Service Based Security

Power Lineman Working Boots and Headgear
Shiuly Kisku's picture
Senior Consultant Wipro Technologies

Shiuly Kisku has been responsible for generating Proof of Concepts in areas of Smart Grid. A specialist at Wipro's Smart Grid Center of Excellence, Shiuly has been involved in hedging and...

  • Member since 2014
  • 1 items added with 5,605 views
  • Jan 15, 2015
A classic case of power shift from an autocracy to a democracy; the story of the Utility transformation may be just that. Ever since de-regulation, reliable power delivery now exists beyond the physical boundaries of power plants, substations, network operating houses, leaving more vulnerable ends open; hence, there's a surge to find ways safeguard assets while providing the new age services. But the most important point to gauge here is not the kinds of security threats that could exist in the future, instead, the future utility assets/specialized services that would be available in a specific geography/demography; services that are synonymous to a utility. Any meandering thoughts on utility service branding?

Essentially, the typical services of any power utility are to an extent generic in nature; however, in the world of specialized services, where the core services of a utility may be redefined, there will be a need to identify and guard the core. For e.g., in populous cities, like Tokyo, Sao Paulo, Delhi or New York, where both proactive and reactive management of utilities assets, say smart meters need to be super indexed, a service addressing this would be a core service. Or say, in traffic congested cities like Brussels, Los Angeles, London or Paris, where, with a hoard of electric vehicles on the roads, one of the core services that future utilities would need to provide must be the charging point management of these vehicles.

Some of the utilities may also hold these customers' social conversations, despite of not being in their closed social circle. So, not only the end points of these services but also the related end to end data management services, evidently need to be secured. Most importantly, the responsibility for security of the communication plane would need to be clearly defined between the service providers and utilities.

With promising Big Data analyzers, soon, algorithms will be employed for a more controlled phase distribution. Consequentially, in terms of OT landscape, the asset security has to call for concrete SCADA and PMU security sooner than later.

The below areas might seem as probable specialized service areas and one or more of these components will, in future, serve as the core of the utility services:

1. Small commercial and Industrial units' SMART services
2. PHEV charging & parking
3. Utility social portals
4. Regulatory Analytics
5. Retail portals using SMART services/transactions, for e.g. renewable energy certificates or smart energy pool certificates etc.

This protocol may be implemented with security frameworks already at disposal, like the AICAAA that uses the following checkpoints:

1. Access Control
2. Authentication
3. Confidentiality
4. Integrity
5. Availability
6. Accountability

However, a crucial factor for success would still have to be a thought through disaster recovery and healing module, should a security failure occur. And, this module can be planned and established with ease according to the criticality of the specialized services. Since the specialized services would use dedicated or partitioned infrastructure and tools, it's needless to speak that this approach will guard a single layer from being wholly affected by an attack.

What is your take on service based security?

Shiuly Kisku's picture
Thank Shiuly for the Post!
Energy Central contributors share their experience and insights for the benefit of other Members (like you). Please show them your appreciation by leaving a comment, 'liking' this post, or following this Member.
More posts from this member
Spell checking: Press the CTRL or COMMAND key then click on the underlined misspelled word.

No discussions yet. Start a discussion below.

Get Published - Build a Following

The Energy Central Power Industry Network is based on one core idea - power industry professionals helping each other and advancing the industry by sharing and learning from each other.

If you have an experience or insight to share or have learned something from a conference or seminar, your peers and colleagues on Energy Central want to hear about it. It's also easy to share a link to an article you've liked or an industry resource that you think would be helpful.

                 Learn more about posting on Energy Central »