When it comes to spotting flies in the energy sector security ointment, perhaps regulators are too polite to utilities, and utilities too polite to their suppliers. No such problem with the security hackers who jump up on Black Hat's global soap box every year and show the world what they've found.
The conference wrapped up last week, and I've got two completely different types of finding for you. One has to do with huge vulnerabilities in the systems related to home networks at the edge of the Smart Grid. The other is targeted at the heart of the legacy grid itself: SCADA systems and the programmable logic controllers (PLCs) that run important transmission and distribution equipment.
Two years ago it was Smart Meter vendors who found themselves embarrassed, in the cross hairs of security pro's, who showed how easy it was to exploit weaknesses in their products. Now attention has shifted to other grid elements. And the beatings continue!
Suppliers thinking they'll save money by moving slowing on improving the security characteristics of their products are playing with fire. The lesson of Black Hat is that they'll be found out. It may not be by NERC. And their utility customers may be focusing on other pressing challenges. But man, sooner or later, the Black Hat crew will be on your case and when they do it'll take more than tons of money to get your troubles behind you.
For this, we should be grateful. Keep it up guys!
No comments:
Post a Comment