I had the good fortune to interview Charles “Chuck” Speicher, Jr. while interviewing executives for the 2015 Internet of Things Research Guide.
Chuck is an invaluable resource and fount of knowledge, having focused the last five years of his career on the security of the U.S. power grid. Chuck is the founder of the Security Fabric Alliance and the chief marketing officer of Agile Fractal Grid Corporation. He’s also is one of the shepherds leading an effort to solve the most complex problem on the planet – securing the infrastructure of the power grid.
You may already know the U.S. energy grid is composed of three distinct grids:
ERCOT Connection (Texas)
I’ll bet you didn’t know the electric grid infrastructure is cyber-attacked 25,000 times a day -- fortunately (for now) with little success. However, the risk is very high that the grid will sustain a significant attack in the future.
These three grids provide all of the electricity consumed in the U.S., but only 60% of the electricity that is produced by the power-generation portion of the grid actually reaches customers, thanks to the limitations of copper wire, phase angle, and frequency, which cannot be optimized due to the nature of the physics of the grid.
Where the Grid Most Needs Improvement
The grid is inefficient and not as secure as it could be. Chuck, with many others, is researching and improving the efficiency of the grid, focusing on the following key technical areas of improvement:
building an Internet that you can trust
advanced VAR control and solid state power electronics
real big data capabilities
high performance communications.
Obviously this will take some time to accomplish, but nonetheless the industry must start and start right now.
Standardizing the Solution: the Security Fabric Reference Architecture
The Security Fabric Reference Architecture is being promoted as an open standard. The Security Fabric Alliance focuses on “secure communication between devices” because the only good security is end-to-end! The emerging industrial internet must follow the same path. The good news is: the Industrial internet is, for the most part, a blank canvas.
The SFA proposes protecting our electric grid infrastructure with a system of systems – a micro-grid-as-a-service, if you will, that will allow the vision of Craig Miller, Chief Scientist at the COOP Research Network -- the “Agile Fractal Grid” -- to become reality.
Just like the energy interconnections, all of our cities, military bases, federal and state governments and all modes of transportation are under attack. If a hacker finds the right weakness, any one of them can be paralyzed.
The Power Grid Needs Real-Time Threat Response
Security as we know it today will not solve the problem. The paradigm of security must change to be forward looking because hackers have real-time tools. Everything we have in place today is based on historical databases, not real-time systems. That’s why it took a year to find the OMB hack.
We need to start with the assumption that we will be hacked, and we must have the management capability to mitigate the risks as quickly as possible. For example, we need real-time tools to “island” the hacked device and nurse it back to health or replace it.
Where do these tools get their data? Real-time devices like sensors and controllers. The maxim: create a moving target to avoid the fool's errand of plugging thousands of holes in thousands of networks. Actively promote the use of real-time monitoring devices.
Start anywhere. There a huge gaps in knowledge, resources, tools, software, hardware – all the elements needed to create a moving target and understand how new devices will work in a legacy environment.
The Role of Developers in Building the Agile Fractal Grid
We need a community of practitioners with real tools and technologies to create these moving targets. Ultimately, we’ll build a system of systems that will overlay the entire grid.
Ultimately we’ll have millions of micro grids, each one capable of being "islanded," thereby reducing the chance that the entire grid being taken down by a hacker. Once we’ve protected the existing energy grid, we can apply the same concept to protecting all other forms of energy, infrastructure, governments, military and enterprises.
It’s critical to build a community of practice for developers to see how it all works. The community will generate more ideas on things we can do to improve security creating context and shaping ideas for the next project.
The takeaway: design security into your products upfront, rather than making security an afterthought. Security needs to be an real engineering discipline if we are to defeat our enemies.