This page has moved to a new address.

Smart Grid Deployment and Identity Management

body { background:#aba; margin:0; padding:20px 10px; text-align:center; font:x-small/1.5em "Trebuchet MS",Verdana,Arial,Sans-serif; color:#333; font-size/* */:/**/small; font-size: /**/small; } /* Page Structure ----------------------------------------------- */ /* The images which help create rounded corners depend on the following widths and measurements. If you want to change these measurements, the images will also need to change. */ @media all { #content { width:740px; margin:0 auto; text-align:left; } #main { width:485px; float:left; background:#fff url("") no-repeat left bottom; margin:15px 0 0; padding:0 0 10px; color:#000; font-size:97%; line-height:1.5em; } #main2 { float:left; width:100%; background:url("") no-repeat left top; padding:10px 0 0; } #main3 { background:url("") repeat-y; padding:0; } #sidebar { width:240px; float:right; margin:15px 0 0; font-size:97%; line-height:1.5em; } } @media handheld { #content { width:90%; } #main { width:100%; float:none; background:#fff; } #main2 { float:none; background:none; } #main3 { background:none; padding:0; } #sidebar { width:100%; float:none; } } /* Links ----------------------------------------------- */ a:link { color:#258; } a:visited { color:#666; } a:hover { color:#c63; } a img { border-width:0; } /* Blog Header ----------------------------------------------- */ @media all { #header { background:#456 url("") no-repeat left top; margin:0 0 0; padding:8px 0 0; color:#fff; } #header div { background:url("") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #header { background:#456; } #header div { background:none; } } #blog-title { margin:0; padding:10px 30px 5px; font-size:200%; line-height:1.2em; } #blog-title a { text-decoration:none; color:#fff; } #description { margin:0; padding:5px 30px 10px; font-size:94%; line-height:1.5em; } /* Posts ----------------------------------------------- */ .date-header { margin:0 28px 0 43px; font-size:85%; line-height:2em; text-transform:uppercase; letter-spacing:.2em; color:#357; } .post { margin:.3em 0 25px; padding:0 13px; border:1px dotted #bbb; border-width:1px 0; } .post-title { margin:0; font-size:135%; line-height:1.5em; background:url("") no-repeat 10px .5em; display:block; border:1px dotted #bbb; border-width:0 1px 1px; padding:2px 14px 2px 29px; color:#333; } a.title-link, .post-title strong { text-decoration:none; display:block; } a.title-link:hover { background-color:#ded; color:#000; } .post-body { border:1px dotted #bbb; border-width:0 1px 1px; border-bottom-color:#fff; padding:10px 14px 1px 29px; } html>body .post-body { border-bottom-width:0; } .post p { margin:0 0 .75em; } { background:#ded; margin:0; padding:2px 14px 2px 29px; border:1px dotted #bbb; border-width:1px; border-bottom:1px solid #eee; font-size:100%; line-height:1.5em; color:#666; text-align:right; } html>body { border-bottom-color:transparent; } em { display:block; float:left; text-align:left; font-style:normal; } a.comment-link { /* IE5.0/Win doesn't apply padding to inline elements, so we hide these two declarations from it */ background/* */:/**/url("") no-repeat 0 45%; padding-left:14px; } html>body a.comment-link { /* Respecified, for IE5/Mac's benefit */ background:url("") no-repeat 0 