Monday, October 24, 2011

Over a month...

It's been over a month since my last posting here.  That doesn't mean I haven't been writing, though.  If you're at all curious what I've been doing since October 3rd, PR Newswire will tell you.

Lots of writing, lots of talking, not much blogging.  I'll get back to blogging one the pace dies down a bit...

Tuesday, September 20, 2011

The Economist on Smart Grid

A former co-worker pointed out a Blog entry on The Economist website, titled "Difference Engine: Disaster waiting to Happen," and asked my opinion. I gave him a short answer in e-mail, but thought a longer answer was required.

I'm not sure who the author is, the byline just shows "N.V.". (Hmmmmmm. Envy? Of what?) I'm a bit puzzled by his (her?) unwillingness to attach a name to the posting. Regardless, it reads like a pretty reasonable assessment of the recent Southern California blackout, given that the failure analysis and determination of causes is in its opening stages. However, further thought (or, for that matter, scrolling through the Comments) identifies a number of factual inaccuracies (like the runway lights being out at the airport. Really, no backup generation?) and errors in thought.

Thursday, September 8, 2011

Subcommittee on Technology and Innovation Hearings

I've been listening to a House Subcommittee on Technology and Innovation Hearing where the topic is stated as "Empowering Consumers and Promoting Innovation through the Smart Grid."

A catchy title, but not really what the hearing is about. According to the Hearing Charter, the hearing is supposed to "...examine the status of efforts to develop open standards for smart grid technologies and drive innovation within smart grid development. This hearing will provide the Subcommittee with an update on current standards development accomplishments, as well as the actions needed to empower and protect consumer interests while promoting innovation through the growth of the smart grid.

I say supposed to, because very few of the questions I heard were about open standards, promoting innovation or empowering customers. (In the interest of fairness, I missed some of the beginning.) Most of the questions seemed to be about how much money has been spent by NIST, and how many jobs it will generate. I get the importance of being budget concious in tough economic times, but that money's already been spent. Nothing that Congress can do now will change whether that money was well or poorly spent, particularly since Congress (not NIST) dictated the mad rush to spend most of that money through the ARRA requirements.

The answers the witnesses gave were good, but the questions were wrong, and so were some of the witnesses, I'm afraid. Nothing against any of the witnesses, they're all very bright people, but they aren't the people you need to talk to, if you want to learn about innovation, or either empowering or protecting customers.

Okay, maybe I overstated it. Rik Drummond and John Caskey come close, because John is fairly directly involved on behalf of NEMA, and Rik is a pretty keen observer. Donna Nelson can tell you about what worked in Texas. "Lessons learned" in Texas may not always apply elsewhere, because Texas's grid is pretty unique.

In any case, if you want to talk about any of those topics, beating George Arnold up about the last 3 years' budget figures certainly isn't going to get you there.

If you really want to learn what's going on with standards development, innovation, or empowering consumers, or protecting consumers, talk to the people who are doing the work on standards, the people who are developing innovative products around those standards, and the people who are working on architectures for those products to plug into.

So, Representative Quayle, if you and your committee members want to see what is going on with Smart Grid, come to an industry conference, register like anybody else, and ask what people are working on. Talk to the vendors, talk to the consultants (like me ), talk to the engineers. You'll be amazed at the insightful, creative problem solving that's being done by people who have staked their personal futures on making everyone's future better.

Or, if you just want an opportunity to beat your favourite drum, feel free to spend money having hearings like this one. The rest of us will be busy making this stuff happen (and passing George Arnold a couple of aspirin.)

Thursday, September 1, 2011

A "Smart" Grid or an "Instrumented" Grid?

I'm seeing a lot of discussion that indicates that there is some degree of confusion on what "Smart Grid" is.

To some, "Smart Grid" means that there is more real-time monitoring of events in the grid, with more resources (generation, storage, demand response) located within the grid, all under fairly centralized control.  Lots of data and instructions being generated and communicated, so that the grid can be managed in a way that is more efficient.  This is pretty much the way things are now, except the centralized control structure is smarter about the grid than it used to be, and has more resources to control.

That's an improvement over what is, but it isn't a "Smart Grid," because the Grid isn't any smarter.

So what is "Smart Grid?"  When does the grid become smart?

