Smart Grid

Introduction
In the United States and many other countries, modernization of the electric power grid is central to national efforts to increase energy efficiency, transition to renewable energy sources, reduce greenhouse gas emissions, and build a sustainable economy that ensures prosperity for current and future generations. Around the world, billions of dollars and being spent to build a smart electric power grid, referred to as the Smart Grid.

While the terminology varies from country to country, all notions of an advanced power grid for the 21st Century hinge on adding and integrating many varieties of digital computing and communications technologies and services with the power-delivery infrastructure.

Modernizing the current power grid through the computerization and networking of intelligent components holds the promise of a Smart Grid infrastructure that can &mdash;


 * Deliver electricity more efficiently;
 * Provide better power quality;
 * Link with a wide array of energy sources in addition to energy produced by power plants (such as renewable energy sources);
 * Enable self-healing in cases of disturbance, physical and cyber attack, or natural disaster; and
 * Provide consumers, and other individuals, with more choices based on how, when, and how much electricity they use.

Communications technology that enables the bidirectional flow of information throughout the infrastructure is at the core of these Smart Grid improvements, which rely upon collated energy usage data provided by smart meters, sensors, computer systems, and many other devices to derive understandable and actionable information for consumers and utilities.

Definition
The "Smart Grid" is a suite of initiatives to improve energy efficiency. Interactive smart meters can monitor electric power consumption, inform consumers of steps to take to decrease consumption, and provide detailed usage reports to utilities.



As described in the July 2009 Smart Grid System Report from the U.S. Department of Energy:

"Areas of the electric system that cover the scope of a smart grid include the following:


 * the delivery infrastructure (e.g., transmission and distribution lines, transformers, switches),
 * the end-use systems and related distributed-energy resources (e.g., building and factory loads, distributed generation, storage, electric vehicles),
 * management of the generation and delivery infrastructure at the various levels of system coordination (e.g., transmission and distribution control centers, regional reliability coordination centers, national emergency response centers),
 * the information networks themselves (e.g., remote measurement and control communications networks, inter- and intra-enterprise communications, public Internet), and
 * the financial and regulatory environment that fuels investment and motivates decision makers to procure, implement, and maintain all aspects of the system (e.g., stock and bond markets, government incentives, regulated or non-regulated rate-of-return on investment)."

Characteristics of the Smart Grid
Under the Energy Independence and Security Act of 2007 (EISA), the creation of a Smart Grid is a national policy. Distinguishing characteristics of the Smart Grid, as cited in the Act include:


 * Increased use of digital information and controls technology to improve reliability, security, and efficiency of the electric grid;
 * Dynamic optimization of grid operations and resources, with full cybersecurity;
 * Deployment and integration of distributed resources and generation, including renewable resources;
 * Development and incorporation of demand response, demand-side resources, and energy-efficiency resources;
 * Deployment of "smart" technologies for metering, communications concerning grid operations and status, and distribution automation;
 * Integration of "smart" appliances and consumer devices;
 * Deployment and integration of advanced electricity storage and peak-shaving technologies, including plug-in electric and hybrid electric vehicles, and thermal-storage air conditioning;
 * Provision to consumers of timely information and control options; and
 * Development of standards for communication and interoperability of appliances and equipment connected to the electric grid, including the infrastructure serving the grid.

The Department of Energy has stated:

"The application of advanced digital technologies (i.e., microprocessor-based measurement and control, communications, computing, and information systems) are expected to greatly improve the reliability, security, interoperability, and efficiency of the electric grid, while reducing environmental impacts and promoting economic growth. Achieving enhanced connectivity and interoperability will require innovation, ingenuity, and different applications, systems and devices to operate seamlessly with one another, involving the combined use of open system architecture, as an integration platform, and commonly-shared technical standards and protocols for communications and information systems. To realize smart grid capabilities, deployments must integrate a vast number of smart devices and systems."

To monitor and assess progress of deployments in the United States, the Department of Energy is tracking activities grouped under six chief characteristics of the envisioned Smart Grid:


 * Enables informed participation by customers;
 * Accommodates all generation and storage options;
 * Enables new products, services, and markets;
 * Provides the power quality for the range of needs;
 * Optimizes asset utilization and operating efficiently; and
 * Operates resiliently to disturbances, attacks, and natural disasters.

