1 SmartGrid Implications of Cloud Computing New Technology in the Utility Environment
PG&E Territory Characteristics 70,000 square miles of diverse topography Approximately 20,000 employees Energy Services to approximately 15 million people Over 9 million SmartMeters (Electric & Gas) 1,008,186 Transformers 6,833 MW of Generation 18,616 miles of electric transmission circuits 120,000 miles of electric distribution circuits Regulated by the California Public Utilities Commission (CPUC) 2
The Cloud Data at Rest Utility Application Landscape Hosted off site today SmartMeter Systems Demand Response CAISO Electric Head End System Hosted Meter Data Management Gas Head End PG&E Data Center Vendor Hosted Customer 3
Security Risk Management PG&E utilizes the following five information classifications: PG&E Public Anything produced for public review and available to anyone inside or outside the company. This includes materials such as press releases, advertisements, or bill inserts. PG&E Internal Information intended primarily for use within PG&E, such as organization charts, personnel numbers, and company email messages. Distribution should be limited based on business need to know, and access controls are required. PG&E Confidential Information such as trade secrets, customer or employee information, and passwords that should be shared solely on a business need to know basis. PG&E Confidential data must be encrypted for storage and transmission if electronic and, if printed, protected through controlled physical access, such as a locked filing cabinet. PG&E Restricted or PG&E Privileged (Law only) Information such as Social Security Numbers, undisclosed financial information, and protected health information should be shared solely on a business need to know basis. Data must be for storage and transmission encrypted if electronic and, if printed, protected through controlled physical access. Note that PG&E Privileged is only used by Law. 4
Networks - Critical Infrastructure ODN (air-gapped secure network) - SCADA UDN Traditional IT MPLS Physical Isolation and Connectivity Operational Data Network Utility Data Network Multiprotocol Label Switching Packet Level Network Path 5
Volt / VAR on the test network Test Network Set Voltage 1 Negotiating Network Access in the test environment is not trivial LabView Interface LabView Driver Set Voltage 2 Set Voltage 3 UPS #1 LabView Driver TCP/IP Meter Farm Read Voltage UIQ System Access Point Node Simulator 4.1 Remote Access Firewall UDN ODN CVR Software Adjust Voltage Load Tap Changer Line Capacitor Line Regulator 6
Security is Physical Control of assets is critical to our business: San Jose Mercury News June 4 th, 2013 In the early-morning hours of April 16, someone opened fire at the utility's substation on Metcalf Road near Highway 101. The gunshots damaged five transformers and caused cooling oil to leak from a transformer bank, and the damage prompted state regulators to urge electricity conservation in the ensuing days. AT&T phone service in the area was also affected. 7
Safety and Reliability SmartMeter Performance Statistics The Cloud Interval data supplied from SmartMeter systems for billing within 48 hours of expected delivery as a percentage of expected interval data. 8
9 Thank you Art Anderson arthur.anderson@pge.com
North American Electric Reliability Corporation Critical Infrastructure Protection (CIP) standards Version 5 now requires the following: Encryption Role-based instead of risk-based classifications Multiple levels of compliance Low, Medium and High Impact (in theory, a company could have 10 facilities of which six are low impact facilities, three are medium impact facilities, and one is a high impact facility) New terminology (such as BES Cyber Asset) All serial connections are to be considered Multi-factor authentication requirements Triggers are required to be defined for recovery plans All software (COTS and custom) must be known All security patches from the beginning of time on each device must be known 10