Thursday, July 30, 2009

Baby Smart Grid Versus "Grown Up" Hackers

When the Internet was born, hackers were in their infancy, and the two grew up together. On the eve of the Smart Grid's arrival, the bad guys have gone from boys to men.

According to Wired Magazine, these aren't your father's hackers.  Now it's a full blown career: today's hackers perfect their craft and do their work to earn their daily bread. And when they focus like this, with ridiculously robust monetary and technical resources at their disposal, they get better and better at breaking through even the most well implemented defenses.

To wit::
Particularly disturbing to security experts is the speed with which the bad guys are jumping on newly disclosed vulnerabilities. "Even one year ago, a lot of these web exploit toolkits were using vulnerabilities that had been discovered one or two years prior," says Holly Stewart, Threat Response Manager at IBM's X-Force. "They were really, really old.... That has really changed, especially this year. We're seeing more and more current exploits go into these toolkits. And we're seeing exploits come out that are even just a couple days after the vulnerability announcement."
Consider this as utilities and other orgs prepare to play in the Smart Grid world, basically moving from near-zero to 1,000 MPH in cyber security intensity. One thing's for sure: it's going to be quite a ride.
Posted by at 8:29 PM
Labels: ,

No (Smart Grid) Security, No Peanut

Earth2Tech touches on Smart Grid security again, this time on DOE using what should prove to be an effective lever:
As Patricia Hoffman, the acting assistant secretary for the Department of Energy’s Office of Electricity Delivery and Energy Reliability said in a testimonial last week, the DOE may refuse to hand out smart grid stimulus funds to an otherwise promising project if that applicant can’t prove that the project has addressed cyber security concerns. Well, we should hope so — if we learned anything from the buildout of the Internet it’s that networks that have sophisticated connections will have increasingly sophisticated hackers.
But is DOE expert on cyber and other security issues? How will it know which projects to green light and which ones to deny? These questions are on the author's mind as she concludes:
We just hope the DOE is able to accurately assess the projects when it comes to security.
Same here. But since Smart Grid security standards are still being hashed out by NIST and others, it's hard to imagine what DOE will use as a baseline re: security goodness.
Posted by at 6:35 AM
Labels: ,

Sunday, July 26, 2009

More on "Hacking the Smart Grid" and Customer Data

This from a recent Policy Management piece in SC Magazine:
[I]n their rush to squeeze efficiencies from power, water and gas grids, utilities, energy regulators, governments and technology providers forgot the consumer. To benefit from the confluence of technological advances in smart meters that are operated remotely, internet communications and smart appliances that will digitise our grids, we must first lay secure foundations for privacy of customer activity and security of the networks from attack.
I like this. You build a business right when you think about the needs of the customer first. A great deal of current Smart Grid propaganda is about the needs of everyone but its ultimate end-users.

Here's the rest.
Posted by at 8:10 AM
Labels: , ,

Friday, July 17, 2009

Rocky Mountain High


I'm going off the grid to recharge the batts for a week next week, so the Smart Grid Security Blog won't have any new posts till late July. In the meantime, if you like power or pasta, eggplant or energy, don't forget the 2009 GovEnergy Conference coming up in Providence, RI, 9-12 August. (Previous post on this conference explains the Italian food fixation.)

In case you're curious, the Aspen Ranger Station guide to where I'll be hiking is here.

Photo: Julie Penner
Posted by at 2:31 PM
Labels:

Thursday, July 16, 2009

Danahy's Smart Grid Security Wake-up Call

The Discovery Channel's Tech site is featuring an article by Jack that includes this alarm:
Now is the time to ensure that the smart grid is secure. Billions of dollars are being set aside to build out the infrastructure and security should be a primary component. Just imagine an Internet without passwords, virus scanners, firewalls, encryption or antispyware. That's the kind of national power system we face if we don't starting thinking about to how protect the new grid against attack. Security must become as central to the goals of the smart grid as cost-savings, energy independence and environmental protection.
That's what we call the grid, albeit on more isolated nets ... and largely what's being deployed today in pilots across the country while early standards are being hammered out.

Danahy calls for three things fast: 1) Defining mandates, 2) Creating pre-purchase standards, and 3) Robust management resilient enough to deal with successful breaches.

Read the whole thing here.
Posted by at 7:07 AM
Labels:

Wednesday, July 15, 2009

Martin LaMonica Asks a Very Good Smart Grid Question

Boston-based CNET energy writer LaMonica asks "Are Consumers Ready for the Smart Grid?" ... and by asking, largely answers.
Posted by at 5:55 PM
Labels: ,

Tuesday, July 14, 2009

Smart Grid Security on Marketplace

Breathless enthusiasm for the Smart Grid build-out meets the voice of reason, coming in this instance from CSIS's James Lewis:
We want to build a secure smart grid but we also want to build it in a hurry and you can't have both.
From a recent public radio interview here.
Posted by at 10:39 PM
Labels: ,
Subscribe to: Posts (Atom)