Sunday, May 31, 2009
Friday, May 29, 2009
Thursday, May 28, 2009
Enhanced security is another benefit. By implementing a grid that can sense what is happening within it, system operators will know when someone is trying to tamper with it. The electrical grid is a critical infrastructure, and an attack on it could be devastating. Recent reports state that spies have been mapping the U.S. utility infrastructure and hacking into its computers, planting software that could be used to disrupt it.
Another recent incident that points to the vulnerability of critical infrastructures is the cutting of lines in California that disabled phones and the Internet. It is impossible to police millions of miles of electrical cables, so intelligent systems will be vital in monitoring and securing this critical infrastructure.Full article here.
Tuesday, May 26, 2009
Coverage is indeed one of the challenges as some utilities have up to 50% of their service area not covered by their existing networks. Utilities often operate in a mix of dense urban to extreme rural areas and need to flexibility of operating in both.2-way comms and robust security will likely require far more bandwidth than this offering can provide, but it's a start towards a solution we didn't even know we needed a few years ago. See more: here.
Friday, May 22, 2009
Tuesday, May 19, 2009
- Covered the CNA "Powering America's Defense: Energy and the Risks to National Security " report release event at the Newseum Monday morning - it was great and the "smart grid as energy security" theme was prominent
- Attended the FERC/NIST/EPRI interim standards development workshop in National Harbor, MD today. Extremely well organized by EPRI's Erfan Ibrahim - it could have been herding cats, but instead it was a case study in how to get the most value out of 600 or so diverse but very talented participants
- Tomorrow my colleague Jack and I are off to brief Senate staffers on the current state of smart grid security, as well as hear them out on what they need next
Photo: Wikimedia Commons
Hat tip to Annabelle Lee of NIST, who mailed this to the smart grid cyber security working group. Read all about it here .
Sunday, May 17, 2009
Friday, May 15, 2009
Thursday, May 14, 2009
Wait for the activity at the state and federal levels to settle down. Wait for the dust to settle. Wait and see what vendor products still are around before you start making any decisions too quickly.Does this sound crazy? I don't think so. Palo Alto is following Von Dollen's advise. Here's the full story.
Wednesday, May 13, 2009
The critical electric infrastructure of the United States and Canada has more than $1,000,000,000,000 in asset value, more than 200,000 miles of transmission lines, and more than 800,000 megawatts of generating capability, serving over 300,000,000 people;There sure are a lot of decimal places to keep track of in all of this. Maybe computers will help with that. Big question is: do you want the smart grid to be more like a Mac, or more like a PC?
Tuesday, May 12, 2009
If demand on today's electrical grid looks like a rough landscape of high peaks and low valleys, demand on tomorrow's "smart grid" will look more like a series of rolling hills.Check 'em out.
Monday, May 11, 2009
Up until about a decade ago, things were a lot simpler. The industrial control systems that manage the generation and flow of power were pretty much protected from intrusion by their closed-loop architecture. These control systems existed and operated in isolation from everything else. But increasingly, these systems have been linked to countless corporate networks for everything from real-time monitoring of electricity generation and transmission to remote meter reading and automated grid operations.Then along comes the Internet and Web front ends slapped on legacy apps, and all the riff raff come pouring in. Sounds to me like the analogy - while imperfect - mainly fits. Security expert Sami Saydjari sums it up nicely:
the rush to improve convenience and efficiency by tying together administrative systems and billing systems over the Internet has created gateways to the power grid control systems.For more, see the full article in ComputerWorld.
Sunday, May 10, 2009
Robin Chase considers the future of electricity, the future of cars and the internet three terms in a single equation, even if most of us don’t yet realize they’re on the same chalkboard. Solve the equation correctly, she says, and we create a greener future where innovation thrives. Get it wrong, and our grandchildren will curse our names.and also this:
Chase talks about how cars fit into the equation. She sees automobiles as just another network device, one that, like the smart grid, should be open and net-based. “Cars are network nodes,” she says. “They have GPS and Bluetooth and toll-both transponders, and we’re all on our cell phones and lots of cars have OnStar support services.” That’s five networks.Hold on to your hats. A new rolling mash-up (hopefully not smash-up) is forming.
Saturday, May 9, 2009
Comment 2: Docket No. PL09-4-000, Page 11, Subsection 14
In the section described as “Cybersecurity and Reliability”, the reference is made back to the EISA and FPA standards, both of which focus attention on disruption as a defining feature of a cybersecurity incident. From the FPA Section 215:The term `cybersecurity incident' means a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system.We know from commercial experience and from recent disclosures regarding incursions into the existing Grid that cybersecurity incidents are often not immediately disruptive. Data theft can provide deep intelligence into Grid logistics and operation, and passive malicious code is frequently left behind for use later as either a hidden inroad or a data egress mechanism. The proposal should be more specific in its own language, and should characterize any unauthorized access to, or modification of, a critical system as a “cybersecurity incident”. Failed attempts in this regard should also be identified, as they can often provide a predictive pattern of behavior in the even of a future incursion. Power disruption may well be the ultimate goal of some of these attacks, but the less obvious damage caused by information leakage and system compromise lay the groundwork for either a more damaging, or more widespread, event in the future.
Thursday, May 7, 2009
JD: For those of you who are security devotees and are looking for a new place to offer some value, and for those of you who are dedicated to the Smart Grid and are worried about security, I'd like to draw your attention to the draft Federal Energy Regulatory Commission's (FERC) Smart Grid Policy Paper issued in March, and closing on comments this coming Monday, May 11th. Admittedly it might be a bit close to the wire for those of you looking to add your own views to the process, but as this is really only a draft, I figured that both communities would do well to be aware of what is coming in this potential policy so that you will be better prepared to think and act on it.Click through for the full article: Foreseeing Federal Policy for Smart Grid Security
Tuesday, May 5, 2009
The combination of Industrial Defender's industrial control and SCADA expertise, coupled with the AMI cyber security assessment capabilities of the InGuardians team, is a key building block of the Smart Grid initiative and will ultimately provide industry leadership and expertise toward its protection.
Monday, May 4, 2009
Smart grid systems are currently riddled with security holes, but that hasn't stopped utilities from rapidly rolling out smart meters.You think there's any research to back up this assertion? Or is it likely true cause that's the way we always build: capability first, security last ... if at all.
Friday, May 1, 2009
Smart grid security needs to be thoroughly investigated to enable a multi-tiered security model for the grid. Once this is done, startups should be encouraged to build innovative tools that adhere to these standards. It’s important to note that the smart grid’s cyber-security layer may need to be more regulated (by federal policies) than the Internet’s has been, given the potential direct impact on national security systems.