By Kathleen Davis, Senior Editor
Seguin, Texas, hosted the 15th Annual Texas Lineman’s Rodeo in July. Seguin is a small town about 30 minutes outside San Antonio along I-10. It became a hot spot in both competition and summer temperatures during the rodeo.
That humid Saturday in mid-summer, fluffy white clouds could be seen, but they weren’t alone in the sky that day. Linemen hanging from poles, posted inside buckets at the long-line end of work trucks’ mobile arms or crawling up to T-poles also filled the bright Texas sky.
The Texas Lineman’s Rodeo is sponsored by Texas Lineman’s Rodeo Association Inc. (TLRA), a nonprofit “created to offer line workers in the great State of Texas a way to showcase their pride in the profession of high voltage line work.” The rodeo is put together each year by hard-working volunteers who offer their time, efforts and organizational skills for free.
From 7 a.m. into the afternoon, the competition was fierce. Winners this year included individuals and teams from cooperatives, municipalities and investor-owned utilities (IOUs). Ryan Voges, Justin Green and Darin Koehler of New Braunfels Utilities won the first place overall journeyman award. The division winner for cooperatives went to John Hernanez, Brad Downum and Mark Jebbia of Bandera Electric Cooperative. Gregory Chelette, Richard Schwartz and John F. Kent brought in the overall journeyman team award for IOUs, while the Voges-Green-Koehler team won the municipal top spot. David McDowell, Danny Moss and Larry Terry of Farmers Electric Cooperative were the overall journeyman team, senior division, winners.
A complete list of 2011 rodeo winners is available at the Texas Lineman’s Rodeo website, http://tlra.org.
Securing an AMI Environment
By Prosenjit Dutta, Infosys Ltd.
Security is a hot topic in today’s digital energy age. Regulatory and government entities are busy developing industry security standards and codes, and most people agree that securing the utility ecosystem is a must. In the fervor, however, the industry must examine its challenges.
Advanced metering infrastructure (AMI) is the basic building block for the future smart grid-enabled utility. In an AMI-enabled environment, a utility’s initial and biggest challenge is the huge customer data surge. The volume of data exchanged is multiplied countless times as AMI is used for demand response, pre-payment, portal presentment and more.
The large volume of data creates challenges such as data theft, leakage and manipulation. Utilities must have a plan that assigns owners to different data elements, secures the data exchange paths and determines access and authorization provisioning.
Apart from addressing the risks associated with the surge in data volume, Figure 1 illustrates challenges with AMI and other advanced technologies adoption. Key vulnerabilities facing AMI ecosystems are:
- End point devices (meters, gateways and data collectors): service denial, unauthorized access to devices, customer data modification, firmware/data extraction, circuit analysis and more.
- Communication network (home-area network, wide-area network backhaul and radio frequency mesh): man-in-the-middle masquerade, service spoofing, encryption key theft and more.
- Utility’s data center (collection engine and upstream systems): spurious device reprogramming and remote disconnect requests originating from customer information systems.
To mitigate the risks posed by AMI adoption, utilities should perform upstream assessments of existing systems’ and AMI’s impacts.
These assessments should be conducted even during the steady state when AMI rollout has started or is fully completed (Figure 2).
Focus areas for security analysis and mitigation are illustrated in Figure 3.
Most utilities are reacting to AMI security threats instead of responding with a well thought-out strategy. Utilities, therefore, should modify their strategies to handle threats proactively by gathering near real-time information from smart meters. Utilities deploying AMI should consider proactively pulling data (event information) from smart meters at defined intervals and running correlation logics to identify and subsequently address possible vulnerabilities.
Proactive security practices in an AMI ecosystem should be enabled with real-time dashboards that alert systems administrators of possible attacks. When backed by tools to counter such attacks, a system can be made secure.
Prosenjit Dutta is principal consultant for energy, utilities and services with Infosys Ltd.
Raising the Bar: Preparing for Smart Grid Deployments
By Richard Guerra, Vivint Energy
The smart meter deployment in Bakersfield, Calif., has become the poster child representing how smart grid technology is moving faster than the industry’s ability to support it.
Helen Burt, Pacific Gas and Electric Co.’s (PG&E’s) vice president and chief customer officer, said that while a few inaccurate meters (less than half of 1 percent) exist, the real problems were caused by three issues: lack of training, poor customer service and no customer education process. Lack of training in field deployment and customer service, an issue not unique to PG&E, is contributing to the industry’s growing pains.
Government leaders recognize this issue and are attempting to alleviate it. In April 2010, the Obama administration set aside $100 million of $4.5 billion budgeted for smart grid for training and development. These funds are dedicated to creating utility and electrical worker programs that will attract and prepare the utility industry’s next-generation work force. Although this is a step in the right direction, a gap exists: The program trains professionals to maintain an existing grid but does not address skills needed for initial smart grid deployments, including the ability to install a meter and check its accuracy.
The industry must raise the bar on the quality of advanced metering infrastructure (AMI) deployments. It is only through standardized training for deployment technicians that the smart grid can reach its potential.
Customer service training for field personnel is important. Technicians must receive basic customer service training to understand how they should conduct themselves on customers’ premises and respond to customer inquiries. This is not, however, an area that’s emphasized in most deployment vendors’ training programs. A few technicians know how to handle theft of service, medical alert customers or customers who have radio frequency concerns, but most are trained inadequately or sometimes not at all. Lack of field knowledge can be disastrous for the community relations side of a deployment.
