As I was catching up on email that accumulated during my travels last week, I ran across two items highlighting the contrast between the shining potential of the emerging "smart grid" for energy and its darker, more dangerous side. In his keynote address at the first annual GridWise Global Forum, IBM's CEO Samuel J. Palmisano described the vision and opportunity of a closely interconnected, highly efficient global energy system, while the unfolding story of the Stuxnet computer worm infecting the control system of Iran's Bushehr nuclear reactor and other facilities serves as a chilling reminder of the vulnerabilities that will likely accompany this revolution. That doesn't justify clinging to our un-networked past, but it certainly strikes a cautionary note, as Mr. Palmisano himself pointed out.
Last week was a big one for energy conferences. I skipped both the GridWise session in D.C. and MIT's annual Emerging Technologies Conference to attend IHS Herold's Pacesetters Energy Conference. I'll share some of my insights and observations from the latter in the weeks ahead, but for now I recommend Mr. Palmisano's GridWise speech as a good overview of the characteristics of a truly smart energy system and the ways in which our present energy sources and distribution networks fall short of constituting a well-functioning system. Without being Pollyannish, it presents a more positive outlook than the widely-quoted comment from the same conference by GE's CEO Jeffrey Immelt, concerning US energy policy, "It's just stupid what we have here today."
Yet while most of Mr. Palmisano's remarks focused on the inevitability and benefits of knitting together and adding intelligence to regional, national and global energy infrastructure and markets (and other key systems) he also had this to say about the security concerns this would create: "And when it comes to security--the technology is robust, but as the world's infrastructure becomes networked and interconnected, the exposures multiply exponentially. How vulnerable is the world's essential infrastructure? Are our electric grids only going to be as secure as a website? If we don't come together to forge a new policy framework that protects the individual's privacy and the community's and nation's security, people may say 'stop.' And they should."
I don't know if he had intrusions like Stuxnet in mind. I also suspect it's going to take a lot more than a new policy framework to prevent governments, organized crime and random hackers from exploiting the inevitable security gaps in the smart grid and other smart infrastructure to cause mayhem. Having treated the nefarious work of spammers and hackers as more of a costly annoyance than an intolerable violation--when all that was at stake was personal and financial data--will we be as cavalier about similar risks to our physical safety and security? Or does the rise of the smart grid portend a great "hacker crackdown", to use the title of a classic book on the hacker subculture?
Much of the speculation about the sophisticated Stuxnet exploit, which apparently targets a particular kind of industrial process control hardware and software, suggests that it took the capabilities of a government to develop. However, if we've learned anything from the last couple of decades of computing advances, it's that anything a government can do today in this field a smart, motivated individual can do in the not-so-distant future, particularly once he knows it can be done; it's an irresistible challenge for some. Ubiquitous computer viruses today, endemic power plant and refinery viruses tomorrow?
I agree with Mr. Palmisano concerning both the inevitability of smart grid development and the risk that security concerns or actual events could halt this shift in its tracks. As we call on the grid--or more accurately, grids--to handle rapidly increasing numbers of distributed power sources, particularly intermittent ones like wind and solar power, and as customers demand more choices and more control over their energy usage, the old un-smart grid will soon cease to be up to the task. However, we're already seeing pushback against smart meters in some areas, without any concrete evidence of misuse of consumer data or other harm. Imagine what this would look like if the smart grid had to reboot as often as your PC or periodically became infected with malware that shut down parts of it for hours or days. I know that the companies and agencies involved in the smart grid are working hard on solutions to these challenges; however, I'm just as sure that it's going to require a completely different approach than the one we've employed for dealing with computer security, with operating system and anti-virus providers seemingly always one step behind the bad guys.