The Grid becomes Smart when it gains the ability to autonomously observe and respond to local conditions.  In short, the Grid gains intelligence.  This doesn't mean that centralized control or existing protection systems go away, but it does mean that they may have less to respond to.

It can be (and has been) argued that the grid already has this kind of intelligence.  Synchrophasors, generators, and SCADA systems already respond to things like voltage and frequency changes.

True, at the Generation and Transmission level. But where the rubber meets the road, and where the problems that these facilities have to respond to is at the distribution level.  Move intelligence closer to (and even into) the load.

Fix voltage and frequency fluctuations where they begin, at the load (which now becomes a resource, since it can respond to local conditions.)

That, is a "Smart Grid" everything else is just "SCADA on steroids", and we all know what happens on steroids...

Wednesday, August 10, 2011

Another XKCD

The thing I love about XKCD is that it is always spot-on in the hardware, software and "wetware" (i.e. human) worlds...

Tuesday, August 2, 2011

This could be the start of something...

You may have already seen the press release, or the analysis by my compadre over at ThinkSmartGrid, but I thought it would be interesting (to me at least) to talk a bit about what a consortium on SEP 2.0 certification means, and what it doesn't.

Friday, July 29, 2011

Time of Use Rates and "Cherry Picking"

One of the concerns that I have heard expressed by Utilities about implementing Time of Use rates is that customers will "cherry pick" (i.e. those customers who already have advantageous load profiles will adopt TOU rates.)

Of course they will, and you want them to

Tuesday, July 26, 2011

Just had to add this...

I've been off the blog for a while, but since I'm getting back in the saddle again, I realized when I saw this I had to post it...

Tuesday, May 24, 2011

Lessons from Japan and elsewhere

Interesting comment at Connectivity Week by Osamu Onodera from NEDO (Japan's energy research body) on the opening panel about finding the business case / value-add / why should we do this?

He noted that Japan's tsunami/earthquake event pointed out to the Japanese power industry the weakness of centralized power generation.  Even where the power infrastructure wasn't severely damaged, the nation continues to deal with rolling blackouts, which would have been far more limited, or even eliminated, by a more distributed generation design.

Following up was Heart Akerson, who is behind the Heart Transverter, an $11K device that he hopes will revolutionize the grid, one end-user location at a time.  His point: Deal with the endpoint first, then the grid.  Of course, that's his device's strong suit, but he made some good points about moving the logic to the endpoint, and reducing how much information needs to be transmitted, improving both security and reliability (the system isn't as dependent on good communications.)

Is the future of critical infrastructure protection minimizing the criticality of the (common) infrastructure?

Tuesday, May 17, 2011

PEVs and fuel taxes, Part II

Way back on Valentine's Day, I wrote about the problem of declining fuel-use taxes associated with PEVs, in the context of a discussion about the right and wrong ways to handle "roaming" (recharging away from your primary home / business location.)

Back then, I indicated that states were going to be looking to replace that lost revenue.  Well, it looks as though I wasn't the only one to see that hand writing on the wall.1  A scant nine days after I wrote that entry:
  • a Texas legislator introduced a Bill that would require the Texas DOT to initiate a pilot project to charge a per mile driven tax on electric vehicles, through either a periodic reading of the odometer, or an electronic device installed on the vehicle to report mileage.
  • a Bill was read into the Washington Senate that would impose a $100 / year tax on electric vehicles (the link is to the latest version.)
What I had missed was that an Oregon legislator had already introduced a Bill about a month earlier to establish a per-mile vehicle use tax (based on either electronic reporting of mileage or location tracking), which you can bypass if you're willing to pay a flat $300 / year fee.  For PHEV (Plugin Hybrid Electric Vehicles, that can either use an engine or an outlet to recharge) owners, the bill apparently allows one to petition the state for a refund of fuel-based road use taxes.

At this point, none of these measures has been passed, though none of them has died yet, either.

Sometimes, I hate to be right.

But the question is raised, which is the more appropriate measure?  There seems to be movement in the direction of both really invasive (mileage reporting) to ridiculously invasive (location tracking) and non-invasive KISS-principle (annual fee tacked on to vehicle registration.)