Many technicians receive as little as four hours and typically no more than a few days of training under the watch of an “experienced” technician—one who went through the same training. The most common consequence of this is poor quality and missed opportunities to identify and correct issues with cash registers, customer information systems or both.
In addition, without adequate training, many utilities cannot take advantage of a perfect opportunity to conduct a mini audit while personnel visit every meter point in their service territory. During the initial AMI installation, a well-trained technician can identify poor service conditions, theft of service, incorrect meter applications, defective equipment and incorrect wiring. This is critical. With an AMI system, utility personnel no longer will visit the site each month.
When technicians are trained to conduct a mini audit, many of these issues can be identified and corrected. A mini audit adds less than one minute to a typical installation. Some people have said this additional minute can create more than 200 extra work days for a 100,000-point deployment. It adds just more than 200 man-days, not working days. A 100,000-point deployment scheduled to be completed in 12 months will require approximately eight technicians to install about 50 meters per day. A one-minute mini audit would add only 25 extra project days to the deployment. Are 25 additional working days worth the added quality and peace of mind? Are 25 days worth knowing a new AMI system is metering correctly and providing reliable, accurate data?
Raising the Bar
Why aren’t more companies thoroughly training their installation technicians? Capital expense and lack of vision. In such a new industry, the capital expense required to implement a successful, qualified work force can be prohibitive. More important, the industry might be content to work with the status quo. This will not be a viable option.
Customers demand a high quality and assurance that the service is worth their investment. The industry must be ready to answer that call. It’s time to raise the bar on smart grid deployments.
Richard Guerra is the vice president of the Vivint Energy’s smart grid division. He has more than 30 years’ experience creating training and support programs for AMI infrastructures and overseeing installation contractors to ensure quality AMI deployments.
When Refrigerators Attack! The Importance of Critical Infrastructure Security
By Chris Poulin, Q1Labs
It sounds like the next Steven Spielberg movie: In the not-too-distant future, energy and utility companies band together to make a smart grid, gaining access to consumers’ home appliances. This access enables utilities to provide a greener community for their users, granting companies authority to shut down appliances, if, for instance, a light is left on too long or a toilet is running while a homeowner is on vacation.
Appliances are connected via one network, creating a single target to be taken down.
In the next scene, a hacker, perhaps a teenage cybervandal or Internet terrorist, has cracked into the network and is flooding the local townspeople’s homes while turning on their microwaves and toasters, turning the streets into hotbeds of electrical currents. Unlike a Spielberg movie, this not-so-happy ending could be real.
Smart grid creates nearly unlimited usefulness to homeowners. Obsessive compulsives can check at will whether they left the iron on or the bathroom sink running; alerts can be configured to send texts to cell phones or update Facebook status when the dryer finishes tumbling that favorite blouse.
Smart appliances also will allow grid operators to monitor electric and other utility use and shunt power to areas that need it more, such as air conditioners in Phoenix in summer, and away from homes in which all lights are on but the front door hasn’t been opened in three days (presumably the owners are on vacation).
With greater functionality comes greater risk. Initially, utility operators can reduce or cut power only to homes or neighborhoods. Eventually, however, every consumer appliance and gadget will be controllable from outside homes. It will be as if every home has a supervisory control and data acquisition (SCADA) system controlling electricity, water and eventually every aspect of consumers’ home lives.
Utilities already are a popular target for hackers, and as more energy, utility and critical infrastructure providers transition to smart grid, they will be challenged to protect more than their networks from cybercriminals and nation-state attacks. The potential for bad guys to gain control of a home is a real threat that is not far into the future.
Are utilities prepared to take on this threat? A recent Ponemon Institute survey says not really. Following is a list of survey results that cause concern:
- Only 21 percent of global energy and utilities organizations said their existing controls can protect against exploits and attacks through smart grid and smart meter-connected systems.
- Seventy-five percent of global energy organizations surveyed admit to having suffered at least one data breach during the past 12 months.
- Seventy-one percent of information technology security executives at global energy producers said their executive management team does not understand or appreciate the value of information technology security.
- Seventy-two percent said initiatives are ineffective at creating actionable intelligence, such as real-time alerts, threat analysis and prioritization about actual and potential exploits.
- Sixty-nine percent of organizations said a data breach is very likely or likely to occur during the next 12 months.
- Sixty-seven percent of energy organizations are not using state-of-the-art technologies to minimize risks to SCADA networks.
- Only 39 percent of energy producers said their organization’s security program is dedicated to detecting or preventing advanced persistent threats.
Companies revealed they spend 10 times more on physical security than information technology security—a serious oversight for those approving security spending. This highlights a glaring disconnect between executives and information technology departments within energy and utility companies.
Attacks specifically targeting SCADA systems have increased in the past few years, culminating in Stuxnet, which destroyed centrifuges that spin nuclear material at Iranian uranium-enrichment facilities. Energy and utilities organizations’ migration to smart grid to improve Internet-based communication among providers, consumers, transmission centers and plants has expanded the number of potentially exploitable targets dramatically.
Executives in critical infrastructure organizations and manufacturers of smart meters and smart appliances must recognize the risk and allocate budget and resources to build information technology security into their products and offerings. In addition, utility operators and information technology security teams should be trained on security threats and design comprehensive security strategies. Until this happens, consumers and our national critical infrastructure are in peril.
I prefer movie endings where the good guy rides off into the sunset.
Chris Poulin is the chief security officer for Q1 Labs, a provider of security intelligence solutions.
PowerGrid International Articles Archives
View Power Generation Articles on PennEnergy.com