Interoperability and cyber security standards will underpin component, system-level, and network-wide performances in each of these six important areas.

The framework described in the EISA reflect several important characteristics. They include:


 * that it be "flexible, uniform and technology neutral, including but not limited to technologies for managing smart grid information"
 * that it "accommodate traditional, centralized generation and transmission resources and consumer distributed resources"
 * that it be "flexible to incorporate regional and organizational differences and technological innovations"
 * that it "consider the use of voluntary uniform standards" that "incorporate appropriate manufacturer lead time."

Spectrum policy
An efficient Smart Grid requires spectrum capacity to support the broadband communications infrastructure required to operate the grid. A Smart Grid policy that presumes the availability of suitable spectrum for wireless connections could fall short of its intended goal unless spectrum policy is aligned. The Utilities Telecom Council (UTC) has published a report that argues for shared access to 30 MHz of spectrum at 1800-1830 MHz to meet wireless communication needs. This band is currently allocated to federal users.

Canada is in the process of a rule-making procedure that would make the 1800-1830 MHz band available for “electrical infrastructure;” operating smart grids on compatible frequencies would facilitate cross-border management of power sources.

Reportedly, the FCC will include recommendations for Smart Grid development as part of the National Broadband Plan. Recommendations could include ways for utilities to share federal spectrum bands. .

Security concerns
With the Smart Grid’s transformation of the electric system to a two-way flow of electricity and information, the information technology (IT) and telecommunications infrastructures have become critical to the energy sector infrastructure. Therefore, the management and protection of systems and components of these infrastructures must also be addressed by an increasingly diverse energy sector. To achieve this requires that security be designed in at the architectural level.

Risks to the grid include:


 * Increasing the complexity of the grid could introduce vulnerabilities and increase exposure to potential attackers and unintentional errors;
 * Interconnected networks can introduce vulnerabilities;
 * Increasing vulnerabilities to communication disruptions and introduction of malicious software that could result in denial of service or compromise the integrity of software and systems;
 * Increased number of entry points and paths for potential adversaries to exploit; and
 * Potential for compromise of data confidentiality, include the breach of customer privacy.

In addition, the Smart Grid has additional vulnerabilities due to its complexity, large number of stakeholders, and highly time-sensitive operational requirements.

A traditional IT-focused understanding of cyber security is that it is the protection required to ensure confidentiality, integrity, and availability of the electronic information communication system. For the Smart Grid, this definition of cyber security needs to be more inclusive. Cyber security in the Smart Grid includes both power and cyber system technologies and processes in IT and power system operations and governance. These technologies and processes provide the protection required to ensure confidentiality, integrity, and availability of the Smart Grid cyber infrastructure, including, for example, control systems, sensors, and actuators.

Overview
There are many significant privacy concerns and issues relating to the Smart Grid. Four dimensions of privacy are impacted by the Smart Grid, including:


 * 1) personal information &mdash; any information relating to an individual, who can be identified, directly or indirectly, by that information and in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural, locational or social identity. Privacy of personal information involves the right to control when, where, how, to whom, and to what extent an individual shares their own personal information, as well as the right to access personal information given to others, to correct it, and to ensure it is safeguarded and disposed of properly.
 * 2) personal privacy &mdash; the right to control the integrity of one’s own body. It covers such things as physical requirements, health problems, and required medical devices.
 * 3) behavioral privacy &mdash; the right of individuals to make their own choices about what they do and to keep certain personal behaviors from being shared with others.
 * 4) personal communications privacy &mdash; the right to communicate without undue surveillance, monitoring, or censorship.

Most Smart Grid entities directly address the first dimension, because most data protection laws and regulations cover privacy of personal information. However, the other three dimensions are important privacy considerations as well; thus dimensions 2, 3, and 4 should also be considered in the Smart Grid context because new types of energy use data can be created and communicated. For instance, we can recognize unique electric signatures for consumer electronics and appliances and develop detailed, time-stamped activity reports within personal dwellings. Charging station information can detail whereabouts of an EV. This data did not exist before the application of Smart Grid technologies.

When considering how existing laws may deal with privacy issues within the Smart Grid, and likewise the potential influence of other laws that explicitly apply to the Smart Grid, it is important to note that while Smart Grid privacy concerns may not be expressly addressed, existing laws and regulations may still be applicable. Nevertheless, the innovative technologies of the Smart Grid pose new issues for protecting consumers’ privacy that will have to be tackled by law or by other means.