It seems to me that the cost of more invasive methods outweighs any advantage there may be in equitable allocation of tax burden, though I imagine that the DOT planning gurus would love to have the vehicle transit data. The hitch is that you have to pay to collect and secure a lot of personally identifiable information, and then there's the problems (real or imagined) that may arise from one government agency (the DOT) having information that another government agency (law enforcement) may want, whether there are protections on that information or not.

It seems to me that a not-unreasonable compromise would be a flat fee that factors in vehicle weight, but I'm not a Civil Engineer, so I don't know how well that compares to the wear and tear a given vehicle puts on roads.

UPDATE: Had a really useful and thought-stimulating conversation with Robert Burke of ISO New England who made a very good point about the "gas station model."  In many states there is legislation (or administrative rules) prohibiting the resale of electricity.  It's a good point.  (Thanks, Rob!)

It seems to me that there are a few possibilities to deal with that:
  1. Have the utilities own the recharge facilities, which leaves them dealing with fuel use taxes, possibly for differing jurisdictions, which they may not want to deal with, as I discussed back in February.
  2. Use existing legislation or rules that allow for various kinds of market aggregation, which may need to be tweaked to deal wit PEVs.
  3. Put explicit exceptions to a prohibition against resale of electricity for transportation in the legislation that deals with fuel taxes (perhaps just transferring the collection of those taxes to public recharge facilities.)

The easiest solutions, involving maximum re-use of existing structures and systems, should not be bypassed in favor of different models, just because this thing is called "new."   Particularly where there are already robust systems that deal with the questions at hand.

1 For those inclined to correct me to "handwriting on the wall," I refer you to the origin of the idiom, the Biblical Book of Daniel, Chapter 5.

Monday, May 2, 2011

Why we need to do this...

The following is an early draft of an intended first entry in this blog.  I never posted it, but recent events, both in the industry and in my own life have made it more relevant than when I first wrote it.

This blog is supposed to be about realities, here are some realities about why we need to do Smart Grid, as I understand them:
  • The economy tanking when it did actually did the electric power industry a huge favour. It bought us all a little bit of time. When the economy is really cranking, demand for electricity grows. 
  • Despite the economy diving faster than an SR-71 with both engines flamed out, the demand for power still grew. However, it's been doing it a lot more slowly. 
  • As the economy recovers, electric demand will rise faster than it has been of late, possibly faster than it was rising before. 
  • We have two choices from here. Either do what we've always done; build additional (expensive, fossil-fuel consuming, environmentally difficult) powerplants, or learn to use the grid, different resources, and the powerplants we already have in place, more efficiently. 
That's a lot of what SmartGrid is about, making the most of that second option. A lot of very bright people are trying to make that possible, along with a few "Average Joes" like me. Will it be expensive? Probably. Will it be more expensive than building those powerplants? That depends on how you do the math.

You see, for far to long, we've treated our environment like resources are limitless. By "environment" I don't mean strictly the pure air/tree hugging/save the whales variety, though that's certainly a part of it.  What I mean is the whole socioeconomic engine that's driven in large part by fossil fuels as a source of energy.

We've been treating fossil fuels like like they're infinite, but they aren't. We have a closed system here, and eventually, we're going out run out of stuff to pull out of the ground to do energy conversion with.  That reality is a future cost that hasn't really been factored in historically, so we're starting to pay the price now for having ignored it.

Yes, nuclear power is a possibility, and there are some really intriguing designs out there.  However, getting from intriguing designs to practical application takes time.  Sometimes lots of it.

The longer we keep whistling in the dark about this, the worse things are going to get before they get any better.

I'm no tree-hugger (well, maybe a little bit.) Still, I like to go fast in my car, be comfortable, and have all the power I need whenever I want it at cheap rates as much as the next person, and maybe more than some of you.  However I do know when something is a threat to my children's future, and this is one.

Now we could do this Smart Grid thing very wrong, and end up with a terrible, limited, energy constrained, privacy invaded, society. 

We could also do it very right, and hand our kids and grandkids a better, freer, cleaner and less limited world than we started with.

The difference between the two is likely to be telling each other the truth about what we're doing and why.  Deal with the realities, even when they're ugly, and every once in a while look further ahead than next quarter's (or next year's) financial statements.

Smart Grid lessons from distance running...

A long time ago, I was a competitive distance runner.  Well, I was competitive in the sense that I was in Junior Varsity and Varsity cross-country races in High School, but my competition was pretty much the guys bumping, huffing and puffing in the middle of the pack.

