Wednesday, December 1, 2010

Grid-Interop Day 2 Notes

Once again, for my regulatory compadres, a summary of the events at Grid-Interop for Day 2 (As always, my commentary is in italics.):
  • Tom Evslin opened in the morning, comparing the future of the grid to the history of the Internet. 
    • Interesting 30,000 foot view, but at that height, many complicated and critical details get missed.
    • Most interesting and important points of Tom's presentation:
      • Eventually, grid neutrality will be as important as net neutrality is now. 
        • We need to establish early on a "Smart Grid Carterfone" decision.  Otherwise, instead of the "internet of energy", we'll have the Ma Bell PSTN of energy.
      • Smart Grid has to enable consumers to improve their lives, not just save them a few dollars, and that ability needs to be communicated to consumers now.
  • Foundational session:
    Panel discussion on why interoperability matters, and the need for consumer understanding of SG.
  • Unfortunately, I got pulled into a discussion of AMI security and privacy, and missed the session on Regulatory Policies and Rate Structures for a Demand Responsive Grid.  I will try to locate a link to the webinar, or at least the slides and notes.
  • CSWG Updates (Note: slides for Tuesday's and Wednesday's CSWG briefings are available at:
    http://collaborate.nist.gov/twiki-sggrid/bin/view/SmartGrid/CSWGBriefings
  • FERC Update - Annabelle Lee
    • Important point regarding FERC's process regarding standards.  FERC is "adopting"standards.  The "adoption" of standards does not equal rulemaking, it is still voluntary.  This is a critical distinction from other FERC rulemaking actions.  I intend to follow up on this with Annabelle and elaborate later.
    • NIST forwarded IEC 62851 to FERC.  IEC 62851 uses a weak encryption standard, how will FERC address this?  No clear answer from Annabelle, but Frances Cleveland pointed out that the 62851 is being reworked by IEC to resolve the encryption question. 
  • The CSWG has "liasons" to each of the active Priority Action Plans (PAPs).  Each PAP Liason present provided an update of status.
    • PAP 05 - Meter Data Profiles - Darren Highfill
      Subgroup produced a report on PAP 5 CyberSecurity.  Several issues did come up, and were addressed through AMI Security subgroup.  PAP 05 is on its way to completion.
    • PAP 11 - Plugin Electric Vehicles - Sandy Bacik
      2 of 3 standards were OKed by CSWG.  Modifications of the last have been propsed to the PAP and updates are in process
    • PAP 15 - Harmonize PLC coexistance - Mike Coop
      Does not appear to have security implications on broadband, since it only deals with how devices avoid crippling each other.  (Could defeating that ability create a security risk?)
    • Narrowband will be a complete spec, which will have security implications
    • PAP 17 - Intrafacility data - Your humble author
      PAP 17 does not appear at this time to have security implications, as it is addressing strictly identifying what data expressions are needed for energy management.
    • Status Report on other PAPs from Frances Cleveland
      • PAP 3 pricing model is progressing
      • PAP 7 storage is likely to have security issues to address, since it is a complete physical and communications spec,
      • PAP 14 Synchrophasors
        Unlikely at this point that the PAP has yet addressed, or will address without CSCTG prompting, needed security issues.
      • PAP 16 Wind Plant
        In effect IEC 61850 (distribution substation management) for wind.  Security aspects identical to regular 61850.
  • Evening session Discussion of Smart Energy Profile 2.0 and how it relates to PAPs 3 & 4
    • SEP 2.0 is a collection of architectures and standards at the application layer.  It approaches the issues using a series of "Function Sets" such as Pricing, PEV, firmware, etc..
    • Uses TLS security, plus whatever link layer security (same as https:// addresses)
    • Certificates based on Elliptical Curve Cypher required, with RSA cypher as an option for interoperability
    • Uses HTTP as application layer in a RESTful manner
      •  (GET, PUT,POST, DELETE)  Using well-known protocol.
      • Essentially, the techniques that makes web pages like this one work.
    • Uses mDNS - multicast DNS  No DNS server needed.
    • Incorporates DMS discovery via DNS-SD
    • EXI - Tokenized XML
    • Uses CIM as its semantic model.
    • Boil it all down, SEP 2.0 is  a repackaging of existing internet tools into a hierarchy that tries to address the needs of Smart Grid communication.  While it may be fine for interaction with the consumer (i.e. web pages displaying energy usage and pricing), it seems to me that the use of TLS (which has been broken) as a security platform for more critical needs creates a security risk that ECC and RSA are not strong enough to overcome.
That's it for today.  My brain is full...

No comments:

Post a Comment