Close

See How Your Peers Are Moving Forward in the Cloud

New research from CDW can help you build on your success and take the next step.

Sep 30 2020
Networking

Smart Grid Technology and Solutions for Smart Cities

Smart cities that have deployed smart grid technologies need to ensure they are protected from cyberattacks.

Despite a great deal of attention around Internet of Things sensors for smart parking and traffic management, smart grids (electricity and gas combined) still attract the largest share of investments in smart cities, according to research firm IDC.

IDC does think that smart grids’ relative importance will decrease over time as the market matures and other use cases become mainstream.

Yet smart grids and city buildings that are connected in smart cities can save money for municipalities by being more efficient about how and when they use electricity and other forms of energy. IoT sensors and real-time communication enable smart grids featuring controllable energy loads, which can help shift energy supply in times of peak demand. Meanwhile, smart meters can enable cities and utilities to better align energy supply and demand.

However, investment in smart grid technology also brings risks. As the National Institute of Standards and Technology notes in a draft publication, “NIST Framework and Roadmap for Smart Grid Interoperability Standards,” in the traditional electrical grid, “power flows in one direction — from centralized generation facilities, through transmission lines, and finally to the customer via distribution utilities.”

Essentially, though, the connected nature of smart grids — what makes them valuable — also increases their vulnerability.

“While the distributed nature of many new technologies diminishes the criticality of any single asset, the informational capabilities inherent to these devices carry vulnerabilities that were unknown previously,” NIST states. “The large number of non-utility stakeholders and increasing number of devices connected to smart grids means that — even in the best of circumstances — secure operations can no longer be guaranteed by a single organization or security department.”

What Is a Smart Grid?

The country’s electric grid was largely built in the 1890s and enhanced throughout the ensuing decades as technology evolved, according to an article on SmartGrid.gov. The grid currently has more than 9,200 electric generating units with more than 1 million megawatts of generating capacity connected to more than 300,000 miles of transmission lines, according to the article.

What makes a regular electric grid a “smart” grid? It comes down to digital technologies that enable “two-way communication between the utility and its customers, and the sensing along the transmission lines,” according to SmartGrid.gov.

Like the internet, the smart grid has a multitude of components, including “controls, computers, automation, and new technologies and equipment working together,” but in the case of the smart grid, “these technologies will work with the electrical grid to respond digitally to our quickly changing electric demand.”

“As we enter National Cybersecurity Awareness Month, it’s important to make sure your smart grid is a secure smart grid that includes a number of technologies to increase real-time situational awareness and the ability to support renewables and system automation to increase the reliability, efficiency and safety of the electric grid,” says Jeffrey Tufts, Cisco’s global energy segment leader. “There are a number of secure communications solutions that public utilities are using to support the newest smart grid applications including advanced metering infrastructure, distribution automation, voltage optimization and substation automation.”

MORE FROM STATETECH: Find out how the cloud and smart meters can be used to gain visibility into usage.

How Can Smart Grid Technology Benefit Smart Cities?

Smart grid technologies have numerous benefits for smart cities that deploy them, either on their own or in cooperation with utilities. Smart grids can provide “more efficient transmission of electricity as well as quicker restoration after power disturbances,” Tufts says.

“The smart grid also improves reliability and safety of the electric transmission and distribution grid via connected assets,” Tufts says. “Utilities benefit from reduced operations and management costs, which in turn means lower power costs for consumers. The smart grid also integrates with customer-owned power generation systems, including renewable energy systems.”

Pervasive communications is critical for smart cities in general and smart grids in particular, Tufts says. “At the most basic level, the network that is deployed by the utility in support of smart grids could be extended by the municipality to deploy other essential public services such as smart city lighting, traffic and water solutions,” he says.

According to a document from the U.S. Department of Homeland Security, “The Future of Smart Cities: Cyber-Physical Infrastructure Risk,” a smart grid — meaning smart power distribution and transmissions — includes various “automation, networking, and cyber-physical devices” that use “SCADA systems and other automation devices to increase response times to localized power outages and to gather grid performance data faster.”

Sensors, DHS says, allow utilities to “gather real-time usage information, better incorporate embedded renewable energy generation into the grid, and isolate system interruptions before they spread.”

Networked sensors on transformers let utilities “track equipment performance and better anticipate failures, reducing outages and repair costs,” the document notes.

“Finally, increased communication networks throughout distribution and transmission systems will improve overall system intelligence, allowing for better incorporation of demand-response programs, which let customers track energy availability and pricing to make consumption decisions accordingly,” DHS states.

Upon approval by a utility commission, the utility (whether municipal or investor-owned) can use investments in its network infrastructure “beyond the initial smart grid use cases to provide a value-added service to the city while also creating a potential revenue opportunity for itself,” Tufts says.

