Behind every technology panacea, you'll find privacy and security issues. Privacy is not security, but it's an equally important an issue to smart grid integrity. And like security, much needs to be worked out to ensure privacy breaches don't expose consumers to malicious attacks, fraud or other invasive practices.
Privacy in the smart grid starts from the data gathered at the smart meter that monitors power usage and distribution at a house or office building. That data then travels along the smart grid network to the utility, where it lends itself to analytics software and customer information systems which control consumption patterns, demand response, pricing, and load balancing, among other functions. Then it's sent back to the customer, where the meter is, where it started.
Link any electronic transaction, this one can have leaks that, either through error or malfeasance, expose personally identifiable information (PII) which could then be subject to further abuse. Most likely would be the abuse of credit data, a hot black market commodity. Or what if a criminal enterprise uses the data to predict customer behavior and enter their house when smart grid stats say they're probably not home? Even before we get to maliciousness, we have to ask questions about privacy policy with regards to smart grid. Should a utility, for example, have the right to know I'm using my air conditioner during a peak load time? What's more, should a utility have the right to shut it off ? Is that an invasion of privacy ?
Here's the rub: Without the data exchange described above, the smart grid isn't smart. But with it, it's vulnerable to privacy breaches.
The disconnect to this point is between what's needed to make a smart grid smart and a customer's understanding and control of those things. Consumers need the right to know what's being used and, when their privacy is breached, how and by whom. For this reason, utilities may want to control as much information over the smart grid as possible. But the surge of data is just too huge for utilities to manage.
Aside from the home consumers, let's imagine a company's data center is making energy efficiency a top priority. The company management is keen on monitoring energy and reporting usage back to the grid. The data center facility controllers will communicate with smart meters and send data to the utilities to be analyzed. If in some way this data is leaked, it could pose serious issues to the overall security posture of the company and data center.
And all of this assumes a traditional public utility-to-consumer relationship. But newer energy buying and selling models are emerging. For instance, Google is approved by Federal Energy Regulatory Commission to buy and sell energy in bulk like other utilities. Google has an application called Google PowerMeter that helps customer's see energy consumption information, an energy retail model that makes a customer, a utility, and a private energy retailer partners. If tomorrow Google decides to sell energy, will customers buy energy from Google and use its cloud-based solutions to monitor and manage energy in the future? What are Google's privacy obligations in this scenario? What would Google be allowed to do with all of that data its collecting? Could they start advertising other services based on your usage patterns?
I realize this post has more questions than answers and that's precisely the point. Behind every technology panacea is a Gordian knot of privacy and security questions that need to be worked out. The jury is still out on how privacy would work with a high-performing smart grid. But personally identifiable information (PII) will be at stake once the smart grid ecosystem evolves. If education, process improvements, and better operational security don't evolve with it, the smart grid won't work. More on: Technology, smart grid
