Newsflash! A Reasonably Balanced Article on Grid Security

First of all, kudos to Discovery News writer Eric Niller for penning a relatively fair and balanced piece this week on Smart Grid Security, with a decent, non-alarmist headline to boot. He quotes me a fair amount, but enough about me, it's two of the other quotes I'd like to address.

First, here's one I don't like, attributed to a large and otherwise highly reputable security firm:

One of the more startling results of our research is the discovery of the constant probing and assault faced by these crucial utility networks. Some electric companies report thousands of probes every month ..."

As you know I'm not a big fan of using words like startling in this context, especially in describing phenomena that are not at all surprising, let along startling. Of course utilities' networks are being probed. And it's a good sign they've got the systems and processes in place to be aware of it. 

Go ahead and plug a new PC in and turn on its wifi radio. Within minutes, if not seconds, even with good security controls enabled, that machine is going to come under some serious scrutiny. It's a fact of life these days. Bothersome? Yes. Annoying? Definitely. Startling? Not in the least. Get real, above-mentioned report writer for large and otherwise highly reputable security firm.

This one I like better. It's a straightforward statement from a straightforward person:

What we are doing is laying a new digital infrastructure over the very reliable and sturdy bulk power system. This digital infrastructure provides a lot of new attack vectors into the electrical system that didn't previously exist.

That's NERC CSO Mark Weatherford speaking, and as you can see, he balances the comment about new attack vectors by reminding the journalist (and thereby, the readers of this piece), that underpinning all the new Smart Grid stuff  is a very robust legacy system. A system that's delivered increasing volumes of reliable power to hundreds of millions of customers for a long, long time.

Overall, pretty good work, especially when so much of the popular press delivers, on a daily basis, heaping helpings of unmitigated FUD. You can read the whole piece HERE.

Why I am no Fan of SciAm's recent "Hacking the Lights Out"

For three reasons, primarily:

1. Misuse of the term "Hacking." The man on the street may have trouble using words correctly from time to time, but Scientific American is supposed to know better. Especially with terms, like hacker, that are clearly loaded. Hacking, by the way, used the proper way, doesn't constitute a bad thing. To the hacking and security conscious community, it's more like a creative (and often good) thing. This headline is not helping.

2. Can't read whole article and it costs $7.95 to buy the whole issue. And I don't see an option to buy just the article for less. IMHO that's way too much mula for one article by today's standards.

3. OK, the first two are really small potatoes compared to this one. How many times do I/we have to say it? Enough with the FUD mongering. Tabloids and other lower forms of journalistic life: from them I expect anything. But SCIAM, for me, anyway, is something greater ... better. Or at least I thought it was.

The "In Brief" section on page 1 lets me know up front they're going to discuss problems and threats, but it also says it's going to end with how security is being "ramped up". Fair enough.  I definitely want to hear about what the good guys are doing so our lights don't get "hacked out". But if you get a chance to read the whole article, you'll be surprised by how little time it spends on proactive, defensive measures being taken. My non-scientific estimate of FUD-to-what we're doing is about 9 to 1.

I want more balance. I want less alarmism. That's all I want. You can read the first page HERE.