The Smart Grid will greatly expand the amount of data that can be monitored, collected, aggregated, and analyzed. This expanded information, particularly from energy consumers and other individuals, raises added privacy concerns. For example, specific appliances and generators can be identified from the signatures they exhibit in electric information at the meter when collections occur with great frequency as opposed to through traditional monthly meter readings. This more detailed information expands the possibility of intruding on consumers’ and other individuals’ privacy expectations.

General invasion of privacy concerns
Two aspects of the Smart Grid may raise new privacy legal issues. First, the Smart Grid significantly expands the amount of data available in more granular form as related to the nature and frequency of energy consumption and creation, thereby opening up more opportunities for general invasion of privacy. Suddenly a much more detailed picture can be obtained about activities within a given dwelling, building, or other property, and the time patterns associated with those activities make it possible to detect the presence of specific types of energy consumption or generation equipment. Granular energy data may even indicate the number of individuals in a dwelling unit, which could also reveal when the dwelling is empty or is occupied by more people than usual. The public sharing of information about a specific location’s energy use is also a distinct possibility. This raises the concern that persons other than those living within the dwelling but having access to energy data could likewise automate public sharing of private events without the dwellers’ consent &mdash; a general invasion of privacy.

The concern exists that the prevalence of granular energy data could lead to actions on the part of law enforcement &mdash; possibly unlawful in themselves &mdash; and lead to an invasion of privacy, such as remote surveillance or inference of individual behavior within dwellings, that could be potentially harmful to the dwelling’s residents.



Law enforcement agencies have already used monthly electricity consumption data in criminal investigations. For example, in Kyllo v. United States, the government relied on monthly electrical utility records to develop its case against a suspected marijuana grower. Government agents issued a subpoena to the suspect’s utility to obtain energy usage records and then used a utility-prepared “guide for estimating appropriate power usage relative to square footage, type of heating and accessories, and the number of people who occupy the residence” to show that the suspect’s power usage was “excessive” and thus “consistent with” a marijuana-growing operation.

As Smart Grid technologies collect more detailed data about households, one concern is that law enforcement officials may become more interested in accessing that data for investigations or to develop cases. For instance, agencies may want to establish or confirm presence at an address at a certain critical time or even establish certain activities within the home &mdash; information that may be readily gleaned from Smart Grid data.

However, the Supreme Court in Kyllo clearly reaffirmed the heightened Fourth Amendment privacy interest in the home and noted this interest is not outweighed by technology that allows government agents to “see” into the suspect’s home without actually entering the premises. The Court stated,

"We think that obtaining by sense-enhancing technology any information regarding the interior of the home that could not otherwise have been obtained without physical intrusion into a constitutionally protected area, constitutes a search [and is] presumptively unreasonable without a warrant."

Second, unlike the traditional energy grid, the Smart Grid may be viewed as carrying private and/or confidential electronic communications between utilities and end-users, possibly between utilities and third parties, and between end-users and third parties.

Current law both protects private electronic communications and permits government access to real-time and stored communications, as well as communications transactional records, using a variety of legal processes. Moreover, under the Communications Assistance for Law Enforcement Act (CALEA), telecommunications carriers and equipment manufacturers are required to design their systems to enable lawful access to communications. The granular Smart Grid data may also have parallels to call detail records collected by telecommunications providers. It is unclear if laws that regulate government access to communications will also apply to the Smart Grid.

In short, the innovative technologies of the Smart Grid pose new legal issues for privacy of the home, as well as any type of property location that has traditionally received strong Fourth Amendment protection. As Justice Scalia wrote in Kyllo:

"The question we confront today is what limits there are upon this power of technology to shrink the realm of guaranteed privacy."

New privacy concerns raised by the Smart Grid
The ability to access, analyze, and respond to much more precise and detailed data from all levels of the power grid is critical to the major benefits of the Smart Grid &mdash; and it is also a significant concern from a privacy viewpoint, especially when this data and data extrapolations are associated with individual consumers or locations. Some articles in the public media have raised serious concerns about the type and amount of billing, usage, appliance, and other related information flowing throughout the various components of the Smart Grid.

