The stakes are steep. The challenge is nuanced and evolving. And, at this point, there are
at least as many as questions as there are answers about how the job should be carried
out.

Together, those factors make cyber-security one of the most talked-about topics in the
Smart Grid conversation worldwide.

In overlaying the electricity-delivery facility with an Internet Protocol (IP) network
for command and control, cyber-security is obviously of utmost importance. Lives and
whole economies are jeopardized if the power grid is disabled, and, conceptually, at least,
inaccurate or compromised data could lead to areas of the grid being shut down.

And not only are the stakes very high in Smart Grid security, the task also is more multi-
faceted and elusive than what utilities have historically faced.

In the legacy world of analog systems and electro-mechanical devices, whatever threat
posed to the security of grid would have to come from the outside of the infrastructure in.
The concept of digital grid modernization introduces the possibility of internally oriented
threats, such as worms and hacking.

Plus, there are not only man-made cyber intrusions to be imagined; there are the weather,
geological and similar events to still be considered, too. How will the Smart Grid respond
in the event of tsunamis, earthquakes, magnetic storms that could potentially disrupt our
ability to control systems and ensure grid reliability?

Furthermore, cyber-security will have to be an ongoing process—a challenge, for
example, of trying to react to or anticipate the new tactics of rogue operators.

For utilities, this all means an expanded and more adaptive security posture—and a
requirement that cyber-security be construed in such a way that today’s deployments
are not rendered obsolete as next-generation capabilities are necessitated. Software
designs must be functionally generic so that whatever we do today is compatible with the
inevitable changes that tomorrow will bring.

This is where standards-development organizations (SDOs) have a role.

Since its inception in March 2009, the IEEE P2030 Working Group has organized
power, communications and Information Technology (IT) engineers in specifying the
interfaces where interconnection and interoperability must be ensured for the Smart
Grid to function. Security requirements for power system control operations, intelligent
electronic devices (IEDs) and the bulk power system are among the subjects addressed in
the IEEE P2030 “Draft Guide for Smart Grid Interoperability of Energy Technology and
Information Technology Operation With the Electric Power System (EPS), and End-Use Applications and Loads,” which is in IEEE sponsor today and on target for finalization as
a standard in 2011.

There is a strategic question, however, of just how far into cyber-security should
standards delve. What would the impact be of not merely identifying the interface where
cyber-security is necessary but also defining the techniques of embedded intelligence
at those specific points? If the good guys give away too detailed of a roadmap of how
utilities can protect the Smart Grid from attack, are we giving the bad guys too much help
in devising threats?

The Smart Grid’s cyber-security questions are among the most hotly debated by utilities,
the industry serving them and SDOs around the globe today.