Some discussions I’ve had in the last week about cyber-security and the smart grid have made me think back to the issues that caused us to build the Enterprise Building Management System (EBMS) at the University of North Carolina. Building systems and the distributions systems of the grid use the walled garden model of security which is not very secure and that prevents effective interaction between these systems and other applications.

[an error occurred while processing this directive]

[an error occurred while processing this directive]

SCADA security, often called cyber-security when talking of the smart grid, is one of the areas where not only the answers are difficult, but often selecting the right questions is difficult. Supervisory Control And Data Acquisition (SCADA) refers to the on-line, computer-based monitoring and control of process from a central site. SCADA, which puts little intelligence into the distributed points, is still the primary model used for building systems and for utility distribution systems, including the telemetry and operation of today’s dumb grid.

The SCADA model of systems architecture was appropriate when we were building monolithic systems using the very expensive minicomputer and networking was in its infancy. This led to the then obvious decision that the system has exactly one controller. Two systems sharing data was an unacceptable hindrance and bottleneck on process control. Large monolithic systems are expensive to install, expensive to update, impossible to partially upgrade, and do not imagine a need for inter-component security, any more than I imagine security between my arm and my leg.

Every integration between two systems under the SCADA model is detail oriented. It requires exposure of every detail, no matter how unimportant. These extra details are a barrier to interoperability.

Distributed inexpensive systems are the rule in IT today. Systems with full security and mutual authentication between every node are still orders of magnitude faster and cheaper than the old systems. Communications are orders of magnitude faster. Almost all of the constraints about how things needed to be done are now no longer true.

For too many control systems, the old models still apply. Nearly every vendor in building systems prices an enterprise controller so that the customer will buy only one, and that one talks to all. Integrations are excruciatingly slow. The vendor, knowing he will only sell a few of these, prices them accordingly.

Before we built our Enterprise Building Management System (EBMS), we had multiple conversations with BAS vendors about installing multiple enterprise controllers rather than one. The incremental cost of the bits would have cost them nothing. I understand their need to get, say, a quarter million dollars per site. I just wanted my site to consist of 20 peers rather than a single master. They believed that 20 peers should cost 20 times a single system for the site. This was a marketing decision, not a technical decision, and it was a bad one.

We went to a distributed approach for EBMS, something that looks nothing like the approaches of traditional building systems and of SCADA. I can now upgrade parts of the infrastructure by replacing a single autonomous system agent in a single location. The deep intimacy that old integrations required is gone, and the reliability and resilience of the system is improved. This means it is possible for me to roll out incremental security fixes, or even system agents from a different platform, without spending years and re-training all.

[an error occurred while processing this directive] I’ve heard a lot of scary, scary things when discussing SCADA. “Our system is so large and complex you may not comment on it until you have studied it for years” (So your system would fail if key plant engineers got hit by a bus going to a birthday lunch. That is yet another security problem). “Our system is so exceptional that it cannot share account management with the corporate HR systems.” (So the business process to turn off remote access to these systems is too convoluted to occur in a timely manner). Recently, I have listened as SCADA engineers have railed against security researchers who expose security holes. “Our system is so unwieldy that we cannot respond to identified security holes in a timely manner.” This attitude is dangerous for smart buildings and for the smart grid.

Security is about being able to do the right thing at the right time when requested by the right person. Denying access is just the most trivial part of that. Security is knowing whether to trust inputs received from others. Security is self detection of configuration changes, i.e., awareness of system integrity. Until smart buildings and the smart grid come to this fuller awareness of security, they will be too immature to interact.

Future buildings using new energy will have many more types of systems than buildings do today. There will be systems for energy generation, energy recycling, and energy conversion. The systems that we have today will be able to report and negotiate up to the minute energy use and needs. We will want to choreograph them and the business with the signals from the net. This will require that these systems grow up to the mature security models used in enterprise systems.

As building systems join the internet of things, they will need to begin using real security. To become peers in the Energynet, they will need to hide their details and understand their context. They must move beyond the simple security models used in today’s building systems.

[an error occurred while processing this directive]
[Click Banner To Learn More]

[Home Page]  [The Automator]  [About]  [Subscribe ]  [Contact Us]