Friday, June 10, 2011

Looking Professorial while Sounding Pedestrian on Smart Grid Security

At least that's how I come across to myself in this recent Q&A with EnerNOC.

Here's a snippet from the brief Q&A:
Q: How do you define “security” for the smart grid?
A: (Excerpted) For many years, grid elements used to be largely disconnected, and isolation was one of the main security strategies. Now, by introducing standards-based protocols like IP (internet protocol) to the grid, we’re making these systems more modern, but also more accessible to would-be cyber attackers. So, for every smart grid benefit we get, there’s a corresponding risk. Smart grid security is about fully acknowledging and understanding those risks.
I would hasten to add that the introduction of Internet Protocol (IP) in itself doesn't make it easier for attackers to reach isolated networks and systems. Should say that if and when IP networks are accessed, they are more understandable to attackers versus the dozens of archaic comm and network protocols which have often proven unintelligible to modern cyber attackers. And speaking of "understanding", the last line should end with taking action once risks are acknowledged and understood. Otherwise, it's just an academic exercise, and utility executives don't invest (and rate cases can't support) academics.

That said, the EnergySMART conference, coming up in September promises to be a good one. I'll be treading in the domain of DOD Energy Blog-ger Dan Nolan, describing what's motivating the Defense Department to become much more proactive in its energy strategy, what it's been doing to move the ball forward in energy management/efficiency/renewables, and the related cyber and energy security aspects of all that.

Click HERE for more info on the conference.

No comments: