Wednesday, January 18, 2012

GoodSpeed to the Rescue for Pernicious Smart Grid Hardware/Firmware Security Problems

Very much in the spirit of an SGSB post that's turned out to be pretty popular: The Value of Black Hat to Smart Grid Security, free spirited hacker genius Travis Goodspeed is starting something that might raise a few vendors' hackles. But actually, because it may incite some anxiety, it may also get some results.

In Travis' own words, here's the raison d'etre of his new iniative, called "Smart Grid Skunkworks":  
Recent vulnerabilities found in smart meters and HAN devices have shown a number of weaknesses in the engineering practices used to build these devices and their constituent components. A vulnerability in a chip or library is fixed slowly, and it is a very rare event that the meter and thermostat vendors affected by the vulnerability are notified by their suppliers. Because of this, vulnerabilities are spreading downward through the supply chain, and the engineers of smart grid devices are left uninformed.
There are technology and business issues at work here. And more than a little corporate psychology too. 

Left alone, this seemingly intractable set of esoteric problems would likely never be solved. But that's what got Travis charged up, it seems, so much so that he dreamed up this movement and ended his call to action with:
I invite you to join me in preventing smart grid vulnerabilities before they are created.
I've given you the bookends, but you should definitely read the whole piece yourself, HERE. And then if you've got the technical chops to help, and you won't get yourself in too much hot water, this might be just the thing for you.

Photo credit: Travis Goodspeed on