Bill Cosby was a High School Cross Country runner, too.  He defined Cross Country as a sport where you run 10 miles to throw up.  Funny to a non-runner, too true to be all that funny for me.

I never became a great distance runner, but I learned how to stay in the race, endure the tough parts, and finish respectably.  Some of those lessons have analogous lessons in the evolving Smart Grid world.

Lesson 1: Don't be in a hurry.
In every race, there were some who would take off like rabbits.  A few (very few) could pull ahead and stay there for the whole race.  Most of them faded into the middle of the pack, or worse yet, got shelled off the back.

Those who could stay out front had already learned Lesson 2.

Lesson 2: Plan to run the whole race.
A good runner knows what to expect from the course, when and where to push, and when to take it easier and recover a bit.  You only have so much energy to expend, and knowing where and how to expend it, and always keeping some for the end makes the difference between a good run and 10 miles of sheer freaking torture.

Lesson 3: Get better at the hardest stuff.
I am not built like a distance runner.  I had a distance runner's upper body, but a football lineman's legs.  On the flat, any decent runner could outstrip me after a few miles.  My one advantage was hills.  The steeper, and the later in the race, the better.  Nothing takes the heart out of a distance runner like someone hammering smoothly past, up a steep hill, late in the race.  The problem was, there were never enough hills for me to place well, and I never got really good on the flats, but I got better.

Okay, enough of me reliving my gory days (no that isn't a typo, I left the "l" out on purpose), how does this relate to Smart Grid?

Lesson 1: Don't be in a hurry.
I hate to say it, but the ARRA funding wasn't necessarily the best thing for Smart Grid.  Having to get a plan together, be "shovel ready", and spend all the money in a short time frame seems to have given folks a bad case of "starting line fever."  Taking off and getting the lead early isn't necessarily how to do well in a market place that is going to take at least a decade to develop.  Probably closer to 20 years.

I hear the cries of "Sacrilege!", with fingers pointing to the fast-track standards development, and the massive rollouts of Smart Meters in many places.  Well, I'm not the only one saying that the Emperor's naughty bits are showing.

Let's be real.  Where we're talking about changing how we produce, distribute and use energy, we aren't talking a technological change.  In reality, we're talking about a societal change.  Changing a society takes time.  You can hammer through hardware implementations in the grid as fast as you like, and design model tariffs for every scenario, but until the ones making energy usage decisions (i.e. the folks buying appliances, homes and cars, flipping light switches and making decisions about their businesses and commercial buildings) are accustomed to the new paradigm, the new system doesn't exist.

Look at internet services.  The generation of people who dreamed up the technology isn't the generation that built a marketplace around it.  Our kids are more fluent with, and have a more intuitive sense of, the paradigm than most of us old geeks.  The same thing will happen with Smart Grid.  We can theorize, but the market won't really be in play until a generation has grown up with it as normal.

That means my daughter may not really "grok" it, but her kids will.

It's going to be a long run, and being out in front now may mean that you will learn (or maybe are already learning) Lessons 2 and 3 the hard way.

Lesson 2: Plan to run the whole race.
This is really an extension of Lesson 1.  The fact is, we don't know the course yet, and early lock-in of a race plan is a risky idea.  Whether you're a systems vendor, a utility, or a consumer, be careful.  Plan for change.  If the profitability of a decision is dependent on a kickback, rebate, tax break or other incentive that doesn't naturally occur in the marketplace, don't bet the race on it.  It may not be there later.

Some companies are learning this the hard way right now.  They put a pile of money into systems that support (or mostly support) what has already been deemed a "legacy" standard, and isn't able to do what is being asked of it today, let alone tomorrow.

If you're one of those companies, you know what I'm talking about.  That next hill is going to hurt...

Lesson 3: Get better at the hardest stuff.
Lets face it, folks.  Utilities are good at engineering.  Really good.  They have had to be for a long time.  Many (though not all) of them have gotten pretty good at dealing with regulators as well.

What they aren't good at (for the most part) is dealing with customers as "customers" instead of "ratepayers."

