Today I’m thinking about the unconventional security problems of the smart grid. This means that I am considering the special issues of widely dispersed intelligent devices. I am also becoming the 1,142^nd blogger to write about the newly recognized zombie menace in Texas.

Widely distributed assets cannot be entirely protected against direct physical access. If responsibility for the distributed assets is distributed as well, as they would be in Distributed Generation (DG) and Net Zero Energy (NZE) scenarios, then it is foolish to act as if one can. (DG refers having dedicated power plants spread across the grid. DG as associated with alternative energy, wherein assets should be arrayed “wherever the wind blows”. DG facilities are also much more likely to be owned and operated by people who do not work for traditional power companies. NZE puts DG into each and every building. NZE buildings generate when they can, store as they are able, sell to the grid when the price is right, and buy from the grid when they must.)Zombies come to Texas

This week there was a widely reported hack of a distributed asset—a traffic sign in Texas. Such systems have minimal security, and may be deployed into the field with the default password still in place. If you have access to the sign, it is usually no more than a few minutes work to perform a hard reset and restore the default password. This is usually true for any system; if I have unfettered physical access, the system is sooner or later mine. In Texas this week, a highway sign was hacked to warn of “Zombies Ahead”.

In circumstances like this, it is more essential to be able to determine if the configuration has changed, than it is to make the system un-assailable. Should mutual authentication, and mutual trust include mutual configuration checking?

An entirely different aspect of smart grid security, or perhaps survivability is also on my mind this week.

There are many concerns that at least one US city will be subjected to an EMF pulse in the years ahead. EMF (electromagnetic force) pulse refers to the large power that follows a nuclear blast. Enhanced EMF weapons funnel more energy into EMF than into blast. Enhanced EMF is generally considered an electronics killer. AN EMF pulse could destroy navigation and communications and data centers and home computers. An EMF pulse could take out the internet. When we have a smart grid, then an EMF pulse can take out the substations and metering infrastructure.

Security includes survivability. Most definitions of security describe graceful degradation rather than catastrophic failure. After an EMF pulse, systems would have to fail to some sort of default configuration that still worked, even if minimally. This default configuration, though, might break the trust described above.

How will the smart grid handle nuclear zombies?