There are also concerns across multiple industries about data aggregation of “anonymized” data. For example, in other situations, associating pieces of anonymized data with other publicly available non-anonymous data sets has been shown by various studies to actually reveal specific individuals. Frequent meter readings may provide a detailed timeline of activities occurring inside a metered location and could also lead to knowledge about specific equipment usage or other internal home/business processes.


 * Potential Privacy Impacts that Arise from the Collection and Use of Smart Grid Data



Smart meter data raises potential surveillance possibilities posing physical, financial, and reputational risks. Because smart meters collect energy usage data at much shorter time intervals than in the past (in 15-minute or sub-15-minute intervals rather than once a month), the information they collect can reveal much more detailed information about the activities within a dwelling or other premises than was available in the past. This is because smart meter data provides information about the usage patterns for individual appliances &mdash; which in turn can reveal detailed information about activities within a premise through the use of non-intrusive appliance load monitoring (NALM) techniques.

Using NALM, appliances’ energy usage profiles can be compared to libraries of known patterns and matched to identify individual appliances. For example, research shows that analyzing 15-minute interval aggregate household energy consumption data can by itself pinpoint the use of most major home appliances.

NALM techniques have many beneficial uses, including pinpointing loads for purposes of load balancing or increasing energy efficiency. However, such detailed information about appliance use can also reveal whether a building is occupied or vacant, show residency patterns over time, and reflect intimate details of people’s lives and their habits and preferences inside their homes.

In 1989, George W. Hart, one of the inventors of NALM, explained the surveillance potential of the technique. As the time intervals between smart meter data collection points decreases, appliance use will be inferable from overall utility usage data and other Smart Grid data with even greater accuracy.

In general, more data, and more detailed data, may be collected, generated, and aggregated through Smart Grid operations than previously collected through monthly meter readings and distribution grid operations. In addition to utilities, new entities may also seek to collect, access, and use smart meter data (e.g., vendors creating applications and services specifically for smart appliances, smart meters, and other building-based solutions). Further, once uniquely identifiable “smart” appliances are in use, they will communicate even more specific information directly to utilities, consumers, and other entities, thus adding to the detailed picture of activity within a premise that NALM can provide.

The proliferation of smart appliances, utility devices, and devices from other entities throughout the Smart Grid, on both sides of the meter, means an increase in the number of devices that may generate data. The privacy risks presented by these smart appliances and devices on the consumer side of the meter are expanded when these appliances and devices transmit data outside of the home area network (HAN) or energy management system (EMS) and do not have documented security requirements, effectively extending the perimeter of the system beyond the walls of the premises.

Data may also be collected from plug-in electric vehicles (PEVs). Charging data may be used to track the travel times and locations for the PEV owners.

Privacy impact assessment
The Privacy Sub-Group of the Cyber Security Coordination Task Group (now called the Smart Grid Interoperability Panel–Cyber Security Working Group (SGIP-CSWG)), which is responsible for addressing privacy on the Smart Grid, particularly in the area of consumer-to-utility information exchanges, has issued a high-level privacy impact assessment (PIA).

The PIA stated that:


 * the privacy implications of the Smart Grid are not fully understood
 * there is a lack of formal privacy policies, standards or procedures by entities who are involved in the Smart Grid and collect information
 * comprehensive and consistent definitions of personally identifiable information do not generally exist in the utility industry
 * distributed energy resources and smart meters will reveal information about residential customers and activities within the house
 * roaming Smart Grid devices, such as electric vehicles recharging at a friend's house, could create additional personal information
 * smart meters and the Smart Grid network will be able to use personal information in unlimited numbers of ways
 * despite the 2000 resolution adopted by the National Association of Regulatory Utility Commissioners urging the adoption of privacy principles, few state level utility commissions have begun to assess privacy and the Smart Grid
 * future research is necessary and conducting further PIAs is critical.

Privacy concerns arise when there is a possibility of discovering personally identifiable information (PII) such as the personal habits, behaviors and lifestyles of individuals inside dwellings, and to use this information for secondary purposes, other than for the provision of electricity. Electric utilities and other providers may have access to information about what customers are using, when they are using it, and what devices are involved. An electricity usage profile could become a source of behavioral information on a granular level.

Fair information privacy principles
Fair Information Practice Principles describe the manner in which entities using automated data systems and networks should collect, use, and safeguard personal information to assure their practice is fair and provides adequate information privacy protection.

