Smart Grid, Smart City, IIOT – What’s in a name?


Special Content |

Since 2007, the term Smart Grid has foretold the promise of a flexible, resilient, efficient, and highly secure electric grid that allows for the real-time optimization of grid operations and resources.

Characterized by the deployment of many thousands of “smart”, interactive control devices, sensors, meters, and the communications necessary to interact with them, Smart Grid, among other things, was intended to vastly improve grid efficiency, reliability, and customer control.

The key applications of distribution automation, distributed energy resources and generation including energy storage, real-time demand response and demand-side management could be enabled by the two-way conversation between “smart” appliances and other consumer devices with a highly automated distribution grid that would respond to loads or discourage others.

It also promised to put the end customer in control of their own usage.  A highly automated, efficient, self-healing, bi-directional avenue of interconnected power and communications for a utopian world of highly reliable and efficient energy production and distribution.

Enter Smart Cities

Now enters Smart Cities, Smart Transportation, Smart This-or-That.  By 2012, we realized that we could no longer name everything to do with distributed controls/sensors/computing as “smart”.

The industry came to adopt the term Internet of Things (IoT) and then Industrial Internet of Things (IIoT) to provide a more generic naming construct that worked across many verticals in CII.

IIoT does not carry the implication that all of these devices would be connected to the general internet with its “best-effort” and unsecured data transmission, providing questionable service predictability and availability to systems that need highly reliable communications to operate.

However, one of the daunting problems with deploying many thousands of highly distributed intelligent devices is that, regardless of the name you apply to it, it is still the same “plumbing” problem.

You still need to be able to communicate with each device and protect them from cyber threats. To be cost-effective for most, this involves the use of a wireless data network that is either privately owned by the end customer, or uses cellular service from a wireless service provider.

A cellular service provider may optionally provide a virtual private network (VPN) through their network, though a majority of IIOT devices are still expected to be Internet-attached in some way to save on costs.

Securing IIoT

Just 18 months ago, the world got an important wake-up call regarding the importance of securing IoT (and by extension IIOT) devices when 1.2 million cameras, digital video recorders, and other seemingly innocuous consumer IoT devices began a very successful denial of service (DoS) attack.

The attack was attributed to Anonymous and at least 2 different botnets trained on DYN, a Tier 1 domain name service (DNS) provider in the US, bringing the internet in much of the US to a crawl and shutting down or crippling more than 1200 websites, including sites with massive internet pipes.

It does not take much imagination to figure out what the damage to society would be if this were to happen to any operations network of a power/water/gas utility, to a city’s managed traffic lights and other infrastructure, or to a railroad’s signaling/track control and other operational systems.

Providing highly reliable and secure, flexible connectivity that is cost-effective is no small task but it is clearly critical.  End-to-end encryption with a minimum key size of 128 bits is the minimum started point to secure the data stream and the device.  256 bit keys are certainly preferred as is the public key infrastructure (PKI) technology to ensure that each device has a unique key, so that breaking into one device does not mean that someone now has access to the entire system.

RAD’s secure IIOT backhaul solution has the answer. It is based on RAD’s SecFlow – a hardened SCADA-aware secure industrial switch/router at the edge with embedded firewall and PKI-based IPSec capabilities. SecFlow also supports power over Ethernet (POE) to sensors and other devices with both serial and Ethernet connectivity.

RAD’s unique zero-touch provisioning of the SecFlow greatly simplifies deployment and reduces configuration errors by allowing it to be deployed in an unconfigured state and “call home” to a trusted address to get its configuration and security keys.  That is not all, though.

RAD’s Megaplex-4 multiservice platform provides the connectivity aggregation and the distributed network function virtualization (D-NFV) that allows security gateways (whether RAD’s or other firewall software) to co-exist on the same network platform to terminate thousands of IPSec tunnels at the operations center.

The simple certificate enrollment protocol (SCEP) server lets an operator easily manage thousands of individual X.509 security certificates. The Security Incident Event Manager and Syslog server provide an historical record of data transactions and security events while overall performance is ensured by the RADview management and domain orchestration system.

RAD’s secure IIOT backhaul solution provides the cost-effective, highly secure connectivity that is needed to realize the promise of Smart Grid, Smart City, Smart Transportation, or IIOT – whichever term we are using today.