The Defense: Raising the Bar on Security

The Defense: Raising the Bar on Security

January 08, 2010

Christine Richards
Editor-In-Chief
Intelligent Utility Magazine

Oncor is building intelligence across its network -- from synchrophasors on its transmission networks to advanced metering on homes and businesses. Mark Carpenter, Oncor's vice president and CIO, noted that the utility's smart grid "is not any one thing, but is essentially spreading intelligent devices throughout the utility system, building a communications network to support these devices, bringing the data back and converting it into useful information."

A smarter grid will bring Oncor numerous benefits, but it will also create security challenges. "Unfortunately, we have some very smart, innovative, creative people who want to cause mayhem," said Jim Greer, Oncor's senior vice president of asset management and engineering. During a recent interview with Intelligent Utility, Carpenter and Greer discussed how Oncor secures its increasingly intelligent grid.

Building on Past Experience

"We recognize that Oncor is starting out with a very secure platform," Greer said. "We're wrapping the new advanced metering system with the same protective layers used to secure our transmission grid management system. At the same time, we're adding additional layers of security, control mechanisms and risk mitigation to address newly exposed security risks. The advanced metering system is not just another business management or business information system. It's really in a different category. The system requires data network security, firewalls and penetration testing.

"But security -- whether it's in utilities, banking or another industry -- is never going to be good enough. Therefore, it's essential to always be on guard. Oncor is constantly monitoring, testing and moving to the next level. Our vendors are clearly prepared. We're participating in standards development and helping shape that outcome. We understand and recognize that it's never going to be good enough and we keep moving the bar up."

Balancing Physical + Cyber Security

With respect to key components of a smarter grid, Carpenter addressed physical security and cyber security for communications networks, meters and home energy devices. First, he explained some protective measures for communications infrastructure. One example of physical security is leveraging the existing security of substations. Oncor places some of its communications infrastructure in substations, "partly because of the additional security that we get. Although we have functional security, we don't want a bad guy to be able to get into a communications box. We'll be able to tell if he gets into a box, but he is first going to have to go over a fence."

So what about the physical security on the meters? "We continue to work on physical security. In areas where meter theft or moving meters around is common, Oncor installs brackets that make it a lot more difficult to steal meters. Potential thieves have to break locked physical barriers.

"In the future, software will let us know about theft. When somebody steals an advanced meter and puts it somewhere else, we will know it."

PowerPoint Security?

Carpenter also talked about a recent PowerPoint slide deck. "Recently, I reformatted a presentation. The reason I did was for security because it had some information that I wouldn't want to get into the wrong hands. We're very conscious about cyber security, physical security and information security. Therefore, in a presentation, I may show something, such as a map, but I may have to adjust the map so people don't get too much information."

At the end of the day, "We've got to have better defense than they have offense," said Carpenter. "We will never make something totally impenetrable. Security is something we continue to make great strides in improving because the bad guys have made great strides in what they do. We're always going to have to stay a step ahead."