Notice and purpose for use of PII
The new smart meters and accompanying potential and actual uses create the need for utilities to be more transparent and clearly provide notice documenting the types of data collected, and the purposes for collecting the data. Within the Smart Grid implementation a clearly-specified notice must describe the purpose for the collection, use, retention, and sharing of PII. Data subjects should be told this information at or before the time of collection.

Choice and consent to use PII
New smart meters create the need for utilities to give residents a choice about the types of data collected. Utilities should obtain consent from residents for using the collected data for other purposes, and as a requirement before data can be shared with other entities.

Collection of PII
In the current operation of the electric grid, data taken from meters consists of basic data usage readings required to create bills. Under a smart grid implementation, meters will collect other types of data. Some of this additional data may be PII. Frequent meter readings may provide not only a detailed time-line of activities occurring inside a metered location, they could also lead to knowledge being gained about specific equipment usage or other internal business processes.

The proliferation of smart appliances and utility devices throughout the grid, on both sides of the meter, means an increase in the number of devices that may generate data. The privacy risks presented by these smart appliances and devices on the customer side of the meter are expanded when these appliances and devices transmit data outside of the Home Automation Network (HAN) or building management system and do not have documented security requirements, effectively extending the perimeter of the system beyond the walls of the premises.

Data may also be collected from electric vehicles and plug-in hybrid electric vehicles (EVs/PHEVs). Charging data may be used to track the travel times and locations for the EV/PHEV owners.

Because of the associated privacy risks, only the minimum amount of data necessary for the utility companies to use for energy management and billing should be collected. However, the amount of information collected may vary, depending on whether or not power generation occurs on the premises. Home generation services will likely increase the amount of information created and shared.

Use and retention of PII
In the current operation of the electric grid, data taken from meters is used to create residents’ bills, determine energy use trends, and allow customers to control their energy usage both on-site and remotely. The new smart meters, and the Smart Grid network, will have the capability to use the collected data in an unlimited number of ways.

Information should only be used or disclosed for the purpose for which it was collected, and should be divulged only to those parties authorized to receive it. PII should be aggregated or anonymized wherever possible to limit the potential for computer matching of records. PII should only be kept as long as is necessary to fulfill the purposes for which it was collected.

Individual access
In the current operation of the electric grid, data taken from the meters is obtainable by consumers from their own homes. The data collected in a Smart Grid implementation may be stored in multiple locations. Currently, there is no standardized process to allow residents to access to their own corresponding PII that may be stored throughout the Smart Grid.

Currently, customers are able to access their account information through their monthly bill, utility websites, and annual terms and conditions statements. The utilities that comprise the Smart Grid should establish and provide to all customers a process to allow them to inspect their corresponding PII, and to request the correction of inaccuracies. Customers should also be informed about parties with whom PII has been shared.

Disclosure and limiting use of PII
Significant privacy concerns and risks exist when PII is inappropriately shared without the knowledge and consent of the individuals to whom the PII applies. Data collected through smart meters should be used solely for the specific purposes for which it was collected. If utilities wish to use the data for other purposes, or share the data with other entities, they should notify consumers, clearly communicate their plans, and obtain consent to use and share the data as described.

Security and safeguards
The data collected from smart meters may potentially be transmitted to and stored in multiple locations throughout the Smart Grid. Establishing strong security safeguards will be necessary to protect the PII from loss, theft, unauthorized access, disclosure, copying, use, or modification.

Accuracy and quality of PII
The data collected from smart meters and related equipment will potentially be stored in multiple locations throughout the Smart Grid. Meter data may be automatically collected in a variety of ways. The ability to inappropriately modify data could be significant in utilities where access controls are not appropriately set. Accordingly, establishing strong security safeguards will be necessary to protect the information. Since meter data may be stored in many locations, and therefore, accessed by many different individuals and entities and used for a very wide variety of purposes, PII data may be inappropriately modified. Automated Smart Grid decisions made for home energy use could be detrimental for residents (e.g., restricted power, thermostats turned to dangerous levels), while decisions about Smart Grid power use and activities could be based upon inaccurate information.

Every effort must be made to ensure that PII collected throughout the Smart Grid, and at all locations where it is stored, is accurate, complete and relevant for the purposes identified, and remains accurate throughout the life of the PII.

External link

 * Smart Grid.