What's the difference?
  • A ratepayer is someone who pays a tariffed rate for something that you (and only you) provide, on terms that are set in the tariff.  
  • A customer is someone who you have to convince should spend their hard earned dollars on your service.
Even if a utility doesn't face competition per se it needs to start treating customers like customers and not ratepayers.

Making good on the promise of Smart Grid over the long haul will require both honesty and trust.  Utility service is moving away from "We provide it, you pay for it" towards a collaboration.  In a smart-grid world, customer-owned devices will be providing energy services, and customers will expect fair compensation for that.  Utilities will command and control less, and act more as a conductor in an orchestra than a drill sergeant.  That requires a greater degree of trust.

Utilities with "ratepayers" don't trust, and are rarely trusted.  Utilities with "customers" are actively engaged in the process of earning their customer's trust.

One other thing I learned.  There are lots of ways to "play dirty" in the middle of the pack to get an advantage.  The advantage is temporary.  The pack remembers, and a runner who uses those tricks will end up paying the price, maybe not today's race, maybe not tomorrow's, but soon and for the rest of the season.*

* With apologies to Casablanca fans everywhere...

Friday, March 18, 2011

Right Idea, Wrong Platform...

Okay, I can't help sharing this.  A quick search on Facebook reveals that there are 3 different groups there with concerns about Smart Meter data privacy.  One of them is completely open.

Really?  Are you sure you want to use Facebook to build your privacy advocacy group?

I mean, I understand about privacy concerns, that's why I'm involved in the privacy work on Smart Grid (among other areas.)  Addressing those concerns is critical.  I've said so elsewhere.

But if you are really a privacy advocate getting those concerns addressed means rolling up your sleeves, and helping with the real business discussions where standards and business practices are being established, not flapping around Facebook with a bucketful of speculation and little credibility. 

(Sorry, but using a platform created by the guy who called people who "trust me" "Dumb ****s" does not enhance one's credibility as a privacy expert.)

Really, those of us working on this stuff could use some help.  All we ask is that you come willing to do two things;
  • listen to what is already being done to resolve the potential problem, and 
  • help us do it better.

Thursday, March 3, 2011

Smart Grid Security East, Day 2

Still getting caught up on e-mails after Smart Grid Security East.  I was hoping to update things from the conference site, but with moderating two panels and networking, I got behind the curve.

So not as much from the second day, but I'll update this as I get a chance to review the conference session videos.

Panel of Security Solutions Vendors
Interesting comments: Most threats are insiders. 
(I'm not sure about that, but clearly most successful attacks are insider.  One defence against both insider and outsider threats:  Before executing a command, the system needs to ask "Does the command make sense?")

Interesting to hear security vendors name the meter manufacturers they're working with. Who's not on the “we're secure” list?

You may have an interoperability standard, but without the ability to enforce interoperability, you don't have anything. It becomes interoperability in theory only.

At one point, commenting on how long the standards process takes (and it is admittedly a long painful process), Mike Ahmadi compared the standards process to the food service industry, noting that food service is all about “there are people here, make food now.”   

Based on that comparison, I'd say that the Smart Grid standards process is the Iron Chef of standards processes;
  • There's not enough time,
  • You don't know what you'll have to work with, and
  • When you're done, people who weren't involved in the process will judge the result.

A great comment from Annabelle Lee's keynote: "If you're not failing, you aren't doing R&D."

From the DOE, FERC, NERC Panel on the Energy Grid Risk Management Process
William J.Hunteman of DOE commented that the goal is the development of a 
risk management process, not a risk management “howto.”  He also commented on the need for a greater utility representation.

As I said, more later after I've had a chance to catch up on the video from parts I missed.

All in all, this was an outstanding conference, with the top people in the field discussing how they see the world of Smart Grid Security.  

We need more conferences like this.

Will Smart Grid need a Carterfone decision?

Anybody remember the days before the AT&T breakup?

How about the days (before that) when you had to lease a special "protective device" from MaBell if you were going to hook up something?  Or the time before that when you just plain couldn't get anything but Ma Bell equipment?

Just a bit over 42 years ago, the FCC told the phone companies that they couldn't have absolute control of what got hooked to their network, and set standards for what could be hooked to the phone network.  While it still took a while to bear fruit, that was the beginning of the process that got us to the anywhere / anytime connectivity that we have generally gotten used to.

