This article is more than 1 year old

Existing security standards are fine for IoT gizmos in electrical grids

Why are you screaming and tearing your hair out?

IoT World Congress Putting Internet of Things sensors into electricity distribution grids works just fine - and security is catered for by existing broad standards, Luc Hossenlopp, CTO of Schneider Electric’s energy division, told the Internet of Things World Congress today.

Addressing a packed auditorium at the Fira de Barcelona conference centre, Hossenlopp gave some carefully picked real-world examples of where IoT is said to be making a positive difference to electricity distribution networks.

Along the way he did address the ever-present question of cyber security, albeit briefly - and one wonders whether enough has really been done in the area.

“Smart meter systems are connecting millions of points in our distribution management system. In our major management system we collect, for a single utility, millions of points. We are doing IoT since years,” said the Frenchman.

Despite all the recent fuss around consumer-grade IoT networks being hijacked to form botnets that can be used for taking down internet DNS servers, Hossenlopp is right: industrial IoT, better known as M2M (machine-to-machine communications), has been a (quiet) part of everyday life for years.

Electricity grids in particular are an area where standardisation is absolutely critical, Hossenlopp argued.

“This business is very much regulated but there are lots of standards because interoperability is a must,” he said, referring to the International Electrotechnical Commission (IEC)’s TC57 working group, whose existence dates back to 1967.

We’ve had the juice, now show us the meat

On the technical engineering side, that’s all well and good - but what about the increasingly critical area of security for all these sensors he proposes to install on low- and medium-voltage grids’ switches and substations?

He referred briefly to IEC 62351 - “a series of very heavy standards”, in Hossenlopp’s words - which is the overarching protocol for integrating security into the TC57-set standards. It covers everything from TCP/IP to MMS messages to secure VPN tunnels and even XML.

Extolling the virtues of “new mobile applications” that could be used to remotely manage medium- and low-voltage electrical substations, Hossenlopp set out his vision, where technicians can use their phones to “communicate directly with the [substation control] panel or through the cloud to get to panels that are not present within the substation,” raising the notion of future power grids being operated and maintained by technicians potentially using their own personal devices, looking at how BYOD is used primarily to cut costs today.

Fear not, though: according to Hossenlopp, “we are introducing dedicated devices within the substation to enhance the cybersecurity that we find.” This could mean some kind of local firewall-type box.

The benefits of all this are the usual “maintenance efficiencies”, and in particular the ability to generate and remotely access document sets stretching from a transformer’s installation and commissioning tests right through to precise details of its last maintenance period before it fails, for example.

A very real benefit is safety. Allowing high voltage sub-station switches to be operated by a technician tapping his phone rather than throwing a traditional lever on site has obvious benefits once you see what can go wrong.

As for security, the lack of evidence (in public, at any rate) of any malicious fiddling with electrical grids suggests that existing security standards are adequate, for now. While the benefits of increasing time between scheduled maintenance periods thanks to getting ever more detailed information from IoT-enabled electrical grid components is an obvious lure, we must hope that the architects of power grids of the future stick religiously to their security principles. ®

More about

TIP US OFF

Send us news


Other stories you might like