1

Secure Wireless Data Communications for Distribution Automation in the Smart Grid
Colin Lippincott, general manager of energy markets, FreeWave Technologies, Inc.

Abstract For many utilities operators, making their electric grid smarter is an increasingly important task with the goal of creating a system that is optimized for efficient delivery of electricity. Automation has been the primary driver and many electric utilities have already implemented SCADA systems for control over transmission-level equipment. At the distribution automation layer, many critical functions and actions are automated, such as the monitoring of critical feeders, fault detection, isolation and restoration to reduce the duration and impact of outages, supporting the shifting of loads between sources to help avoid or alleviate overload conditions or controlling capacitor banks. There is no single technology that satisfies all of the requirements of system managers, especially for SCADA systems as complex as those for the Smart Grid. The recent increase in copper theft, often impacting data communication lines, makes wireless data communication solutions an attractive alternative to Copper and Fiber. Index Terms Automation SCADA Frequency hopping Latency Throughput Encryption Authentication

where the smart grid concept comes into play routing electric power from where its generated to where and when it needs to be consumed, in the most efficient way possible.

Fig.1. Electric transmission and distribution.

I. INTRODUCTION EOPLE around the world are consuming more and more energy every year. According to the U.S. Department of Energy, electricity use in 2009 was about 13 times greater than electricity use in 1950. Everything from new gadgets and devices to electric vehicles and urban infrastructure developments are adding to the rate that consumption of energy increases on a year-by-year basis. Consumption today is actually outpacing the rate that we are enabling new energy generation.

II. AUTOMATION AND DATA COMMUNICATIONS Due to growing demand and the need for more efficiency, electric utility operators are thinking about how to make their electric grid smarter. Automation is the primary driver. Automation enables utilities to improve distribution automation, make it more cost-effective, safer and resilient. For years, many electric utilities have implemented Supervisory Control and Data Acquisition (SCADA) systems for better control. As reliability and load requirements continue to increase, so does the need to minimize costs. Therefore, the extension of intelligent control over electrical power grid functions to the distribution layer and beyond (via distribution automation) is a key enabler for Smart Grid success.

There are a few ways to help alleviate this problem. One Data communications are critical to supporting timeway is to increase the speed that we add electrical generation. sensitive distribution automation applications. At the For years, theres been a lot of emphasis on alternative distribution automation layer, many critical functions and energy resources, but the problem with solar and wind is the actions are automated, such as the monitoring of critical suns not always shining, nor is the wind always blowing. feeders, fault detection, isolation and restoration to reduce The reality is that electricity is a real-time commodity. From the duration and impact of outages. These systems also the utilities standpoint, the necessary capacity of electric support shifting loads between sources to help avoid or power is important, because there must always be enough alleviate overload conditions, controlling capacitor banks and electricity produced to continuously meet peak demand. The more. Many Smart Grid utility operators are finding the need alternative is to make the electric grid more efficient by for more secure, more reliable, more efficient forms of optimizing or eliminating some of the inefficiencies in the communication to effectively deploy distribution automation. transportation and distribution of electric energy. This is 978-1-4577-2159-5/12/$31.00 2011 IEEE

III. COMMUNICATION TECHNOLOGY OPTIONS There is no single technology that satisfies all of the requirements and priorities of system managers, especially communication requirements as complex as those for the Smart Grid. Think of the communications link as an enabler or catalyst of continuity in the grid. It resembles the highway system that in itself it doesnt do anything, but connects everything together. The following are the critical success factors to the communications component in the distribution automation layer of the Smart Grid: Reliability Security Throughput Flexibility Ease of installation Cost

FHSS technology has been trusted since World War II, when Hedy Lamarr, an Austrian-born actress, together with George Antheil co-patented a secret communication system which allowed radio control of torpedoes that could not be easily discovered, deciphered or jammed[1].

