1

SmartGrid Implications of Cloud Computing

New Technology in the Utility Environment

2

PG&E

• 70,000 square miles of diverse topography

• Approximately 20,000 employees

• Energy Services to approximately 15 million

people

• Over 9 million SmartMeters (Electric & Gas)

• 1,008,186 Transformers

• 6,833 MW of Generation

• 18,616 miles of electric transmission circuits

• 120,000 miles of electric distribution circuits

• Regulated by the California Public Utilities

Commission (CPUC)

Territory Characteristics

3

Vendor

Hosted

Electric Head

End System

Utility Application Landscape

Hosted off site today

• SmartMeter Systems

• Demand Response

CAISO

Hosted

PG&E Data Center

Gas Head End

Meter Data

Management

Customer

The Cloud – Data at Rest

4

Security – Risk Management

PG&E utilizes the following five information classifications:

• PG&E Public

Anything produced for public review and available to anyone inside or outside the

company. This includes materials such as press releases, advertisements, or bill inserts.

• PG&E Internal

Information intended primarily for use within PG&E, such as organization charts,

personnel numbers, and company email messages. Distribution should be limited based

on business need to know, and access controls are required.

• PG&E Confidential

Information such as trade secrets, customer or employee information, and passwords

that should be shared solely on a business need to know basis. PG&E Confidential data

must be encrypted for storage and transmission if electronic and, if printed, protected

through controlled physical access, such as a locked filing cabinet.

• PG&E Restricted or PG&E Privileged (Law only)

Information such as Social Security Numbers, undisclosed financial information, and

protected health information should be shared solely on a business need to know basis.

Data must be for storage and transmission encrypted if electronic and, if printed,

protected through controlled physical access.

Note that PG&E Privileged is only used by Law.

5

Networks - Critical Infrastructure ODN (air-gapped secure network) - SCADA

UDN – Traditional IT

MPLS – Physical Isolation and Connectivity

Operational Data

Network Utility Data Network

Multiprotocol Label Switching – Packet Level Network Path

6

Volt / VAR on the test network Test Network

UDN ODN

UPS #1

Set Voltage 2

Set Voltage 3

Set Voltage 1

LabView Interface

LabView Driver

Access PointUIQ System

CVR Software Load Tap Changer

Line Regulator

Line Capacitor

Read Voltage

Adjust Voltage

Node Simulator

4.1

LabView Driver

TCP/IP

Meter Farm

Remote Access Firewall

Negotiating Network

Access in the test

environment is

not trivial

7

Security is Physical

Control of assets is critical to our business:

• San Jose Mercury News June 4th, 2013

In the early-morning hours of April 16, someone opened fire at

the utility's substation on Metcalf Road near Highway 101. The

gunshots damaged five transformers and caused cooling oil to

leak from a transformer bank, and the damage prompted state

regulators to urge electricity conservation in the ensuing days.

AT&T phone service in the area was also affected.

8

The Cloud SmartMeter™

Performance Statistics

Interval data supplied from SmartMeter™ systems for

billing within 48 hours of expected delivery as a percentage

of expected interval data.

Safety and Reliability

9

Thank you Art Anderson

arthur.anderson@pge.com

10

North American Electric Reliability Corporation

Critical Infrastructure Protection (CIP) standards

Version 5 now requires the following:

• Encryption

• Role-based instead of risk-based classifications

• Multiple levels of compliance – Low, Medium and High Impact (in theory, a company could

have 10 facilities of which six are low impact facilities, three are medium impact facilities, and

one is a high impact facility)

• New terminology (such as BES Cyber Asset)

• All serial connections are to be considered

• Multi-factor authentication requirements

• Triggers are required to be defined for recovery plans

• All software (COTS and custom) must be known

• All security patches from the beginning of time on each device must be known