Smart grids in a smart city “also provide the opportunity to support power initiatives such as distributed generation (rooftop solar), demand response (time-of-day billing), microgrids and other programs that would benefit the citizens,” Tufts adds.

READ MORE: Find out how smart cities can use data effectively.

Smart Grid Cybersecurity Vulnerabilities

This interconnectedness of devices that come with a smart grid “introduces cyber-physical technologies that connect cyber systems to physical systems, thereby removing the barrier between the cyber and physical worlds,” DHS notes.

“Removing the cyber-physical barriers in an urban environment presents a host of opportunities for increased efficiencies and greater convenience, but the greater connectivity also expands the potential attack surface for malicious actors,” DHS states. “In addition to physical incidents creating physical consequences, exploited cyber vulnerabilities can result in physical consequences, as well.”

Connecting critical infrastructure to a communication network increases cybersecurity risk, Tufts adds.

A smart grid comprises a wide range of communication systems, power system sensors and control points, as well as computational assets. “Each unique component, architecture and network have their own cybersecurity vulnerabilities, from nontargeted attacks like user errors or malware and natural disasters to targeted cyberattacks, such as hacking the control system to switch power off in a city or region,” Tufts says.

The electric grid is considered critical national infrastructure and the increasing reliance on connected monitoring and control points makes the cybersecurity of the smart electric grid a major focus for utilities, regulators and the federal government, Tufts says. “Subsequently, the level of effort and investment that utilities are making to meet regulation and board requirements is driving the adoption of leading-edge cybersecurity technology and processes,” he says.

Jeffrey Tufts, Global Energy Segment Leader, Cisco
Building a secure network architecture requires an accurate asset inventory and a perfect understanding of normal communication patterns for these assets.”

Jeffrey Tufts Global Energy Segment Leader, Cisco

A major cybersecurity risk to smart grids comes from a lack of visibility, according to Tufts. Power grids can be quite old, and most utilities do not have an accurate inventory of the assets in the grid that are connected to a network.

“Some assets might have vulnerabilities, making them a target. Some might not be protected by existing firewalls,” Tufts says. “Others might be misconfigured and generate unwanted communications. Building a secure network architecture requires an accurate asset inventory and a perfect understanding of normal communication patterns for these assets.”

The deeper integration between smart grids and IT networks presents another risk, Tufts says, “making them vulnerable to traditional cyber threats such as malware intrusions and malicious traffic.”

Next-generation firewalls with intrusion detection and prevention system capabilities are key to protect against these threats, according to Tufts. “However, we have seen hackers developing custom malware unknown to any detection tool giving them a way into the control system, as seen with the power grid shutdown in Ukraine in 2015,” he says. “Securing smart grid infrastructures also requires baselining the normal behavior of all control systems in order to identify anomalies such as these.”

MORE FROM STATETECH: Find out how to protect your utility from a cyberattack.

Smart Grid Security Enhancements for Smart Cities

While there are clear vulnerabilities in smart grids, there are ways to protect them in smart cities.

“A successful approach to cybersecurity consists of many techniques that involve processes as well as technology solutions,” NIST says. “Minimizing organizational and device exposure to threats promotes system security but requires a structured approach to characterizing cybersecurity risks and managing the system’s protection and recovery schemes.”

On the technology side, network security is key. “To enable the utility to extend its critical network to nonutility users such as the municipality, Cisco provides its utility clients with a secure utility network architecture that protects and monitors the critical smart grid applications while allowing for the support of third-party services, such as smart cities,” Tufts says.

There are multiple entry points in smart grid architectures, meaning that smart cities and utilities need to put in place layered controls to provide defense in depth, according to Tufts.

“It is important for smart cities to take a holistic approach — one that uses specific countermeasures implemented in layers to create an aggregated, risk-based security posture — to defend against cybersecurity threats and vulnerabilities that could affect these systems,” he says.

Smart cities often use their local utility’s smart grid communication infrastructure to connect smart lighting controllers and parking sensors, according to Tufts. “It is recommended for these utilities to adopt a smart grid communications architecture that isolates the smart city applications from the core utility applications and endpoints,” he notes.

Smart cities that work with utilities on smart grids “should also create well-vetted cybersecurity standards and enforcement mechanisms in line with zero trust for devices and applications added to the utility’s network,” Tufts says.

Technology is not the only aspect of smart grid security. Utilities and municipalities “should include a robust workforce cybersecurity training and development plan” to protect smart grids, Tufts says.

According to NIST, security awareness training “should be provided to all users, including manufacturing system users and managers. Training could include, for example, a basic understanding of the protections and user actions needed to maintain security of the system, procedures for responding to suspected cybersecurity incidents, and awareness of operational security.”

Igor Borisenko/Getty Images