Fig.2. Frequency Hopping

Some communications options for the distribution layer include: Private radio spectrum, unlicensed Private radio spectrum, licensed Cellular Satellite Wired copper or fiber

Various data communication technologies are viable options for several applications within the electric power industry. Every technology has advantages and disadvantages. Some systems are able to send data very far while technologies are purely for very short range applications. A. Frequency Hopping Spread Spectrum (Unlicensed Private Data Radios) A longtime staple to distribution automation, private radio tools remain important to the success of the Smart Grid. They allow real-time, accurate monitoring of distribution automation and offer reliable data that can be sent over long distances. Some types of data radio offerings arent reliably robust, sufficiently secure and field proven. Some others are not as well qualified.

The secret was frequency hopping coordinated, rapid changes in radio frequencies that literally hop in the radio spectrum to evade detection and the potential of interference. In other words, the frequency hopping capability prevents critical data sent from being intercepted or jammed. This technology has been successfully implemented many industries for years, including military, oil and gas, water/wastewater, security, electric power (of course) and more. Providing the lowest cost of ownership, combined with ease of installation, quick deployment and supportive network management tools, wireless data radio communications are growing in attractiveness for Smart Grid applications. Organizations that count on data communications for operational success where failure and down-time are not an option are realizing the true value of this technology. These FHSS radios have some real and/or perceived limitations. A real limitation is that they do require an infrastructure that is line of sight in nature. They are more susceptible to interference in heavily wooded areas than other technologies. Some are concerned about frequency saturation in areas are many of the unlicensed radios are operating. Some others are simply concerned about these radios in that they operate in a shared spectrum (e.g. 902-928 MHz). FHSS spread spectrum radios also have many advantages. They provide for much higher throughput than licensed systems. They do not require a license and attendant administrative costs and headaches. They are very flexible in many ways including that by using repeaters, the achievable range is unlimited.

Wireless data communication equipment providers have taken a leap forward for customers who need industrial grade serial and Ethernet radios that operate in harsh, challenging and congested RF environments. They work well over long distances and, thus, over short distances. Some wireless data communication equipment providers offer Frequency Hopping Spread Spectrum (FHSS) radio technology for private radio network solutions in unlicensed spectrums for reliable and secure data transmission with low latencies, attractive range and throughput rates.

Copy of the US Patent 397,412 by Hedy Lamarr and George Antheil

B. Fixed Frequency (Licensed Private Data Radios) These radios can be deployed in a variety of frequencies nearly anywhere in the world. The radios can be very tolerant of Mother Natures and humans link challenges especially in the lower frequencies. At 400 MHz or 200 MHz, for example, the radios will penetrate wooded areas better than 900 MHz FHSS. The theory behind using a fixed frequency radio is that the user owns that frequency in the geography where they hold the license with the FCC (in the US). They assume that because they own the frequency that they will not be faced with interference from another user in the same area. Disadvantages of the licensed radios include low bandwidth. In some frequencies, the channel spacing can be as limited as 6.25 kHz and no more than 25 kHz. Even at 25 kHz most radios will only deliver 19.2 Kbps. When Ethernet is layered into the equation, the throughput takes an overhead hit. These radios require a license from the FCC. In some frequencies and geography combinations the licenses for a required throughput are not available. In some other cases, there might be plenty of spectrums available though it might also be prohibitively expensive. C. Satellite Systems Satellite systems have broadband capabilities and tend to be both reliable and ideal for long-range back haul applications. Nevertheless, satellite systems are very costly to deploy and have monthly recurring costs. These costs add burdens to operating budgets. Satellite systems have a great advantage in that they can be deployed almost anywhere in the world. They are, however, a non-private system with shared bandwidth. Plus, system maintenance, repairs in the event of an outage are not in the control of the user. Only the system provider has access to rectify outage events, do maintenance or add to system throughput with more infrastructures. Satellite systems are not commonly deployed for distribution automation applications. They are too expensive to justify when other less expensive, low latency, reliable, secure systems such as unlicensed and licensed systems can be successfully deployed. In the event that data is required from a local system to be accessed from far away and there is not local internet access, satellite systems serve very useful function. D. Cellular Cellular systems function similarly to satellite systems. They use an existing public network of communication infrastructure and communications devices that have monthly charges. Using a cellular network for distribution automation has several advantages over other technologies. The biggest advantage is that there is no need for the user to craft a tower infrastructure plan. For the most part, the technician simply turns on the cell modem and a link is created. The actual