45%; padding-left:14px; } .post img { margin:0 0 5px 0; padding:4px; border:1px solid #ccc; } blockquote { margin:.75em 0; border:1px dotted #ccc; border-width:1px 0; padding:5px 15px; color:#666; } .post blockquote p { margin:.5em 0; } /* Comments ----------------------------------------------- */ #comments { margin:-25px 13px 0; border:1px dotted #ccc; border-width:0 1px 1px; padding:20px 0 15px 0; } #comments h4 { margin:0 0 10px; padding:0 14px 2px 29px; border-bottom:1px dotted #ccc; font-size:120%; line-height:1.4em; color:#333; } #comments-block { margin:0 15px 0 9px; } .comment-data { background:url("") no-repeat 2px .3em; margin:.5em 0; padding:0 0 0 20px; color:#666; } .comment-poster { font-weight:bold; } .comment-body { margin:0 0 1.25em; padding:0 0 0 20px; } .comment-body p { margin:0 0 .5em; } .comment-timestamp { margin:0 0 .5em; padding:0 0 .75em 20px; color:#666; } .comment-timestamp a:link { color:#666; } .deleted-comment { font-style:italic; color:gray; } .paging-control-container { float: right; margin: 0px 6px 0px 0px; font-size: 80%; } .unneeded-paging-control { visibility: hidden; } /* Profile ----------------------------------------------- */ @media all { #profile-container { background:#cdc url("") no-repeat left bottom; margin:0 0 15px; padding:0 0 10px; color:#345; } #profile-container h2 { background:url("") no-repeat left top; padding:10px 15px .2em; margin:0; border-width:0; font-size:115%; line-height:1.5em; color:#234; } } @media handheld { #profile-container { background:#cdc; } #profile-container h2 { background:none; } } .profile-datablock { margin:0 15px .5em; border-top:1px dotted #aba; padding-top:8px; } .profile-img {display:inline;} .profile-img img { float:left; margin:0 10px 5px 0; border:4px solid #fff; } .profile-data strong { display:block; } #profile-container p { margin:0 15px .5em; } #profile-container .profile-textblock { clear:left; } #profile-container a { color:#258; } .profile-link a { background:url("") no-repeat 0 .1em; padding-left:15px; font-weight:bold; } ul.profile-datablock { list-style-type:none; } /* Sidebar Boxes ----------------------------------------------- */ @media all { .box { background:#fff url("") no-repeat left top; margin:0 0 15px; padding:10px 0 0; color:#666; } .box2 { background:url("") no-repeat left bottom; padding:0 13px 8px; } } @media handheld { .box { background:#fff; } .box2 { background:none; } } .sidebar-title { margin:0; padding:0 0 .2em; border-bottom:1px dotted #9b9; font-size:115%; line-height:1.5em; color:#333; } .box ul { margin:.5em 0 1.25em; padding:0 0px; list-style:none; } .box ul li { background:url("") no-repeat 2px .25em; margin:0; padding:0 0 3px 16px; margin-bottom:3px; border-bottom:1px dotted #eee; line-height:1.4em; } .box p { margin:0 0 .6em; } /* Footer ----------------------------------------------- */ #footer { clear:both; margin:0; padding:15px 0 0; } @media all { #footer div { background:#456 url("") no-repeat left top; padding:8px 0 0; color:#fff; } #footer div div { background:url("") no-repeat left bottom; padding:0 15px 8px; } } @media handheld { #footer div { background:#456; } #footer div div { background:none; } } #footer hr {display:none;} #footer p {margin:0;} #footer a {color:#fff;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { padding:0 15px 0; }

