For most CIOs, “uptime” is all about whether servers or other IT infrastructure is running properly, but Doug Thomas is one of the few who is literally focused on keeping the lights on.
Thomas is the vice-president of Information and Technology Services at Ontario’s Independent Electricity System Operator (IESO), an organization that works between power generators, retailers, distributors and other entities that supply customers across the province. The IESO was born of the de-merger of Ontario Hydro in 1999, along with Hydro One and the Electrical Safety Authority.
As Thomas explained during a panel discussion of CIOs at the recent OCE Discovery conference in Toronto, the IESO acts sort of like an air traffic controller for electricity systems, which would know at all times what planes are in the sky, what type they are, where they are going, where they came from and what landing space is available.
“That’s what we do,” he said, providing a similar facilitation service among 500KV, and 100KV power lines, for example. “On a second-by-second basis, we manage the flow of electricity across the province, and make sure there’s enough generation to meet demand at the right spot.”
What the IESO is dealing with represents “big data” in its truest form, at least from a volume perspective. Thomas said energy prices are reset as often as every five minutes, while the organization collects more than 20,000 data points every three second and provides 75,000 reports every day. “For the grid and the market, there really is a tremendous amount of activity on an ongoing basis,” he said.
That means, of course, that there is plenty of room for failure and potential threats from an IT security perspective. Thomas suggested the situation could become even worse in part due to advances in technology that will allow consumers to make more choices about energy consumption. This includes time of use meters in homes, embedded generation on rooftoops, and appliances that can be set to run at particular times of day. Whether it’s machine-to-machine (M2M) communication or sensor-driven “Internet of Things” scenarios where people are controlling energy use through smartphones and tablets, the margin for error only increases.
“(Those things) are great in terms of empowerment, but it expands the complexity and the risk to our organization that we need to manage,” Thomas said. “The number of people and the way they interact with systems is much more pervasive. That distribution will impact our system.”
The IESO is combating that challenge not just with technology but collaboration. An industry collective called the North East Power Coordination Council, for instance, has been working on standards outlining steps that organizations would need to take to ensure the reliability of the grid. In 2006, the industry began adding standards specific to cyber-security, he added, including 45 requirements that the IESO and similar agencies now meet. “We really are a much more interconnected group of people than we were a few years ago,” he said.
Thomas suggested that more CIOs need to focus on outreach and sharing information with their sector peers if they want to ensure the biggest threats don’t become a reality.
“There is a real challenge is the speed with which cyber-security moves and the ability of an organization to adapt its system to those vulnerabilities, he said. “It is as important to understand what is coming as it is to react to when it actually arrives.”
The full panel at OCE Discovery, recorded and available below, is well worth watching for comments from IT leaders at Canadian Tire, TD Bank and others. Share your thoughts on how CIOs could work better together on preventing security threats in the comments.