Small world

Phil Carson | Feb 04, 2010

Share/Save  

As I sat down for yesterday’s opening session at Grid ComForum at the Santa Clara Convention Center, I turned to the gentleman sitting to my right and extended my hand.

“You must be Phil Carson,” he said. “I just read your column.”

As the gentleman seemed pleased (he did not run), I concluded that his reading time had been well-spent. Later, at a session on standards and patents, I introduced myself to one of the panelists.

“I know who you are,” he said. “I posted a comment on one of your columns last week. You do read the comments, don’t you?” (Indeed. But I admit he had the jump on me. That was then, this was now.) Another panelist had a similar reaction.

While this sort of palaver is obviously self-aggrandizing, I mention it because the intelligent utility/smart grid space indeed is populated by a growing but still fairly intimate group. One understandable and bracing contrast: two gentlemen at lunch grew wary when, after asking what they worked on (distribution substation controls), I mentioned my journalism role. They politely suggested I contact “the marketing people.” Fair enough.

But enough about me -- actually this is about Energy Central, whom I work for. Today and tomorrow I’ll run through a few of the more informative sessions I attended, beginning today with a hot button issue: security. A four-person panel provided a diversity of messages, imbued with disparate emotions ranging from dispassionate to quite passionate.

Jeffrey Katz, chief technology officer for IBM’s electric and utility sector, may not find work soon as a comedian. But Katz pointed out that the “security threat” did not “just” imply a loss of electricity to customers. With any extended loss of service would also come economic damage to industry and a loss of confidence from consumers and regulators. 

“Security is risk management,” Katz intoned, a point repeated by his panel. But Katz pointed to other industries that have successfully faced seemingly similar scenarios. The banking industry once heard that ATMs would be their demise, that online banking was an invitation to disaster.

“There are ways to deal with massively distributed risks in a reasonable way,” he concluded.

Erfan Ibrahim, technical executive in the Intelligrid program at the Electric Power Research Institute (EPRI), took a similarly calm approach.

“This is not rocket science,” Ibrahim said. “Trust me, I’ve been involved in rocket science and this is not that hard.”

Ibrahim spent his allotted six minutes enumerating the resources available and steps recommended to those charged with security matters. But he did not downplay the challenge. Discuss the matter with colleagues, win top management’s support and take concrete steps to manage risks, Ibrahim suggested. Develop a threat profile, assess the risks, know your security requirements, look to standards, then go to vendors who understand that security is a systematic matter, not an add-on, he said.

“Think forward, reason back,” Ibrahim said. “This is not a done deal, there’s plenty of room for innovation.”

Joe Weiss, managing partner at Applied Control Systems, however, brought the heat of passion to his remarks. First, Weiss said, forget the cliché “cyber security” and think of security as an all-encompassing concern in every area of operations. Set aside the notion that security means protection against malicious acts. Most of the documented incidences of power generation or transmission and distribution interruption have been intentional acts -- despite the unintended consequences -- and malevolence plays a small if significant role in the discussion.

Security is a relative matter and no one has ever secured an industrial control process in any industry, because to do so would render such a system inoperable, according to Weiss. After all, by definition, security is secondary to performance. Further, interoperability is mutually exclusive of security.

With those dire observations, Weiss repeated that security is a systemic consideration, not solvable with a “forklift upgrade.”

And we’re short on expertise and educational tracks to solve that shortage, Weiss said. Globally, in Weiss’ view, fewer than 200 people are alive today who are capable of addressing the matter.

To the doubters of Weiss’ passionate concerns, he pointed out that more than 170 documented control system events have occurred worldwide to date, the vast majority of which have not been malicious, but nonetheless have -- at least in two instances -- involved the complete shutdown of nuclear plants.

The room was fairly quiet at that point. This was stuff typically spoken of in hushed tones in windowless rooms.

Phil Carson
Editor-in-chief
Intelligent Utility Daily
pcarson@energycentral.com
303-228-4757    
 

Want more news and insights? Sign up for a FREE industry newsletter
Login to post comments
Views: 797
Share/Save   E-mal This   Print This