Software and Hard Targets: Enhancing Smart Grid Cybersecurity in the Age of Information Warfare

Charles K. Ebinger and
Charles K. Ebinger Former Brookings Expert
Kevin Massy
Kevin Massy Former Brookings Expert, Manager - Strategy Advisory Council

February 28, 2011

As the United States begins to address the reality of its aging infrastructure and the longterm challenges posed by fossil fuel use, there is widespread recognition that an overhaul of the electric power grid is necessary. Through implementation of the Smart Grid, a system combining information technology and new sources of power generation, the United States has the potential to meet its economic, environmental, and strategic goals while accommodating a projected rise electricity demand. The benefits of the Smart Grid include increased power-system efficiency and reliability; the ability to harness distributed generation; increased integration of renewable energy sources into the energy mix; improved opportunities for energy storage; and increased consumer control of electricity consumption.

However, with the new opportunities come new risks and challenges. The growth of the Smart Grid will create a range of new challenges from the logistical implications of upgrading and replacing large parts of the nation’s power infrastructure to devising new business models that balance more efficient delivery of electricity with equity considerations that protect the interests of the economically vulnerable. One of the most important considerations regarding the implementation of the Smart Grid is the new security concerns it raises, particularly in the critical —and rapidly developing— arena of cybersecurity.

This paper examines the emerging field of Smart Grid cybersecurity and recommends federal policies that can be enacted to help protect the United States from cyber attacks through the Smart Grid. Parts 1 and 2 provide an overview of the Smart Grid, including its origins, scope, and policy objectives; and the challenge of securing the Smart Grid against cyber vulnerabilities. Part 3 looks at the policies that have been implemented at the federal, state, and local levels to do so, and is informed by responses of several U.S. State Public Utility Commissions to a Brookings-designed survey (see Appendix II). The report concludes by offering a series of recommendations for more effective policymaking in the arena of Smart Grid cybersecurity.