Systems - Distribution Power Grid
I remember contracting for a local power grid company looking to undertake a two billion dollar meter and infrastructure upgrade for their distribution grids. One focus was on enhancing the Advanced Meter Infrastructure (AMI) head-end to enable two-way communication with all meters within a distribution grid mesh network.
Previously, communication with meters was one-way, from the meter only. The new AMI functionality allows for remote administration, including the remote disconnection of power to homes or businesses.
Unlike the transmission grid, the distribution grid services all homes and businesses in the power company’s various domains and thus comprises many more components. It requires extensive systems analysis to assess and improve its design. The distribution grid interacts with hardened IT-like systems, raising concerns about the potential for failure in parts of the grid due to issues with these hardened systems.
A failure in the hardened systems could lead to failures in parts of the distribution grid. Moreover, if many substations share a similar architecture, this could replicate a vulnerability across the network of distribution grid substations.
Therefore, I recommend conducting a thorough systems analysis for distribution grids. While reviewing NIST controls for the grid is beneficial, a systems review—rather than an audit—should take precedence. Although audits are crucial for identifying known control gaps, a systems analysis can uncover potential vulnerabilities in the grid’s architecture that audits might not detect. Audits focus on existing control gaps without necessarily predicting unforeseen issues.