Interesting People mailing list archives
Re: The Smart Grid and Cybersecurity
From: David Farber <dave () farber net>
Date: Sun, 12 Apr 2009 08:27:59 -0400
Begin forwarded message: From: Rahul Tongia <tongia () cmu edu> Date: April 11, 2009 2:23:05 AM EDT To: dave () farber net Cc: ip <ip () v2 listbox com> Subject: Re: [IP] Re: The Smart Grid and Cybersecurity Reply-To: tongia () cmu edu Dave, [I will leave other issues for others to discuss...]The privacy issue is non-trivial. A (near) real-time meter doesn't just know if you're home or not, depending on the sampling rate, one can find out a lot more. There are documented cases of the police being informed by the power utility of "suspected marijuana" based on the load profile.
As an experiment, some researchers have been studying what information can be learned by ultra-sampling. It turns out one can tell if someone drinks caffeinated vs. decaf!
Rahul David Farber wrote:
Begin forwarded message: From: Thomas Lord <lord () emf net> Date: April 10, 2009 5:45:36 PM EDT To: peter () peterswire net Cc: ip <ip () v2 listbox com>, David Farber <dave () farber net>, systemdisruption-web () yahoo com Subject: Re: [IP] The Smart Grid and Cybersecurity [CC'ed (out of the blue) to Mr. John Robb, Author of "Brave New War" and blogging at http://globalguerrillas.typepad.com For Mr. Robb's benefit I'll mention that this note is in response to the article at http://wonkroom.thinkprogress.org/2009/04/10/smart-grid-security/ ] Mr. Swire, I have some questions that I don't see answered in your essay or in the materials on the Center for American Progress site. 1. How are cost savings obtained by putting up high voltage power lines and fiber at the same time? My naive understanding is that the power lines are generally strung between towers while fiber is usually buried. Even if the same right of ways are used it seems like you are suggesting having two crews, in the same spot, at the same time, getting in one another's way. I did find reference elsewhere to case in Germany where power and fiber were both buried and were buried in the same conduit - so I can see the cost savings there - but is that the plan here? 2. I do not understand your claim that the new smart grid can improve resiliency only in very incremental ways, given the price tag. In fact it seems it might diminish resiliency: You appear to describe a plan to centralize mass production of electricity where solar, wind, and geothermal resources are the most abundant and use new grid construction to increase the number of regions which depend on those central points of production. Will this not simply create significantly larger "single points of failure" effecting more people? I would have thought that resiliency demanded far, far greater decentralization of *generation*. That is, I would have expected investment in local generation technologies and local distribution grids to have a higher priority than extensions of the long haul grid around new points of centralized production. 3. You discuss efforts to use the Internet more intelligently than at present as an element of the control system for the new grid. Doesn't that also harm resiliency by making electric supply dependent on the Internet remaining operational? What formal design validation processes are to be put in place to prevent that form of fragility? 4. Your discussion of Internet bandwidth advantages confused me. What specific relation between bandwidth and encryption to you believe exists? How do you believe larger bandwidth supports "an effective intrusion detection system"? Why do you use the word "robust" in talking of "The same robust communications infrastructure..."? And in what way does higher bandwidth "support far more complex and effective responses to an actual cyberattack"? These claims sound to my ears like claims that magic exists. I'm not aware of any way in which encryption demands especially high bandwidth. Whatever the relation between bandwidth and intrusion detection there are certainly more important factors about intrusion detection than bandwidth. And so forth. 5. I understand from your biography that you were Chief Council on Privacy to President Clinton. Will you perhaps say a few words about the privacy implications of the smart grid? The last I heard, for example, Google was making a bid to be the "go to" service for smart power meters. If the bid is successful, the hour by hour power consumption habits of many individual citizens will be added to a database at Google along side Google's records of many of each individuals purchasing habits, web-surfing habits, and even hour-by-hour geographical location habits. Google has already (with pride, no less) expressed the intent to invest in building ever more sophisticated system to psychologically profile individuals on the basis of such data, for private commercial (and presumably political) gain. Thus, the emerging system would seem to me to be part of an enormous new invasion of individual privacy. And, as I presume that you can appreciate, centralized surveillance of citizens in such matters is a significant threat, not an aid, to the resiliency of our society so the privacy and resiliency issues are deeply intertwined. 6. I do not understand why you would say that the challenge for electricity providers is to use the Internet securely. When I heard that the new administration wanted to stimulate the economy and help secure the nation with infrastructure investments I thought (and still think) that that's a very good idea. I've been little but disappointed to see the actual investments being considered, however. They seem unrealistic and seem oriented towards further diminishing resilience rather than increasing it. All too unsurprisingly, these questionable strategies seem quite strong if read as plans for how a few highly influential firms can make a lot of money quickly on the basis of government spending. You seem to have your fingers on the pulse of the action in Washington around these issues so perhaps you can comment. Thank you, -t Thomas Lord lord () emf net / 510 825 7915 2915 Dohr St. Apt G Berkeley, CA 94702 On Fri, 2009-04-10 at 16:45 -0400, David Farber wrote:Begin forwarded message: From: Peter Swire <peter () peterswire net> Date: April 10, 2009 4:03:18 PM EDT To: David Farber <dave () farber net> Subject: The Smart Grid and Cybersecurity Dave: Much thanks for your own thoughts, off-line, about the smart grid and cybersecurity. My post on the subject is now up: http://wonkroom.thinkprogress.org/2009/04/10/smart-grid-security/ Peter Prof. Peter P. Swire C. William O'Neill Professor of Law Moritz College of Law of the Ohio State University Senior Fellow, Center for American Progress (240) 994.4142, www.peterswire.net ______________________________________________________________________ Archives------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- The Smart Grid and Cybersecurity David Farber (Apr 10)
- <Possible follow-ups>
- Re: The Smart Grid and Cybersecurity David Farber (Apr 10)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 12)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 13)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 13)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 14)
- Re: The Smart Grid and Cybersecurity David Farber (Apr 14)