced metering infrastructure (AMI) vendors and utilities to identify a set of alerts and alarms that can be standardized to enhance AMI security event monitoring.
As we know in Canada, the country with the greatest use of loyalty cards anywhere in the world, you never get something for nothing and in many cases it is the unintended consequences that are the ones that can be the worst. Fortunately, it looks like this initiative will be taking a close look at the side effects of SmartGrid and how it will affect us in a myriad of different ways.