network design is far simpler than either unlicensed or licensed radio systems. Disadvantages, in comparison, include the monthly charges and the fact that this is a public network with shared spectrum. The utility has no real control over the system utilization and especially not when there is an outage in the cell network. Another disadvantage is that cell coverage can be inconsistent to nonexistent. There are many non-urban areas that have low or no coverage at all. Even in urban areas, service commitments notwithstanding, there can be coverage problems. One more disadvantage to cell networks for some utilities is the way the systems manage IP addresses. In radio systems the IP addresses are fixed to a device by the IT team at the utility. In cell networks, the IP addresses are randomly assigned when a connection is made with the modem. Latency in cell systems is often discussed as a potential problem for DA networks. With utilities and agencies recommending that the latency for any one way communication is equal to or less than 50 milliseconds, the utility has to have confidence that the communication technology selected will reliably perform to this level. E. Wired Solutions (Copper or Fiber) Distribution automation applications between DA devices and substations and NOCs can be quite far apart. While copper or fiber solutions can provide much more throughput, these long distances often make either of these technologies impractical do to cost and other issues (e.g. right of way). If cost and right of way are not issues for the utility, these options, especially fiber, are very compelling choices. No other technology discussed will provide speeds and reliability of fiber. It is not maintenance free but that is just another variable in the total cost of ownership equation. Some utilities will make fiber their choice for some of the critical infrastructure links that they will not trust to wireless of any kind. IV. COPPER THEFT PARADIGM What operators are seeing in distribution automation applications is more of the back-haul long distance type of data communication. This makes a wired or cable solution a prototypical choice because it is both very reliable and provides the best throughput option. There are certain metals that conduct electricity better than other metals, and as such theyre more suitable for both the transportation of electric energy as well as the transportation of signals. Copper is one of those metals, and copper also is used in lots of other industrial applications. As the price of copper has grown significantly over the past 10 years, from under $1 a pound in March of 2001 to nearly $5 a pound in March of 2011, so did copper theft, which has proven to be very lucrative for criminals across the world.

The economic impact of copper theft has totaled more than $1 billion a year, according to the U.S. Department of Energy, and there are no signs of it slowing down. The impact of copper theft goes far beyond the material damage, especially if mission critical applications, like electric power, depend on the availability of the communication link. Trying to steal copper-wires from a high voltage electric distribution or transport line can be painful, if not deadly. However, the same is not true for communication lines. There are a lot of instances where communication lines get disrupted because of copper theft. For example, criminals are stealing the signaling cables from railroads and metro stations which cause delays, disruptions and cancellations and ultimately have a negative ripple effect in the economy beyond the loss of expensive copper wiring. In the past, wired communication solutions always were seen as the most reliable with higher availability, but the surge in copper theft is really changing the paradigm because increasingly, it is not always available. The recent increase in numbers of copper theft, often impacting data communication lines, make cost-effective, quick and easy-todeploy wireless data communication solutions an attractive alternative to copper and fiber. V. CASE DTUDY: WIRELESS DATA RADIOS USED FOR DISTRIBUTION AUTOMATION A major energy company that serves hundreds of thousands of retail customers in the United States wanted to improve the distribution automation component of its comprehensive smart grid network. Upon considering all of the communication options available, the energy provider decided to build a private wireless communication network for the DA layer. Decision drivers for the company to this decision included the element of cost-savings combined with the advantages of making the grid more resilient and more efficient, all in one installation. The wireless solution chosen could provide the reliability required with the security suite desired. The energy company evaluated several different wireless data communication providers. Each provider has products that are proven in the field for automation applications. Eventually, one company was selected over the other based upon the driving factors discussed above and lead by reliability and security. The system security uses a layered approach to protect the utilitys network. AES 128, RADIUS authentication and many other layers all combine to defend the system from outside penetration and denial of service attacks. Another factor that surfaced during the evaluation process was the providers service model and commitment. That model was confirmed by reference companies that are also utilities. The data radio provider is heavily involved in the network design and installation process. It provided the energy company with extensive path study information, network design options and is aiding in the full deployment of the data radios too. In addition, the provider supplied the

