Re: The Smart Grid and Cybersecurity

[David Farber <dave () farber net>]

Begin forwarded message:

From: Rahul Tongia <tongia () cmu edu>
Date: April 11, 2009 2:23:05 AM EDT
To: dave () farber net
Cc: ip <ip () v2 listbox com>
Subject: Re: [IP] Re:   The Smart Grid and Cybersecurity
Reply-To: tongia () cmu edu

Dave,

[I will leave other issues for others to discuss...]

The privacy issue is non-trivial.  A (near) real-time meter doesn't  
just know if you're home or not, depending on the sampling rate, one  
can find out a lot more.
There are documented cases of the police being informed by the power  
utility of "suspected marijuana" based on the load profile.

As an experiment, some researchers have been studying what information  
can be learned by ultra-sampling.  It turns out one can tell if  
someone drinks caffeinated vs. decaf!

Rahul

David Farber wrote:
> Begin forwarded message:
>
> From: Thomas Lord <lord () emf net>
> Date: April 10, 2009 5:45:36 PM EDT
> To: peter () peterswire net
> Cc: ip <ip () v2 listbox com>, David Farber <dave () farber net>, systemdisruption-web () yahoo com
> Subject: Re: [IP] The Smart Grid and Cybersecurity
>
> [CC'ed (out of the blue) to Mr. John Robb,
> Author of "Brave New War" and blogging at
> http://globalguerrillas.typepad.com
> For Mr. Robb's benefit I'll mention
> that this note is in response to
> the article at
> http://wonkroom.thinkprogress.org/2009/04/10/smart-grid-security/
> ]
>
>
> Mr. Swire,
>
> I have some questions that I don't see answered
> in your essay or in the materials on the Center
> for American Progress site.
>
>
> 1. How are cost savings obtained by putting
> up high voltage power lines and fiber at the
> same time?   My naive understanding is that
> the power lines are generally strung between
> towers while fiber is usually buried.  Even
> if the same right of ways are used it seems like
> you are suggesting having two crews, in the same
> spot, at the same time, getting in one another's
> way.   I did find reference elsewhere to case
> in Germany where power and fiber were both buried
> and were buried in the same conduit - so I can
> see the cost savings there - but is that the plan
> here?
>
> 2. I do not understand your claim that the new
> smart grid can improve resiliency only in very
> incremental ways, given the price tag.   In fact
> it seems it might diminish resiliency:  You appear
> to describe a plan to centralize mass production
> of electricity where solar, wind, and geothermal
> resources are the most abundant and use new
> grid construction to increase the number of regions
> which depend on those central points of production.
> Will this not simply create significantly larger
> "single points of failure" effecting more people?
> I would have thought that resiliency demanded far,
> far greater decentralization of *generation*.  That
> is, I would have expected investment in local
> generation technologies and local distribution
> grids to have a higher priority than extensions
> of the long haul grid around new points of centralized
> production.
>
> 3. You discuss efforts to use the Internet more
> intelligently than at present as an element of the
> control system for the new grid.   Doesn't that also
> harm resiliency by making electric supply dependent
> on the Internet remaining operational?   What
> formal design validation processes are to be put in
> place to prevent that form of fragility?
>
> 4. Your discussion of Internet bandwidth advantages
> confused me.  What specific relation between bandwidth
> and encryption to you believe exists?  How do you
> believe larger bandwidth supports "an effective intrusion
> detection system"?  Why do you use the word "robust"
> in talking of "The same robust communications infrastructure..."?
> And in what way does higher bandwidth "support far more
> complex and effective responses to an actual cyberattack"?
> These claims sound to my ears like claims that magic
> exists.   I'm not aware of any way in which encryption
> demands especially high bandwidth.  Whatever the
> relation between bandwidth and intrusion detection there
> are certainly more important factors about intrusion detection
> than bandwidth.  And so forth.
>
> 5. I understand from your biography that you were
> Chief Council on Privacy to President Clinton.  Will
> you perhaps say a few words about the privacy implications
> of the smart grid?  The last I heard, for example,
> Google was making a bid to be the "go to" service
> for smart power meters.  If the bid is successful,
> the hour by hour power consumption habits of many
> individual citizens will be added to a database at
> Google along side Google's records of many of each
> individuals purchasing habits, web-surfing habits,
> and even hour-by-hour geographical location habits.
> Google has already (with pride, no less) expressed
> the intent to invest in building ever more sophisticated
> system to psychologically profile individuals on the
> basis of such data, for private commercial (and presumably
> political) gain.   Thus, the emerging system would
> seem to me to be part of an enormous new invasion of
> individual privacy.   And, as I presume that you can
> appreciate, centralized surveillance of citizens in
> such matters is a significant threat, not an aid,
> to the resiliency of our society so the privacy and
> resiliency issues are deeply intertwined.
>
> 6. I do not understand why you would say that the
> challenge for electricity providers is to use the
> Internet securely.
>
> When I heard that the new administration wanted to
> stimulate the economy and help secure the nation
> with infrastructure investments I thought (and still
> think) that that's a very good idea.   I've been
> little but disappointed to see the actual investments
> being considered, however.  They seem unrealistic and
> seem oriented towards further diminishing resilience
> rather than increasing it.   All too unsurprisingly,
> these questionable strategies seem quite strong if
> read as plans for how a few highly influential firms
> can make a lot of money quickly on the basis of
> government spending.   You seem to have your fingers
> on the pulse of the action in Washington around
> these issues so perhaps you can comment.
>
> Thank you,
> -t
> Thomas Lord
> lord () emf net / 510 825 7915
> 2915 Dohr St. Apt G
> Berkeley, CA 94702
>
>
>
>
>
>
>
>
>
>
> On Fri, 2009-04-10 at 16:45 -0400, David Farber wrote:
> > Begin forwarded message:
> >
> > From: Peter Swire <peter () peterswire net>
> > Date: April 10, 2009 4:03:18 PM EDT
> > To: David Farber <dave () farber net>
> > Subject: The Smart Grid and Cybersecurity
> >
> >
> > Dave:
> >
> > Much thanks for your own thoughts, off-line, about the smart grid and
> > cybersecurity.
> >
> > My post on the subject is now up:
> >
> > http://wonkroom.thinkprogress.org/2009/04/10/smart-grid-security/
> >
> >
> > Peter
> >
> > Prof. Peter P. Swire
> > C. William O'Neill Professor of Law
> > Moritz College of Law of the Ohio State University
> > Senior Fellow, Center for American Progress
> > (240) 994.4142, www.peterswire.net
> >
> >
> >
> > ______________________________________________________________________
> > Archives
>
>
>
>
>
> -------------------------------------------
> Archives: https://www.listbox.com/member/archive/247/=now
> RSS Feed: https://www.listbox.com/member/archive/rss/247/
> Powered by Listbox: http://www.listbox.com




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com