While some very talented people have been working hard at interoperability, I hear a lot of talk (and have read a few use cases) that indicate that at least some parties think that if the utility doesn't exercise control over the devices on the customer side of the meter, there is a threat to the reliability of the grid.

Think about that for just a hot second.  The existing grid doesn't need that kind of control of end-user devices, so why should a more intelligent and adaptable grid need it?

Now, I can see an argument for direct control of customer owned generation and storage, perhaps.  I can also see ways that it seems to me the same job could be done without it, and I suspect that if we don't design in that kind of flexibility now, it will be required of the grid later, and require some expen$ive re-engineering.

I invite comment and thought...

Tuesday, March 1, 2011

Thoughts from Smart Grid Security East

Thoughts from Smart Grid Security East...
Note: I'm not naming names here, because (a) some of these honest comments could get people in trouble back in the office, (b) I recognize that these comments are out-of context and paraphrased, and the speaker might not have meant exactly what I heard.  
(My opinions are in italics.)

An interesting observation from a meter vendor:
Security is starting to come from meter vendors because their customers (the utilities) are insisting on it.  It is a market-driven commercial need.

His advice to consumers who are concerned about security and privacy:
  • Ignore the 'tinfoil hat brigade' in Marin County. Do your own research.
  • Ask the tough questions of your utility, and / or your PUC:
    • What data is the company gathering?
    • How long will they retain it?
    • How will they protect it?
    • Who else gets it, why and under what conditions?
 In my opinion, this will only increase as PUCs get up to speed on security and start demanding it of utilities.  PUCs, ask your utilities these questions.

The utilities need a financial reason to spend the money on security and privacy.  There is a need to educate the business professionals about the need for security. From a business standpoint, by itself, security is a negative ROI item.  You can spend money on it, and have no ROI.  In fact, if you do it right, you'll never have any ROI on it, because the ROI impact of security is a negative ROI for not doing it.
Other interesting comments overheard:

One software company rep claimed to have achieved "absolute development security."  Move over IBM and Watson.  Heck with artificial intelligence, these guys have developed artificial omniscience.

If you're interested in a good analysis of insider threats, Google the Verizon insider threat study.  (This from a former Secret Service agent.)

(From a equipment supplier) We do security testing on our competitor's products, but we don't keep our findings secret.  We call or e-mail them if we find anything.  It does me no good to hide the results of my testing on my competitor's equipment from my competitor. If I try to screw him, I screw myself.

(From another supplier on the same panel)  In other industries (finance, for example) there is a common association for sharing vulnerabilities and certification processes. That needs to be done for Smart Grid. It is happening to some extent organically, but it needs to happen intentionally.

Equipment vendors are doing what they can, but the buyers need to be held accountable for secure implementations. True in part, but the buyers are dependent on the vendors to tell them how to secure the implementations.  The components have to be secure, but so do the combinations of components, and the operations and systems they interact with.

The problem of long lifespans of security-related equipment.  The ability to upgrade field equipment remotely is critical.  For example, in residential meters, a truck roll to upgrade a meter may cost more than the device.

The appliance vendors still may not have come completely to terms with the need for a software upgrade path.   How do you upgrade a refrigerator's firmware?  Appliance upgrades are not likely to be allowed to come through the Utility AMI network. 

Meter vendors have to treat whatever is on the customer side as inherently hostile. They do not know whether the equipment is currently patched, so they must limit what data can come from the customer side of the meter to that which is absolutely necessary.

From a security standpoint, passing “content” (consumer information, appliance firmware or consumer instructions) either way over a “control” network is a bad idea, particularly if equipment on the customer side of the meter is passing commands to (or through) the meter.  It creates too much opportunity for an attack vector.
This makes “prices to devices” a far more viable option from a security standpoint.  For example, if;
  • the utility broadcasts pricing information to the customer and/or the customer's equipment (via the AMI network, or through another channel), 
  • equipment on the customer side responds to that pricing information without discrete commands from the utility and
  • the utility simply reads the meter as needed,
the result is an "air gapped" communications system.  Far more secure for the utility and the customer.

All in all, a very interesting conference, and I was only there for half the day today (the morning was spent in travel mode.)
More to come tomorrow...

Monday, February 14, 2011

Oh, give me a home where the PEVs roam...(?)