utility company with a software platform for managing radio configurations and network application needs from a single interface. In using the software, the energy company and solutions provider were able to build templates for the network design and then easily commission the radios with the proper configuration to deploy them in the field. The utility and the provider are currently working together in the deployment phase of the data radio solutions into hundreds of DA devices. These new Smart Grid communication capabilities will enable the energy utility company to continue enhancing energy distribution services to its customers by having less frequent outages, as well as reducing the duration of any outages that might occur. VI. SECURITY ACCESS CONTROL The multiple security layers approach to the distribution application mentioned above makes a Denial of Service (DoS) attacks on FHSS systems very difficult, albeit, if not completely impossible. However, a resilient wireless system needs more than a rugged transmission system. There are many positive attributes of industry standards based wireless devices. However, one of the negative aspects is that the only requirement to connect this wireless device is an off-the-shelf, standards-based device -- compatible with the ones used in a specific wireless network -- for access. Case and point: a less than $50 Wi-Fi card is all I would need to try to gain access to the electromagnetic waves emitted by my neighbors Wi-Fi Access Point and Internet connection. And if he did not protect it, thats all I need to get free Internet access through his Wi-Fi network. Proprietary systems and devices (especially when they offer many knobs and configuration options to create more private networks) actually offer a higher degree of security. But even those devices can be acquired, if you know where to get them - a well-known Internet auction place often serves as the source, so that a patient hacker can figure out settings to gain access, even if it may take a while. Therefore, Access Control is one of the most important security features to prevent unauthorized access and intrusion. A. Authentication, Authorization and Accounting Access control is the cyberspace is the equivalent of the security guard at the main door of an office building that makes sure only people with the correct badge can enter. So too, the goal of access control is to only allow network access by authorized devices and to disallow access to all others. Access should be authorized and provided only to devices whose identity has been established (authenticated) and whose placement on the network is approved in accordance with network plans, designs or policy. The verification of identity, or Authentication, is based on the presentation of unique credentials to that system. The unique serial number of a wireless device for example (that

hopefully can neither be spoofed nor counterfeited) may be such a unique credential. Remote Authentication Dial in User Service (aka "RADIUS") is a popular method to provide centralized Authentication, Authorization and Accounting (AAA) to manage access to wireless networks. VII. PRIVACY A good network security strategy should go even further and protect data in transit as well. Even if an unauthorized device manages to gain access to the network, it doesnt necessarily gain access to the actual data without passing yet another layer of security. For thousands of years, cryptography provided this extra layer and maintained the privacy of the actual data between the sender and recipient, even if others had access during transit or transmission. A. Encryption Methods of encryption and deciphering have come a long way since then. Today, the Advanced Encryption Standard (AES) is the industry standard for encryption. No wonder, considering that its roots go back to the National Institute for Standards and Testing (NIST) acting on the need for a new encryption algorithm capable of protecting top secret information. As a Federal Government standard and even used by the NSA, it can be trusted to protect sensitive information and maintain data privacy. VIII. SECURITY POLICIES The aforementioned are only a few basic features that can help with creating a resilient wireless data communication system for critical infrastructure. However, a good network security strategy needs to address and implement policies that serve as safeguards, which make it difficult to circumvent security measures and limit the potential impact of a security breach of the wireless network. Consider those added layers of security. A. Limitation of Permitted Activities One method to implement safeguards is to limit permitted activities on the wireless network to only those absolutely required on the network. The basic idea is if a wireless network were to be compromised, the impact would be limited. In other words, a wireless network primarily used for sensor data collection and remote control of devices should not allow a hacker that compromised the network to gain access to financial or other critical data. Such a limitation of permitted activities can be achieved through various means of security measures.