Sunday, October 31, 2010

Smart Grid Deployment and Identity Management

This paper is the author's personal opinions on the role that identity management will play in the utility industry as smart grid evolves across North America.

Utility- Home Energy Controller

One significant portion of smart grid is the interaction between the home energy controller and the utility. 

The home owner may choose to allow the utility to monitor appliance, air conditioner, electric heater and gadget events in the home and potentially to control some of them (e.g.  downing an air conditioner in a peak load to trim the peak load and avoid a grid brownout).

This requires identity management to authenticate between the home energy controller and the utility's home management system potentially every few minutes.  Most of the current deployments set a uid (uniform identification) and password in place allowing the application to log on to the local data store in the home. 

I believe that this approach is not secure from the customer's perspective since passwords are easily obtainable through a variety of different methods.  I also believe that over the next several years, privacy litigation against utilities will force the utility to adopt a more rigorous method of authenticating to the home.

I foresee the use of digital certificates issued by the utility to the home owner's energy controller and then to use web services to authenticate to the device. This means that utilities must get in place a solid PKI infrastructure and also deploy access control that is highly available.

Home Owner - Utility Interaction

The home owner will either use software supplied by enterprises like Google or use the utility's own portal software or combinations thereof to communicate with the utility. 

Further, I also foresee that in the future  energy controller bought in the store will be installed by third parties who will then help the home owner create their account and interface the controller with the utility.

Further, the home owner will want to assign different authorization rights to their family members allowing them different control over the home energy management system. 

Finally, many families will be delegated administration rights for different family members (e.g.  elderly people may delegate some or all of their privileges to their caregivers).

All of this requires:

Robust identity management system to provision the assets and applications to the home ownerIntegration with B2B infrastructureAllow for easy log on using things like voice recognitionFine grained authorization

Electric Vehicle Management

I foresee several areas where identity management would be important in leveraging a smooth customer interaction with the utility.  This included:

Vehicle identity registration systems with the utility - likely involving issuing a digital certificate to the carUtility identity federation with credit card companies and energy suppliers (e.g. Chevron, Exxon, Shell, etc.)Utility federation with parking garage owners who offer electric vehicle rechargingPossible federation with electric vehicle car manufacturersPossible use of registering the vehicles in an energy saving program IF it turns out that battery recharging on numerous vehicles significantly loads the grid (the jury is still out on this)

SCADA Home/Commercial Electrical Generation Authentication

As the home and commercial users begin to generate electricity and want to connect to the gird to sell it back to the utility, I foresee the following:

Need to identify and register the devices with the utility - likely will involve in the future the ability to install a digital certificate on the energy generating device or the device that connects the energy generating device to the gridAuthentication of the devices to the grid

"Smart Grid"

As smart transformers, power line monitors and feeder automation devices and software are deployed on the SCADA systems, this will require the following identity management infrastructure:

Registration of all devices in a central LDAP store from the authoritative sourcesAuthentication of the devices by either the HMI in the control room and/or an identity management access control systemIdentity management for personnel and third parties who will be working and interacting with the devices and their software


I foresee a significant shift in the future to what happens in a utility's operations control centre and it's IT operations.  The integration of the home and the digitization of the networks using TCP/IP means that:

Enterprise incident management must now integrate formerly separate IT and SCADA change management systems into oneMonitoring systems need to be significantly improved from stem to stern (i.e. the home with its appliances and gadgets all the way through to utility corporate and utility SCADA systems)Network architecture will need to be significantly upgraded and will require more numerous internal DMZ zones to limit utility risk of someone able to penetrate to the SCADA systemSecurity operations must now be moved out of IT and Facilities and into the control room to actively monitor and manage all security to watch for physical and logical penetrations

Operations concern me the most when considering smart grid.  While the software sales people and utility marketing people are making the most of "smart grid", I don't think many utilities have considered the operational impact, organizational reorganization and security requirements required.


This brief paper outlines, at a high level, the challenges of deploying smart grid for a utility from an identity management and operational perspective.  Many state and provincial legislation is forcing utilities to take on home or commercial generated power without thinking through the security, operations and identity implications. 

Concurrently, I believe that many senior utility managers are "hopping on board" the smart grid bandwagon without knowing the true infrastructure, operational costs and enterprise reorganization.

What most does not realize is that with the digitization of the SCADA network to TCP/IP communication AND the deployment to the home requires extremely tight integration between IT and SCADA. 

Those utilities that figure this out early will be the winners while those who don't may open themselves, unknowingly, to significant security holes.

About the Author

Guy Huntington is a learned and burned identity management and security consultant.  He has led a utility identity management program, participated in a utility security assessment, integrated physical and logical security and rescued several large Fortune 500 identity projects.  His white papers can be read at  He can be reached at or 1-604-861-6804.

Note: the views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post. Infosec Island reserves the right to remove or edit the content of all material submitted by our members.

View the original article here

Labels: , , , ,


Post a Comment

Feel Free to Leave Your Comments/Thoughts Below

Links to this post:

Create a Link

<< Home