There has been a lot of discussion about Plugin Electric Vehicle (PEV) "roaming" in various contexts.  For those not familiar with the term, PEV "roaming" is like cellular phone roaming.
  • With a cell phone, if you take or make a call outside of your cellular carrier's service territory, the carrier who handles the call bills your carrier, who bills you, and the call gets charged back to your home (or business) cellular phone bill.
  • With a PEV, you recharge your PEV outside of your local distribution company's service territory, that distribution company bills your distribution company, and it gets charged back to your home (or business) electricity bill.
Roaming makes sense for cell phones, but I'm not sure it makes sense for PEVs.

Phone companies have had an infrastructure all along that provides for one carrier billing another for service provided to end users (i.e. intercarrier compensation.)  That doesn't mean that it works without problems.  The FCC has been wrestling with intercarrier compensation problems for about a decade, and still hasn't found a universal solution.  For that matter, ask any telco exec about access charges and "traffic pumping" sometime if you want a real earful.  However, at least there is a business case and infrastructure for doing it.

Electric utilities have never had or needed kind of infrastructure.  I'm not sure there's a business case for developing it for PEVs, either.

Let's take one aspect of transportation costs for an example of the problem; taxes on transportation fuels.

Right now, gasoline is taxed at a rate of $0.18 / gallon at the federal level, and between zero and $0.461 / gallon at the state level.  That is just the excise tax on fuel.  Some states charge sales tax on top of that.

In most States, most of that money goes to fund the Department of Transportation (around 60% of the Federal portion goes to the USDOT.)  In some states, it is the vast majority of the money that goes to build and maintain roads.  As electric vehicles increase in market penetration, that tax revenue will dry up.  It won't take long for the various states to start taxing electricity when used as a "motor fuel."  I imagine that it isn't happening now only because (a) there is a desire to encourage initial PEV adoption, and (b) the revenue impact of PEVs hasn't been felt yet.

Right now, these taxes on gasoline are paid along with the fuel, in a "pay at the pump" situation.  It's a fairly efficient and equitable way to collect taxes to support road use, since presumably one drives the roads in the locality where you purchase fuel, at least most of the time.  If PEV recharge stations operate on the same "pay at the pump" concept (you pay whatever the local rate is for a recharge wherever you're recharging, when you're recharging) the transaction is fairly simple, and the taxes continue to get collected in pretty much the same manner.

Now if the Utility is billing for customer "roaming" recharges, they'll have to rework their backoffice systems to handle taxing "motor electricity" and remitting to the correct authority.  That's fairly straightforward, even trivial, in a "pay at the pump" scenario.  The customer swipes a credit card at the recharge station, and the credit card charge includes the taxes in effect at that recharge station.  If the corner 7/11 can do it with gasoline, I gotta figure a utility can do it with watts.

Are Utilities additionally going to rework their back office systems to handle;

  • different tax rates, depending on the state (or even locality) in which a PEV is charged,
  • billing for, tracking and remitting the taxes to the appropriate State,
  • tracking and remitting to the Feds their portion,
  • dealing with the inevitable errors and exceptions,

just so they can do PEV roaming?

I'd love to be listening in as a customer service rep tries to help a customer understand their electric bill after Grandma and Grandpa make a cross country trip to see the kids.  That's another aspect, Customers are accustomed to paying for transportation fuel where they "fuel up".

What happens if localities jump on the bandwagon?  City transportation departments are cash-strapped, and while people are screaming over fuel prices already, having something new to tax gives a great opportunity to "bury" the tax.

All of that gets avoided in a "pay at the pump" scenario.

"Ah," I hear you saying, "but what happens when I recharge at a friend's house?"  Uh, you settle up with your friend, on whatever basis you and your friend choose.  That's no different than a million other "6-pack" transactions that happen every day.  Last week I repaired a friend's PC and charged him a cup of coffee.  Does AEP want to get involved, just because electricity was involved?

Fuel taxes are only the beginning.  Privacy and data security issues (with all that those entail) get rather simpler in a "pay at the pump" scenario as well.

Could these problems be resolved?  Probably.

With an existing, simple, and customer friendly business model, and no compelling reason to open that can of worms, should we?

