Smart grid Catch-22: Utilities must have plans even as vital standards still being developed
By Tom Tiernan
December 23 - State regulators are telling utilities to develop broad smart grid plans that encompass all kinds of elements about how advanced meters and other technologies will be used. At the same time, though, smart grid standards are still being hatched by the federal government.
Some utilities think they are being put in a Catch-22 bind.
That dynamic was addressed indirectly in mid-November at the annual meeting of the National Association of Regulatory Utility Commissioners, where a number of speakers told state regulators that they should not allow utilities to install advanced meters first and figure out later how best to use them.
Examining regulatory decisions and lessons learned from smart grid plans in Maryland, Hawaii, Oklahoma and a few other jurisdictions, regulators should make utilities "define the mission" first, said Scott Hempling, executive director of the National Regulatory Research Institute.
(Listen to a related podcast: Utilities pursue stimulus funding for smart grids)
Article continues below...
Electric Utility Week focuses on the big, fundamental news that matters to every utility -- investor-owned, municipal and cooperative. Whether you manage, supply, finance, regulate, or advise public or private utilities, Electric Utility Week provides you with the most comprehensive knowledge available about what's new and what's ahead in the electric utility business.
▪ Request a complimentary issue
▪ See a sample
▪ Get your newsletter subscription now
Regulators in California approved advanced metering infrastructure investments first, and then addressed broader utility smart grid plans, and with the benefit of hindsight "I'd do it in reverse," by making utilities present a plan first and then figure out where AMI fits within that plan, said Dian Grueneich of the California Public Utilities Commission.
Similarly, in Hawaii, after Hawaiian Electric sought to install advanced meters in 2008 and then halt the process and address other smart grid elements in a more limited pilot project in 2010, the PUC directed the utility to come up with a plan, related PUC Chairman Carlito Caliboso.
"We're asking for a better roadmap, a better plan," rather than allowing the utility to change its smart grid vision on the fly, Caliboso said at a joint meeting with NARUC members and Commissioner John Norris and Chairman Jon Wellinghoff of the Federal Energy Regulatory Commission.
If regulators do not make utilities define what they intend to do with smart grid plans and lay out the components and how they will achieve their goals, which should include better consumer education than most plans so far, "you can end up in a multibillion-dollar hole without knowing how to get out," Hempling said.
Yet federal stimulus funding is being given out with timing requirements for installing meters and using a host of new technologies, including synchrophasors at the transmission level, and smart grid standards are still being developed by the National Institute of Standards and Technology, pointed out David Owens, executive vice president of business operations for the Edison Electric Institute.
"NIST is doing good work," he said, but even as the standards are adopted and sent to FERC, compliance will be totally voluntary.
Cybersecurity is another crucial concern that should be addressed up front, not added later, said White House cybersecurity coordinator Howard Schmidt.
State regulators should ensure utilities have a plan for security as part of their smart grid efforts, including data privacy, because advanced meters and other digital controls will increase the ability of someone with bad intentions to penetrate the power sector, he said.
Schmidt spoke to the NARUC body as a whole on Tuesday, after the joint meeting with FERC and state commissioners.
For utilities, though, the cost of addressing security is something they are facing without much guidance from government, Owens pointed out. Utilities are being told to have a plan for installing advanced meters, informing consumers and making the grid smarter, and yet when it comes to the government's role on cybersecurity at this point, "there is no plan," he said after Schmidt spoke.
Grid security has to be a top priority, and it is for utilities, but compliance with NIST standards will not be the job of utilities alone, Owens said, noting that technology vendors and equipment manufacturers will examine the standards.
The question policymakers need to address, and which Owens asked Schmidt to address, is if compliance with smart grid and cybersecurity standards should be voluntary. Other than some critical infrastructure protection standards that FERC has approved, there are no mandatory rules for utilities to follow on cybersecurity, and Owens asked if the situation puts the power grid in jeopardy.
"I do not have a good answer," Schmidt replied, other than having utilities and regulators address such questions on a case-by-case basis, but he said all sectors of the economy, not just utilities, are facing the same questions.
"There are malicious actors out there," not just terrorists but people looking for financial gain who are examining all kinds of digital controls in the energy sector and how they might be exploited, Schmidt said.
At both the federal and state levels, government cannot avoid the threat of security intrusions, so it needs to do risk mitigation well, such as ensuring companies have multiple layers of security, use encryption technologies rather than password protections and other steps, Schmidt said.
"In many cases these are not questions you've asked utilities before," because state regulators generally do not have a lot of experience with cybersecurity, he said. But regulators need to recognize that there is not a "cookie-cutter" approach to cybersecurity that can be used for years -- it needs to change as technologies evolve.
Even smart grid standards that NIST is developing are not static and will continue to change over time, added George Arnold, national coordinator for smart grid interoperability at NIST. As more digital equipment is used in different parts of the power grid, it is inevitable that grid security intrusions will occur, so "you have to have multiple layers of intruder protection," Arnold said.
But something that can bring down the power grid should not entail compliance that is voluntary, Owens said. There needs to be a legislative solution, and further coordination and work by FERC, Congress and the North American Electric Reliability Corp., he said.
Arnold and others spoke during a FERC technical conference on the NIST standards that was held at the NARUC meeting, with all five FERC commissioners in attendance.
Cybersecurity should be part of any utility smart grid plan "from day one," said Richard Schomberg, vice president at France's EDF and chairman of smart grid standards at the International Electrotechnical Commission, which focuses on smart grid efforts in Europe. Because the European Union and IEC members have 42 transmission operators from 34 countries, IEC standards are widely recognized and respected, Schomberg said.
IEC standards are being followed by American Electric Power as it rolls out its smart grid efforts in several states, added George Bjelovuk, the company's managing director for marketing, research and program development. IEC standards are well-established and known to vendors, Bjelovuk said.
Effective cybersecurity protection is virtually impossible without a common data format being used by different entities, so adoption of smart grid standards in the US is critical, added Daniel Thanos, chief cybersecurity architect at GE Energy.
Return to top
Next page: Without changing utility regulatory structure, business model debate is moot, panelists say