B. Firewalls and Packet Filters These essentially separate the information needed on the wireless network from that available on other parts of the network. C. Virtual LANs (Virtual Local Area Networks) These are used to separate the wireless network infrastructure and its management from the production network, devices and/or communication endpoints. By using virtual LANs, we see the introduction of another level of security, especially if combined with Quality of Service (QoS) mechanisms. Think of it as an emergency access to your wireless network infrastructure for remote management and control, in case a Denial of Service (DoS) attack overwhelms the actual payload and production network. D. User Level Access By implementing user level access (password protected), you can provide access to your wireless infrastructure and devices to e.g. maintenance personnel, but limited to monitoring system health or performance without opening the system up to misuse or sabotage because configuration and other privileges are reserved for a different user level and password. E. Access limitation of local ports By controlling who is allowed access from local ports (e.g. through MAC address filtering) or even completely turning off local port access when they are not in use, you can essentially make it impossible (or at least very hard) for someone who gained physical access to your network infrastructure and devices to get connected and gain access to your network. F. Audit Logs Not really limiting permitted activities, but activity logs do provide a trail of access and activities and can be a useful tool in auditing and tracing potential security breaches and issues. Again, this is by no means a complete list of options to secure a data communication network. It does, however, provide a good baseline and should be considered if your wireless data communication equipment and devices support these advanced features. Even Secure Shell (SSH) for their own configuration menus really only provide basic connectivity, especially when they are being used for critical infrastructure applications. IX. CONVENIENCE Often, convenience is the main reason behind opening Firewalls, giving users too many privileges and too much access, or, even worse, using default settings and passwords that render other protective measures useless, thereby violating any cyber-security best practices. This presents major cyber vulnerabilities and an imminent threat to critical infrastructure where disruptions could result in catastrophic damage up to loss of life and property.

Security should come first and not be treated as an afterthought. Security should never be compromised for convenience. X. CONCLUSION In summary, electricity usage is continuing to increase both in the United States and around the world. Smart Grid utility operators are meeting these demands by developing smarter and more comprehensive network systems to help automate the processes and make the delivery of electric power as efficient as possible. The distribution automation layer in the Smart Grid is a key to the long-term success of the energy distribution system. There are many data communication technology options to consider for communications in DA. Each option has advantages and disadvantages. The key to selecting the right provider and technology starts with establishing the objectives for the system. The variables are reliability, security, throughput options and more. While technology is challenging to evaluate and select, the providers service model should also be in the selection criteria. There are many data communication technology options to consider, but deploying reliable wireless data radio technologies for distribution automation can save time, money and increase the efficiency of system management while meeting a best fit requirement to the objectives of the organization. The successful deployment of a smart grid system depends on selecting the right technology from the beginning. XI. BIOGRAPHY
Colin Lippincott has been with FreeWave Technologies, Inc. for eight years. In his current position, general manager of energy markets, he leads FreeWave practice in smart grid, traditional electric power and utility scale power generation in both solar and wind to advance remote automation, condition-based monitoring, positioning and SCADA success with industrially hardened, affordable wireless systems and unmatched reliability. Prior to FreeWave, he served in various management and operations roles with several companies since graduating from the University of Colorado with a Masters in Business Administration. Founded in 1993, FreeWave Technologies is a world leader in the innovative design/manufacture of license-free spread spectrum, licensed band radios and wireless data solutions that are trusted for mission critical applications around the world (www.freewave.com).