(Postscript: I reworded one sentence because, frankly, what I wrote wasn't what I meant.)
(Postscript 2: Since posting this missive, I have heard that California is requiring utilities to do the very "excise tax on motor electricity" that I describe here.  I haven't been able to confirm that, yet.)

Friday, February 11, 2011

Security lessons from the Financial world...

I'm getting caught up on some reading that I set aside until I had a gap.  Once again, an InfoWorld columnist has pointed out an IT security threat that can affect the SmartGrid.  In a nutshell, Bill Snyder (whose column is on the financial side of IT) points out that a sufficiently clever hacker could manipulate the financial markets, particularly the ultrafast transactions in high-frequency trading networks, in a way that would be exceedingly difficult to trace.

Our anti-hero wouldn't send a bogus transaction, pretend to be someone else, or any of the usual schemes.  All (s)he would have to do is diddle with network latency.  In some (nay, many) financial markets the phrase "seconds count" is outdated.  In these markets transactions delayed by milliseconds can make a difference of millions of dollars in the value of a transaction.  You don't have to take my word for it, since Bill Snyder points to both a cPacket Networks whitepaper and a previous InfoWorld Column that discusses an article in Physics Review E that suggests that the location of financial datacenters should take into account the latency that distance adds to speed-of-light communications.

The latter paper (titled "Relativistic statistical arbitrage") reads like what you would expect at the conjunction of physics, mathematics and economics, containing phrases like "Such slowing or stopping of the propagation of pricing information due to arbitrage is somewhat analogous to the refraction and  scattering of light by a dielectric medium, but novel in an econophysical context."

It's a dense read. It's also bleeping brilliant, and potentially deeply frightening.

Okay, so what does that mean for the SmartGrid world?  Ask any power engineer about what effect a few milliseconds change in latency lag would have on frequency regulation, particularly in an "event" scenario.  I'm not that imaginative, but I can see some clever soul with an ax to grind, a point to make, or a bundle of cash to make, playing "crack the whip" with spinning reserve.


For that matter, some enterprising soul could make a bundle in our bulk energy markets, if the transactions get dense enough.

Once again, security is not a product feature, it's a business mindset.

Tuesday, January 4, 2011

Doing security right...

I just finished reading a column by Rodger Grimes at InfoWorld, and two paragraphs really jumped out at me:
Instead of creating one or two porous boundaries, you need to create fine-grained security domain isolation. If workstations don't need to talk to other workstations, don't let them. Most servers don't talk to every other server. Don't let them. Most admins don't need to connect to every server -- so don't let them.

To build your defense, diagram all the legitimate network traffic connections and block the rest, using access control lists, routers, firewalls, proxies, IPSec, and whatever else you can use. It should always be this way.
This is a real thought-provoking idea for those of us who have thought at any length about security in the electric grid.  For a large part, the security of the grid has historically been about making sure that everyone who touches the grid in a way to affect reliability knew exactly what (s)he was doing, and keeping anybody else away from the big red (and green and blue) buttons. 

For a lot of reasons, that model may not work in today's world, let alone in tomorrow's.
  • The workforce is changing, and a lot of old grey heads who've spent their careers in these systems are leaving to be replaced by younger people who don't expect to be in a job for more than a few years.  The "disgruntled insider" is a greater thereat than in the past.
  • Systems are increasingly being attacked from the outside, and the first thing an attacking outsider seeks to do is become a privileged "insider".  
  • Systems are becoming more complex, and they started out pretty complex.  Greater complexity means human error becomes more likely, and more likely to be problematic.
Limiting what even privileged insiders (whether people or systems) can do is one of the most effective ways to stop a security-related problem, or limit the damage that can be done.

I would add two more thoughts to Rodger's ideas here:
  • Even when you trust, verify.  Any action that could be damaging to the system if it is wrong needs to be checked before execution.  Does this instruction/decision/command make sense right now? 
  • Tripwire everything.  Any attempt to take action outside of those specifically permitted should raise an alarm, as should permitted instructions beyond certain boundaries.  
Sending a disconnect command to one meter should be checked before execution for obvious reasons, like not pissing off a customer needlessly.

Sending disconnect commands to, for example, 10,000 meters in rapid succession should be either impossible, or flat halted if it's tried.

This is going to mean that each party participating in the grid is going to have to do this kind of "who-needs-access-to-what" analysis.

Security isn't a feature, it's a business mindset.