'Smart grid' may have safety blind spot
TEXT OF STORY
Bill Radke: This week, Microsoft launched a free program
that lets you track and change your energy consumption down to individual appliances. It's Microsoft's entry into what's being called the "smart grid." But as utilities rush to computerize electrical transmission, are they also opening the door to cyber attacks? From the Marketplace Sustainability Desk, Sam Eaton reports.
Sam Eaton: The smart grid essentially lays a computer network on top of the existing grid. That way, utilities can seamlessly adjust where electricity goes, even if it's coming from intermittent sources like rooftop solar panels and remote wind farms. It would also allow rate payers to lower bills by tweaking their power use in real time.
The efficiency savings would be huge, but cyber security consultant Mike Davis says there's a tradeoff.
Mike Davis: From a security standpoint I think it's an immature technology.
Davis's firm, IOActive, designed a test virus that could infiltrate the new digital meters on people's homes, allowing the hacker to cut power to entire neighborhoods, if not cities.
James Lewis is with the Center for Strategic and International Studies:
James Lewis: It opens a whole new avenue for interference with power generation and electrical consumption.
Lewis admits the smart grid is a welcome upgrade for the nation's aging electrical network. But he says it has to be done right. That may be hard to do. Utilities across the country are scrambling for a piece of nearly $4 billion in federal stimulus funds for smart grid projects. And the money is available on a first come, first serve basis.
Lewis: The issue is that we're sort of caught in an unfortunate choice. We want to build a secure smart grid but we also want to build it in a hurry and you can't have both.
Lewis says security has to be built into the smart grid from the beginning, not tacked on as an afterthought. But government regulators say that's exactly what they're doing.
Annabelle Lee:: People are being very careful about how it's going to be implemented.
Annabelle Lee is with the National Institute of Standards and Technology. That's the federal agency in charge of developing security standards for the smart grid. And she says they've learned a lot since the hacker-plagued beginnings of the Internet.
Lee:: We have now how many years? Twenty to 30 years of experience of how to address security in large systems like this and large implementations and so we're taking all of that knowledge and experience and using it in coming up with our requirements for the smart grid.
But the new standards aren't due out until September. And James Lewis worries that's too late. He says with so much money at stake few utilities and technology companies are willing to wait for all the bugs to be worked out.
In Los Angeles, I'm Sam Eaton for Marketplace.